By registering with us, you'll be able to discuss, share and private message with other members of our community.
SignUp Now!OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_CREATE_THREAD |
PROCESS_VM_OPERATION | PROCESS_VM_WRITE | PROCESS_VM_READ, FALSE, dwPid);
That's serious access. there's no doubt that it will fail if the target process is at a higher integrity level.Code:OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_CREATE_THREAD | PROCESS_VM_OPERATION | PROCESS_VM_WRITE | PROCESS_VM_READ, FALSE, dwPid);
Not even between two ordinary processes (like a tabbed TCC and its parent TCMD)? What's prohibited?That will not work on Windows 10 unless you're running elevated (and possibly not even then unless the other process is a child of yours).
Not even between two ordinary processes (like a tabbed TCC and its parent TCMD)? What's prohibited?
Dave noted that PSET64.EXE worked. It uses the same technique. It's not specifically meant to be used between parent and child, but between any two "peer" processes (same owner, same desktop, same integrity level, ...). I really doubt Windows would forbid that.Not unless you've started the child process with the necessary permissions (i.e., like you were debugging the child). Windows 10 doesn't like these flags unless you're elevated:
PROCESS_ALL_ACCESS
PROCESS_CREATE_PROCESS
PROCESS_CREATE_THREAD
PROCESS_SET_INFORMATION
PROCESS_SET_QUOTA
PROCESS_VM_OPERATION
PROCESS_VM_WRITE
And remember, in Windows 10 you (1) can't completely disable UAC, and (2) administrators do not have all rights.
Dave noted that PSET64.EXE worked. It uses the same technique. It's not specifically meant to be used between parent and child, but between any two "peer" processes (same owner, same desktop, same integrity level, ...). I really doubt Windows would forbid that.
I'll still be surprised.Microsoft has a history of disappointing you.
If the default security didn't block that, it wouldn't be much use.
pset64 %@pid[explorer.exe] path
echo %@pset[%@pid[explorer.exe],path]
echo %@pset[%_ppid,x]
TCC: (Sys) Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
What did @PSET with no second argument do? Here, I just get an error.I did try. PSET64 seems to work between TCC, elevated or not, and any arbitrary 64-bit process (though I didn't check EVERY 64-bit process I have running).
@PSET causes _whatever_ 64-bit target process you name to crash. I started a TCC from explorer and did
and EXPLORER crashed.Code:echo %@pset[%_ppid,x]
The error message wasCode:TCC: (Sys) Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
@Pset[%_ppid] (no 2nd argument) worked, though.
v:\> echo %@pset[%@pid[explorer.exe]]
@PSET error: syntax: @PSET[pid,var[=[value]]]
p:\4sysutils\release> echo %@pset[2952,x]
Parameters:
PID: 2952
VarName: x
Equal sign:
Data:
got hKernel32
got address of SEV
got address of GEV
opened process
got target exebits
exebits OK
alloc'd code memory
copied code
alloc'd data memory
copied data
created thread
thread exit: 0
(SYSUTILS) Not in remote environment: "x"
And remember, in Windows 10 you (1) can't completely disable UAC, ...
That info should be written in the child process, the process executing the ECHO %@PSET. The two processes should be running in different consoles.Vince, I replaced the .dll as you requested. When TCC starts up, it writes a whole bunch of stuff like you posted above, but the window disappears before I can copy it.
PSET %_PPID TZN
works. I know that variable is defined.
ECHO %@PSET[%_PPID,TZN] crashes the parent process.
~\Work> echo %@pset[9804,tzn]
Parameters:
PID: 9804
VarName: tzn
Equal sign:
Data:
got hKernel32
got address of SEV
gor address of GEV
opened process
got target exebits
exebits OK
alloc'd code memory
copied code
alloc'd data memory
copied data
created thread
TCC: (Sys) The wait operation timed out.
TCC has stopped working
A problem caused the program to stop working correctly....
And I appreciate your help.Yes, the error box was generated from the target process. After releasing the error box, that process terminated.
Take as long as you need. I appreciate the fact that you're providing support (and for the fact that you supplied the programs to begin with).
I can use PSET64 and PSET32 for now.