Opening Kal Process, with debug privileges

08/02/2009 16:00 Xorg#1
Hi,
This is my simple program that reads the value from KalOnline speed pointer.

PHP Code:
#include <windows.h>
#include <iostream>
#include <conio.h>

LPCWSTR lpstrWindowName L"KalOnline";
HWND hWindow;
DWORD dwProcess;
HANDLE hProcess;
int value 0;
DWORDspeedpointer = (DWORD*)0x00740240;
int main()
{    
    if (!(hWindow FindWindow(NULLlpstrWindowName)))
        printf ("Window not found\n");
        
    if (!GetWindowThreadProcessId(hWindow, &dwProcess))
        printf ("Process not found\n");    

    if (!(hProcess OpenProcess(PROCESS_VM_READfalsedwProcess)))
        printf ("Cant open process! \n");
    
    if (!ReadProcessMemory(hProcessspeedpointer, &value4NULL)) // there is no offset to speed pointer, but dont worry its test program
    {
        printf ("Cant read in: 0x00%X \n"speedpointer);
        printf ("Error: %d\n"GetLastError());
    }
    else
    {
        printf ("Memory: %s \n"value);
    }

    getch();
    return 0;

There is error.
Code:
Cant read in: 0x00740240
The problem is that I cant open engine.exe process so easy.
I heard I need is to enable the SeDebugPrivilege privilege.

Its possible to read the value from KalOnline memory this way?
Any one can help me with that?
08/03/2009 02:53 EXTEЯNAL#2
you cant get the process handle over FindWindow. Hackshield blocked it.

you should try to make a snapshot of all running processes ;)
08/03/2009 19:51 Xorg#3
Made snapshot, and got ID. ;)

but when I use OpenProcess with PROCESS_QUERY_INFORMATION flag it fails (Access Denied).
I need to OpenProcess with this flag to get handle for OpenProcessToken function then apply SeDebugPrivilege privilege.

Anyone know how to Open kal process? Damn HS :/
08/04/2009 17:39 EXTEЯNAL#4
PROCESS_VM_ALL maybe?
08/04/2009 23:01 Xorg#5
No way ;).
Its blocked by hackshield from kernel side.
08/04/2009 23:02 chibis#6
bypass hs ^^
08/04/2009 23:12 Xorg#7
no skill ;D
08/05/2009 07:16 EXTEЯNAL#8
use a dll/memcpy then.
08/06/2009 15:59 Xorg#9
Yeah it will be the best what can I do ;).
Thx for advices.