Sign in to follow this  
Idov

Opening a process in debug mode in C++

Recommended Posts

Hi!
I'm trying to open a process with my debugger (written in C++) using CreateProcess with the flags: DEBUG_PROCESS and DEBUG_ONLY_THIS_PROCESS.
The process is opened, but then when I try to call SymInitialize with the handle I receive, it fails. This is my code:

[code]


#include <windows.h>
#include <stdio.h>
#include <dbghelp.h>


#pragma (lib, "dbghelp.lib");

bool EnablePrivilege(LPCTSTR lpszPrivilegeName, BOOL bEnable)
{
HANDLE hToken;
TOKEN_PRIVILEGES tp;
LUID luid;
bool ret;

if (!OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY | TOKEN_READ, &hToken))
return FALSE;

if (!LookupPrivilegeValue(NULL, lpszPrivilegeName, &luid))
return FALSE;

tp.PrivilegeCount = 1;
tp.Privileges[0].Luid = luid;
tp.Privileges[0].Attributes = bEnable ? SE_PRIVILEGE_ENABLED : 0;

ret = AdjustTokenPrivileges(hToken, FALSE, &tp, sizeof(tp), NULL, NULL);
CloseHandle(hToken);

return ret;
}

void main()
{
EnablePrivilege(SE_DEBUG_NAME, TRUE);

STARTUPINFOA startInfo;
PROCESS_INFORMATION processInfo;
ZeroMemory( &startInfo, sizeof(startInfo) );
startInfo.cb = sizeof(startInfo);
ZeroMemory( &processInfo, sizeof(processInfo) );
DWORD creationFlags = DEBUG_PROCESS | DEBUG_ONLY_THIS_PROCESS | PROCESS_VM_READ | PROCESS_QUERY_INFORMATION;
const char* comLine = "Some process path and name";

// Start the child process.
if( CreateProcessA( NULL, // No module name (use command line)
(LPSTR)comLine, //argv[1], // Command line
NULL, // Process handle not inheritable
NULL, // Thread handle not inheritable
FALSE, // Set handle inheritance to FALSE
creationFlags, // No creation flags
NULL, // Use parent's environment block
NULL, // Use parent's starting directory
&startInfo, // Pointer to STARTUPINFO structure
&processInfo ) // Pointer to PROCESS_INFORMATION structure
== false )
{
printf("FAIL!");
return;
}

SetLastError(0);
bool ok = SymInitialize(processInfo.hProcess, NULL, true);
int err = GetLastError();

}
[/code]

When I Get the last error after "SymInitialIze", it's a garbage negative value...
If I call CreateProcess with no creation flags, symInitialize succeed.
What am I doing wrong?

thanks :)


Share this post


Link to post
Share on other sites
hmm...

If I pass to SymInitialize "false" to the fInvadeProcess parameter, it return ok (but the last error is [b]ERROR_ENVVAR_NOT_FOUND).[/b]
But I want it to load the modules automatically... why is it failing??? :(

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

Sign in to follow this