VirtualQueryEx failing with access denied menu
Follow us:

Shout-Out

User Tag List

Results 1 to 6 of 6
  1. 09-19-2013 #1
    Savail's Avatar
    Savail
    Savail is offline
    Private
    Reputation
    1
    Join Date
    Sep 2013
    Posts
    4
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    VirtualQueryEx failing with access denied

    Hey all,
    I'm using Windows 8 64 bit. I know C++ and basics of assembly. My goal is to get dumped .exe of a game from its process's memory. So, I wrote a program which is able to successfuly read memory from most of processes using VirtualQueryEx. However, I've come across a process for which this function fails. It's not a system process, just a game process. Without Debug privileges I couldn't even open the process's handle(OpenProcess). With them I am able to get the process's handle but still get access denied for VirtualQueryEx.

    Why is that happening? Does anybody know what did they do to deny access to memory for other applications even with debug privileges set?

    Now, I've already done a lot of research and wonder which approach should I follow in order to reach my goal. Is that possible that I can read this process's memory only in kernel mode? It seems to be a lot of work and in kernel mode there is no functions such as VirtualQueryEx etc...
    I've read also that VirtualQueryEx might be hooked or sth? If that's the case what could I do to unhook this?
    Or maybe, simple DLL injection could work? Provided that DLL can be attached without access denied... Then inside my DLL I would be within Virtual address space for the game's process and getting it's binary shouldn't be a probem then. I haven't tried it yet though.

    I hope some professional could answer my questions and point me to the right direction! I would be really grateful for any help in this matter!
    Last edited by Savail; 09-19-2013 at 04:43 PM.
    Reply With Quote Reply With Quote
    VirtualQueryEx failing with access denied
  2. 09-19-2013 #2
    DarkLinux's Avatar
    DarkLinux
    DarkLinux is offline
    Former Staff
    CoreCoins Purchaser Authenticator enabled
    Reputation
    1627
    Join Date
    May 2010
    Posts
    1,846
    Thanks G/R
    193/539
    Trade Feedback
    16 (100%)
    Mentioned
    7 Post(s)
    Tagged
    0 Thread(s)
    Do you have privileges? Aka are you running it as Admin?
    Reply With Quote Reply With Quote
  3. 09-20-2013 #3
    Savail's Avatar
    Savail
    Savail is offline
    Private
    Reputation
    1
    Join Date
    Sep 2013
    Posts
    4
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    yeah, I'm running my program even with debug privileges enabled but it seems it's not enough for some processes. I now wonder what else could I do to get access to such hard accessible processes' memory
    Reply With Quote Reply With Quote
  4. 09-20-2013 #4
    Savail's Avatar
    Savail
    Savail is offline
    Private
    Reputation
    1
    Join Date
    Sep 2013
    Posts
    4
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    DLL Injection method also doesn't work. This time VirtualAllocEx function fails with access denied. (Error 5) T_T
    Reply With Quote Reply With Quote
  5. 09-20-2013 #5
    DarkLinux's Avatar
    DarkLinux
    DarkLinux is offline
    Former Staff
    CoreCoins Purchaser Authenticator enabled
    Reputation
    1627
    Join Date
    May 2010
    Posts
    1,846
    Thanks G/R
    193/539
    Trade Feedback
    16 (100%)
    Mentioned
    7 Post(s)
    Tagged
    0 Thread(s)
    Code:
    HANDLE WINAPI OpenProcess(
  _In_  DWORD dwDesiredAccess,
  _In_  BOOL bInheritHandle,
  _In_  DWORD dwProcessId
);
    What are you setting dwDesiredAccess as?

    http://msdn.microsoft.com/en-us/libr...(v=vs.85).aspx
    Reply With Quote Reply With Quote
  6. 09-21-2013 #6
    Savail's Avatar
    Savail
    Savail is offline
    Private
    Reputation
    1
    Join Date
    Sep 2013
    Posts
    4
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    PROCESS_ALL_ACCESS of course :P. The process I'm trying to access is very specific anyway so I'm not sure wether any Windows API can help me . I probably have to delve into kernel T_T
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Similar Threads

  1. Problem with ReadProcessMemory : access denied
    By Fayat in forum Programming
    Replies: 2
    Last Post: 10-22-2008, 06:29 PM
  2. Access denied for user root@localhost whaaat?
    By Nubbadon in forum World of Warcraft Emulator Servers
    Replies: 12
    Last Post: 07-14-2008, 08:18 AM
  3. Access Denied
    By tadpole in forum World of Warcraft Emulator Servers
    Replies: 1
    Last Post: 06-13-2008, 06:03 AM
  4. Access Denied
    By NonstopXtrmn8r in forum World of Warcraft Emulator Servers
    Replies: 8
    Last Post: 04-08-2008, 06:50 PM
All times are GMT -5. The time now is 09:23 AM. Powered by vBulletin® Version 4.2.3
Copyright © 2025 vBulletin Solutions, Inc. All rights reserved. User Alert System provided by Advanced User Tagging (Pro) - vBulletin Mods & Addons Copyright © 2025 DragonByte Technologies Ltd.
Google Authenticator verification provided by Two-Factor Authentication (Free) - vBulletin Mods & Addons Copyright © 2025 DragonByte Technologies Ltd.
Digital Point modules: Sphinx-based search