Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


DuplicateHandle returns ERROR_ACCESS_DENIED in VEHDebugger.p

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine
View previous topic :: View next topic  
Author Message
astralmaster
How do I cheat?
Reputation: 0

Joined: 10 Oct 2014
Posts: 2
PostPosted: Fri Mar 31, 2017 3:41 pm    Post subject: DuplicateHandle returns ERROR_ACCESS_DENIED in VEHDebugger.p Reply with quote
When trying to attach to a particular process using VEHDebugger the

Code:
if not DuplicateHandle(GetCurrentProcess, HasDebugEvent, processhandle, @VEHDebugView^.HasDebugEvent, 0, false, DUPLICATE_SAME_ACCESS   ) then


line in VEHDebugger.pas returns False with ERROR_ACCESS_DENIED set in getlasterror. Now I am fairly certain I have the required privilege for DUPLICATE_SAME_ACCESS to work; could it be that the target process somehow prevents me from getting the handle?

Edit: the target process is protected by xigncode3.
Back to top
View user's profile Send private message
Dark Byte
Site Admin
Reputation: 470

Joined: 09 May 2003
Posts: 25788
Location: The netherlands
PostPosted: Fri Mar 31, 2017 3:53 pm    Post subject: Reply with quote
find out what api's DuplicateHandle uses and write stubs for that that use the kernelmode memory access or related instead

alternatively, change the code to use named events, and then open them in the DLL part of vehdebug

of course, there's still the issue that DLL injection will probably fail as well
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
astralmaster
How do I cheat?
Reputation: 0

Joined: 10 Oct 2014
Posts: 2
PostPosted: Fri Mar 31, 2017 4:18 pm    Post subject: Reply with quote
The built-in injection routine in CEFuncProc.pas is indeed failing but I succeeded using NtCreateThreadEx that I plan to port to this unit as an alternative to InjectDll method. I just didn't really know where to start with HasDebugEvent and other events needed for VEHDebug. Depending on complexity I might have luck in replicating DuplicateHandle API as suggested.



Edit:

If anybody stumbles upon the same problem, you can use NtDuplicateObject to get a duplicate handle.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites