Solved A few questions about OpenProcess

Hexui Undetected CSGO Cheats Sinkicheat PUBG Cheat

DaftHacker

Newbie
Full Member
Oct 23, 2015
11
252
0
What does OpenProcess exactly do ? Before someone posts the msdn, im not entirely sure what access to the process object means. ReadProcessMemory and WriteProcessMemory will work without OpenProcess anyways.
Why do people set their handle to the return value from OpenProcess rather than just Proc.Handle after using GetProcessesByName() ?
What does the bInheritHandle parameter do ? Not sure what: processes created by this process will inherit the handle entirely means. Does that just make all the children to the process have the same handle as the main process ? If so what is the use case for setting bInheritHandle to true ?
What is the SeDebugPrivilege privilege used for and how would i set it if there is any use case for it ?
 

Broihon

edgy 12 y/o
Escobar Tier VIP
Fleep Tier Donator
Dec 22, 2013
1,745
40,528
316
1. Before answering that question let me answer what a (process) HANDLE is. A handle is basically a key which is required to access for example the memory of another process. This key can be retrieved by using the OpenProcess function.
2. Proc.handle sounds like Visual Basic syntax to me. In C++ the handle is directly returned by the OpenProcess API. Of course you can make a function yourself which you call GetProcessByName (or w/e) which than returns the returned hadle of OpenProcess.
3. The thing about handles is that they are only valid for the process that created the handle. For example I attach Cheat Engine to a game (let's assume Cheat Engine uses OpenProcess aswell) and now Cheat Engine has a handle (key) to the memory of the game. Now I want my hack.exe to also be able to access the game's memory. I can't just copy the key because of the way Windows (or more precisly the kernel) distributes/uses the keys. That's why I have to use OpenProcess in my hack.exe to create a new key.
Now comes the inheritance. If my hack.exe uses OpenProcess with bInheritHandle = TRUE then all processes CREATED (the so called "child processes") by my hack.exe will be able to use that handle. If I set bInheritHandle = FALSE child processes won't be able to use the handle. For hacking purposes this is mostly irrelevant.
4. SeDebugPrivilege is one of many privileges a process can have (you can look them up here). It allows you basically to attach a debugger and to attach to processes of another session/users. If I recall correctly with normal administrator privileges this should be possible aswell.
 

Broihon

edgy 12 y/o
Escobar Tier VIP
Fleep Tier Donator
Dec 22, 2013
1,745
40,528
316
[...] useful information like getting the processid (though i could just use the Win32 function GetProcessId()).
The process ID is required to open a handle to a process.

So if i understand this correctly it doesn't really matter how you get the handle just as long as you have it you will be able to hack said process ?
Basically yes. It depends on the value of the dwDesiredAccess argument in the OpenProcess call which is a combination of these values.

Or is OpenProcess a better way to do it?
When you're using GetProcessByName in C# it just calls OpenProcess at some point. There's no difference. GetProcessByName basically does this:
ProcessName to ProcessID
ProcessID to ProcessObject (including the handle)
Return the ProcessObject

Could OpenProcess be detected by a process?
There are several methods for games/anticheats to detect if another process tries to create a handle to the memory (not just using OpenProcess).

Edit: Another question as for the flags, when you OpenProcess with the access all does that even pertain to anything since we're just going to get the handle and use it for WriteProcessMemory for instance ?
Yes, I'd always go for PROCESS_ALL_ACCESS or at least for (if you only need Read/WriteProcessMemory) PROCESS_VM_READ | PROECSS_VM_WRITE | PROCESS_VM_OPERATION.
 

DaftHacker

Newbie
Full Member
Oct 23, 2015
11
252
0
1. Before answering that question let me answer what a (process) HANDLE is. A handle is basically a key which is required to access for example the memory of another process. This key can be retrieved by using the OpenProcess function.
2. Proc.handle sounds like Visual Basic syntax to me. In C++ the handle is directly returned by the OpenProcess API. Of course you can make a function yourself which you call GetProcessByName (or w/e) which than returns the returned hadle of OpenProcess.
3. The thing about handles is that they are only valid for the process that created the handle. For example I attach Cheat Engine to a game (let's assume Cheat Engine uses OpenProcess aswell) and now Cheat Engine has a handle (key) to the memory of the game. Now I want my hack.exe to also be able to access the game's memory. I can't just copy the key because of the way Windows (or more precisly the kernel) distributes/uses the keys. That's why I have to use OpenProcess in my hack.exe to create a new key.
Now comes the inheritance. If my hack.exe uses OpenProcess with bInheritHandle = TRUE then all processes CREATED (the so called "child processes") by my hack.exe will be able to use that handle. If I set bInheritHandle = FALSE child processes won't be able to use the handle. For hacking purposes this is mostly irrelevant.
4. SeDebugPrivilege is one of many privileges a process can have (you can look them up here). It allows you basically to attach a debugger and to attach to processes of another session/users. If I recall correctly with normal administrator privileges this should be possible aswell.
For my second question, i am using C# and what im doing for retrieving the process handle is:
C++:
        private Process Proc;

        public bool FindProcess(string ProcessName)
        {
            Proc = Process.GetProcessesByName(ProcessName)[0];

            if (Proc != null)
            {
                return true;
            }

            return false;
        }
Then as for getting the handle i would just use:
C++:
        public IntPtr ProcessHandle()
        {
            return Proc.Handle;
        }
and doing it that way would also allow me to get other useful information like getting the processid (though i could just use the Win32 function GetProcessId()).
So if i understand this correctly it doesn't really matter how you get the handle just as long as you have it you will be able to hack said process ? Or is OpenProcess a better way to do it ? Could OpenProcess be detected by a process ?
Edit: Another question as for the flags, when you OpenProcess with the access all does that even pertain to anything since we're just going to get the handle and use it for WriteProcessMemory for instance ?
 
Last edited:
Attention! Before you post:

Read the How to Ask Questions Guide
99% of questions are answered in the Beginner's Guide, do it before asking a question.

No Hack Requests. Post in the correct section.  Search the forum first. Read the rules.

How to make a good post:

  • Fill out the form correctly
  • Tell us the game name & coding language
  • Post everything we need to know to help you
  • Ask specific questions, be descriptive
  • Post errors, line numbers & screenshots
  • Post code snippets using code tags
  • If it's a large project, zip it up and attach it

If you do not comply, your post may be deleted.  We want to help, please make a good post and we will do our best to help you.

Community Mods