Jump to content
Sign in to follow this  
lsakizada

Getting error on running _WinAPI_GetProcessMemoryInfo

Recommended Posts

lsakizada

Hi,

Can someone please help me on this issue:

Using the example script for _WinAPI_GetProcessMemoryInfo:

#include <WinAPIProc.au3>
Local $Data = _WinAPI_GetProcessMemoryInfo(0)
ConsoleWrite('Number of page faults: ' & $Data[0] & @CRLF)

When I set the function with proces's pid that is not the pid of current user the script failed with message:

"C:UsersuserDesktop_WinAPI_GetProcessMemoryInfo.au3" (5) : ==> Subscript used on non-accessible variable.:

after some investigation, I found that this occurs if monitoring process that was launched with other user permission such as System.

e.g. 

Two processess:

process 'A' (PID=100) ran as user
 Process 'B' (PID=200) ran as System

CurrentUser = user
If calling to _WinAPI_GetProcessMemoryInfo(100) then its pass
If calling to _WinAPI_GetProcessMemoryInfo(200) then its failed

How do I overcome this issue?

EDIT: Adding environment info:

OS: win7 64 bit, UAC=off

Edited by lsakizada

Be Green Now or Never (BGNN)!

Share this post


Link to post
Share on other sites
FireFox

Hi,

As you pointed out, you need permissions to get those memory infos of processes created by other users even if you are admin.

For this you will need to adjust the privileges of your process in order to be granted for this request.

I just made an example for you :

#RequireAdmin

#include <ProcessConstants.au3>
#include <SecurityConstants.au3>
#include <Security.au3>
#include <WinAPI.au3>
#include <WinAPIProc.au3>
#include <Array.au3>

Example()

Func Example()
    ; Open the current process in ALL ACCESS mode, with no inheritance for child processes.
    Local $hProcess = _WinAPI_OpenProcess($PROCESS_ALL_ACCESS, False, @AutoItPID)
    ; If the function failed, return False.
    If $hProcess = 0 Then Return False

    ; Open the access token associated with the current process (an access token contains
    ; the security information for a logon session.
    ; What matter to us is the privileges contained by this token.
    Local $hToken = _Security__OpenProcessToken($hProcess, $TOKEN_ALL_ACCESS)
    ; If the function failed, return False.
    If $hToken = 0 Then Return False

    ; Close the current process handle.
    _WinAPI_CloseHandle($hProcess)

    ; Retrieves the LUID (locally unique identifier) which represents the SE_DEBUG privilege.
    Local $iLUID = _Security__LookupPrivilegeValue("", $SE_DEBUG_NAME)
    ; If the function failed, return False.
    If $iLUID = 0 Then Return False

    ; Create a struct containing the TOKEN_PRIVILEGES tag.
    Local $tTOKENPRIV = DllStructCreate($tagTOKEN_PRIVILEGES)

    ; Fill the struct with the right infos.
    DllStructSetData($tTOKENPRIV, "Count", 1)
    DllStructSetData($tTOKENPRIV, "LUID", $iLUID, 1)
    DllStructSetData($tTOKENPRIV, "Attributes", $SE_PRIVILEGE_ENABLED, 1)

    ; Now adjust the token privilege to enable the DEBUG privilege.
    Local $fAdjust = _Security__AdjustTokenPrivileges($hToken, False, DllStructGetPtr($tTOKENPRIV), DllStructGetSize($tTOKENPRIV))
    ; If the function failed, return False.
    If Not $fAdjust Then Return False

    ; Release the resources used by the structure.
    $tTOKENPRIV = 0

    ; Do whatever with privileges here.
    Local $aPmi = _WinAPI_GetProcessMemoryInfo(ProcessExists("winlogon.exe"))
    _ArrayDisplay($aPmi)

    ; Close the token handle.
    _WinAPI_CloseHandle($hToken)
EndFunc   ;==>Example

Br, FireFox.


