Win32 Exception: Access is denied while attempting to use OpenProcess

Question

this error is appearing while I am attempting to do two things.

while attempting this (Code block 1):

_class = new Proc(Process.GetProcessesByName("procname")[0]);

then in the class Proc whats happening is

public Proc(Process _SelectedProcess)
{
    Process = _SelectedProcess;
}
public Process Process
{
    get
    {
        return SelectedProcess;
    }
    set
    {
        SelectedProcess = value;
        if (SelectedProcess != null)
        {
            Process.EnterDebugMode();
            _Reader = new Win32_Memory(value.Handle, value.MainModule.BaseAddress.ToInt32(), value.Id);
         }
    }
}

That's some of the ways I get the exception, sometimes this passes without any exception for no apparent reason as far as I see.

Note: it never passes in windows 7, I'm using windows 10 and sometimes it happens that the function works

but if it does pass, the next time I need to use OpenProcess() outside of the Process class, I almost always get the exception, and if i do, then afterwards it fails executing code block 1 if I try to do so again.

this (code block 2) also gets the same access denied error, and sometimes doesnt...

if (_Reader.ReadInt(_addr) == 1) _Reader.Write(_addr, 0);
public bool Write(int address, long value)
{
    hProc = OpenProcess(ProcessAccessFlags.VMWrite, false, ID);
    byte[] val = BitConverter.GetBytes(value);
    bool worked = WriteProcessMemory(hProc, new IntPtr(address), val, (uint)val.LongLength, 0);
    CloseHandle(hProc);
    return worked;
}

the access flags:

[Flags]
public enum ProcessAccessFlags : uint
{
    All = 0x001F0FFF,
    Terminate = 0x00000001,
    CreateThread = 0x00000002,
    VMOperation = 0x00000008,
    VMRead = 0x00000010,
    VMWrite = 0x00000020,
    DupHandle = 0x00000040,
    SetInformation = 0x00000200,
    QueryInformation = 0x00000400,
    Synchronize = 0x00100000
}

the imports:

[DllImport("kernel32.dll")]
private static extern IntPtr OpenProcess(ProcessAccessFlags dwDesiredAccess, [MarshalAs(UnmanagedType.Bool)] bool bInheritHandle, int dwProcessId);
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool WriteProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, byte[] lpBuffer, uint nSize, int unused);

also worth noting that sometimes all of this code gets executed without ANY error and will work for as long as I do not reopen this application or if i do not restart the targeted application.

please help me out on this one, if I wasn't clear on some things - this is my first question and I haven't really ever needed to ask one before this one... so I will explain anything necessary afterwards

Perhaps some context would help? What is the *high-level* task you are trying to accomplish here. On the face of it, the stuff above looks overly complicated. It isn't usually necessary to import kernal and work with memory directly just to manipulate a child process. The whole point of a safe language like C# is to avoid that. — modal_dialog, Nov 07 '15 at 22:08
@modal_dialog I am trying to change some memory belonging to another process that has nothing to do with my process. This is the only way to do so as far as I know. — Srdjan N., Nov 07 '15 at 22:18

score 0 · Answer 1 · edited May 23 '17 at 12:23

0

If, as your last comment indicates, the processes truly have nothing to do with each other, then that exactly explains the AccessDeniedException. You aren't allowed to just modify memory of any random process. That would be a security hole.

Both processes have to be setup and agree to share memory with each other. There are many ways to do inter-process communication between cooperating processes: here's a start: Shared memory between 2 processes (applications)

edited May 23 '17 at 12:23

Community

1
1

answered Nov 07 '15 at 22:25

modal_dialog

733
5
12

Ok that makes sense but it does not explain why it sometimes works, sometimes it doesn't? Also, before a recent patch that was made to the application, it worked without any exception, ever. – Srdjan N. Nov 07 '15 at 22:29
Memory protection is something that has changed over the various versions of Windows as they tighten security. https://en.wikipedia.org/wiki/Memory_protection It can also depend on how the target process has been setup, so a patch could definitely affect it. In any case uncoordinated access shouldn't be used even if by some luck it works. – modal_dialog Nov 07 '15 at 22:32
Seems like Windows 10 has some security issues then. This does not happen on Windows 7 as far as I've tested. I'd still like to try and find a workaround for this, or recreate what happens when it works. – Srdjan N. Nov 07 '15 at 22:35
@Srdjan, I'd word it in reverse: *Windows 7* has some security issues that they plugged in Windows 10. If my SecuritySensitive.exe is running and knows nothing about YourCoolDownload.exe, why on Earth should it allow *your calling code* to decide if it can write to *my* memory. Note: there's likey a way to launch the target on Win10 that makes it run like Win7. MS is all about backward compatibility. But it's not advised. – modal_dialog Nov 07 '15 at 22:38
Well I'm not sure if you understood me but... On windows 10, it sometimes works, sometimes it does not. On windows 7, it never works now, before the patch, it did. Why would I run it as if it were ran from windows 7 if it would never work on windows 7? – Srdjan N. Nov 07 '15 at 22:50
Also...I can read memory from any other process such as: Google Chrome, Skype and other programs that I would expect to have similar protection, or am I wrong? – Srdjan N. Nov 07 '15 at 22:57
You're right that I misunderstood you. I assumed Win10 was where it never works and Win7 it always worked. But in any case you are in the realm of vodoo. My guess is that it is the *write* that is generating the ex which is why you can read a lot of other processes. Note: a smarter guy then me could explain how to setup the debugger on the target process to see how it sets up its memory access permissions. That would answer it pretty clearly. – modal_dialog Nov 07 '15 at 23:06
The exception is being generated from OpenProcess. Both from the ProcessManager.Process Class from the System.Diagonostics namespace and from my class which Is the class I import the OpenProcess function from kernel. – Srdjan N. Nov 07 '15 at 23:14

Win32 Exception: Access is denied while attempting to use OpenProcess

1 Answers1