View previous topic :: View next topic |
Author |
Message |
astralmaster How do I cheat?
Reputation: 0
Joined: 10 Oct 2014 Posts: 2
|
Posted: Fri Mar 31, 2017 3:41 pm Post subject: DuplicateHandle returns ERROR_ACCESS_DENIED in VEHDebugger.p |
|
|
When trying to attach to a particular process using VEHDebugger the
Code: | if not DuplicateHandle(GetCurrentProcess, HasDebugEvent, processhandle, @VEHDebugView^.HasDebugEvent, 0, false, DUPLICATE_SAME_ACCESS ) then |
line in VEHDebugger.pas returns False with ERROR_ACCESS_DENIED set in getlasterror. Now I am fairly certain I have the required privilege for DUPLICATE_SAME_ACCESS to work; could it be that the target process somehow prevents me from getting the handle?
Edit: the target process is protected by xigncode3.
|
|
Back to top |
|
 |
Dark Byte Site Admin
Reputation: 470
Joined: 09 May 2003 Posts: 25788 Location: The netherlands
|
Posted: Fri Mar 31, 2017 3:53 pm Post subject: |
|
|
find out what api's DuplicateHandle uses and write stubs for that that use the kernelmode memory access or related instead
alternatively, change the code to use named events, and then open them in the DLL part of vehdebug
of course, there's still the issue that DLL injection will probably fail as well
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
 |
astralmaster How do I cheat?
Reputation: 0
Joined: 10 Oct 2014 Posts: 2
|
Posted: Fri Mar 31, 2017 4:18 pm Post subject: |
|
|
The built-in injection routine in CEFuncProc.pas is indeed failing but I succeeded using NtCreateThreadEx that I plan to port to this unit as an alternative to InjectDll method. I just didn't really know where to start with HasDebugEvent and other events needed for VEHDebug. Depending on complexity I might have luck in replicating DuplicateHandle API as suggested.
Edit:
If anybody stumbles upon the same problem, you can use NtDuplicateObject to get a duplicate handle.
|
|
Back to top |
|
 |
|