 

OS : Win XP SP2 (32 bits) / Win 7 SP1 (64 bits) / Win 8 (64 bits) | Autoit version: latest stable / beta.
Hardware : Intel(R) Core(TM) i5-2400 CPU @ 3.10Ghz / 8 GiB RAM DDR3.

My UDFs : Skype UDF | TrayIconEx UDF | GUI Panel UDF | Excel XML UDF | Is_Pressed_UDF

My Projects : YouTube Multi-downloader | FTP Easy-UP | Lock'n | WinKill | AVICapture | Skype TM | Tap Maker | ShellNew | Scriptner | Const Replacer | FT_Pocket | Chrome theme maker

My Examples : Capture toolIP Camera | Crosshair | Draw Captured Region | Picture Screensaver | Jscreenfix | Drivetemp | Picture viewer

My Snippets : Basic TCP | Systray_GetIconIndex | Intercept End task | Winpcap various | Advanced HotKeySet | Transparent Edit control

 

Share this post


Link to post
Share on other sites
lsakizada

Hi  FireFox, Thank you very much.

I just see in other examples (_Security__DuplicateTokenEx and _Security__CreateProcessWithToken ) of the document how its done.

Have a good one!


Be Green Now or Never (BGNN)!

Share this post


Link to post
Share on other sites
lsakizada

FireFox

The example you posted still not working for me in my system. :(

Any suggestion?

 

What did you mean:

For this you will need to adjust the privileges of your process in order to be granted for this request

 

Edited by lsakizada

Be Green Now or Never (BGNN)!

Share this post


Link to post
Share on other sites
FireFox

Did you paste the #RequireAdmin ? It's needed for the code to work.

All I meant is that even the process is running under admin privileges, you have to add some privileges to its token for what you want to do.


 

OS : Win XP SP2 (32 bits) / Win 7 SP1 (64 bits) / Win 8 (64 bits) | Autoit version: latest stable / beta.
Hardware : Intel(R) Core(TM) i5-2400 CPU @ 3.10Ghz / 8 GiB RAM DDR3.

My UDFs : Skype UDF | TrayIconEx UDF | GUI Panel UDF | Excel XML UDF | Is_Pressed_UDF

My Projects : YouTube Multi-downloader | FTP Easy-UP | Lock'n | WinKill | AVICapture | Skype TM | Tap Maker | ShellNew | Scriptner | Const Replacer | FT_Pocket | Chrome theme maker

My Examples : Capture toolIP Camera | Crosshair | Draw Captured Region | Picture Screensaver | Jscreenfix | Drivetemp | Picture viewer

My Snippets : Basic TCP | Systray_GetIconIndex | Intercept End task | Winpcap various | Advanced HotKeySet | Transparent Edit control

 

Share this post


Link to post
Share on other sites
lsakizada

Now its working.

Thanks!


Be Green Now or Never (BGNN)!

Share this post


Link to post
Share on other sites
FireFox

Alright :)

You can mark the thread as solved ;)


 

OS : Win XP SP2 (32 bits) / Win 7 SP1 (64 bits) / Win 8 (64 bits) | Autoit version: latest stable / beta.
Hardware : Intel(R) Core(TM) i5-2400 CPU @ 3.10Ghz / 8 GiB RAM DDR3.

My UDFs : Skype UDF | TrayIconEx UDF | GUI Panel UDF | Excel XML UDF | Is_Pressed_UDF

My Projects : YouTube Multi-downloader | FTP Easy-UP | Lock'n | WinKill | AVICapture | Skype TM | Tap Maker | ShellNew | Scriptner | Const Replacer | FT_Pocket | Chrome theme maker

My Examples : Capture toolIP Camera | Crosshair | Draw Captured Region | Picture Screensaver | Jscreenfix | Drivetemp | Picture viewer

My Snippets : Basic TCP | Systray_GetIconIndex | Intercept End task | Winpcap various | Advanced HotKeySet | Transparent Edit control

 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×