You have to open process with SE_PRIVILEGE_ENABLED. My way:
Code:
DWORD ProcessID;
HANDLE ProcessHandle;
DWORD ModuleBaseAddress;
void enableDebugPrivileges() {
HANDLE hToken;
LUID SeDebugNameValue;
TOKEN_PRIVILEGES TokenPriv;
TOKEN_PRIVILEGES PrevTokenPriv;
DWORD ReturnLength;
if (OpenProcessToken(GetCurrentProcess(), TOKEN_ALL_ACCESS, &hToken)) {
if (LookupPrivilegeValue(NULL, SE_DEBUG_NAME,&SeDebugNameValue)) {
TokenPriv.PrivilegeCount = 1;
TokenPriv.Privileges[0].Luid = SeDebugNameValue;
TokenPriv.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
PrevTokenPriv = TokenPriv;
AdjustTokenPrivileges(hToken, FALSE, &TokenPriv, sizeof(TokenPriv), &PrevTokenPriv, &ReturnLength);
}
}
}
DWORD GetProcId(char* ProcName)
{
PROCESSENTRY32 pe32;
HANDLE hSnapshot = NULL;
pe32.dwSize = sizeof( PROCESSENTRY32 );
hSnapshot = CreateToolhelp32Snapshot( TH32CS_SNAPPROCESS, 0 );
if( Process32First( hSnapshot, &pe32 ) )
{
do{
if( strcmp(pe32.szExeFile, ProcName ) == 0 )
break;
}while( Process32Next( hSnapshot, &pe32 ) );
}
if( hSnapshot != INVALID_HANDLE_VALUE )
CloseHandle( hSnapshot );
return pe32.th32ProcessID;
}
DWORD GetModuleBaseAddress(char* ModuleName, DWORD ProcessID) {
MODULEENTRY32 me32;
HANDLE hSnapshot = NULL;
hSnapshot = CreateToolhelp32Snapshot( TH32CS_SNAPMODULE, ProcessID );
me32.dwSize = sizeof(MODULEENTRY32);
if ( Module32First( hSnapshot, &me32 )) {
do{
if( strcmp(me32.szModule, ModuleName ) == 0 )
return (DWORD)(me32.modBaseAddr);
break;
}while( Module32Next( hSnapshot, &me32 ) );
}
}
int Attach(void) {
enableDebugPrivileges();
ProcessID = GetProcId("Diablo III.exe");
if(GetLastError())
{
return -1;
}
ProcessHandle = OpenProcess(PROCESS_ALL_ACCESS,0,ProcessID);
if(GetLastError())
{
return -1;
}
char buffer[4096];
char filename[4096];
GetModuleFileNameEx(ProcessHandle, NULL, (char *)(buffer), 4096);
if(GetLastError())
{
return -1;
}
char *fname;
fname = buffer;
fname = strrchr(buffer,'\\') + 1;
ModuleBaseAddress = GetModuleBaseAddress(fname, ProcessID);
// Debug info, if they are 0, something is wrong
printf("PID: 0x%X\n", ProcessID);
printf("HANDLE: 0x%X\n", ProcessHandle);
printf("BASE: 0x%X\n", ModuleBaseAddress);
return 1;
}