I am writing anti cheat software for a video game. Using CreateToolhelp32Snapshot I can get a list of open processes. From there I would like to find the address of each process and read through its .exe file. While this works for most processes, protected processes deny access to methods such as OpenProcess or GetModuleFileNameEx. Assuming my application is being run as administrator, is there a work around to finding protected processes addresses?
How do I accessing a protected process's .exe address?
585 Views Asked by Loran1156 At
1
There are 1 best solutions below
Related Questions in C++
- How to immediately apply DISPLAYCONFIG_SCALING display scaling mode with SetDisplayConfig and DISPLAYCONFIG_PATH_TARGET_INFO
- Why can't I use templates members in its specialization?
- How to fix "Access violation executing location" when using GLFW and GLAD
- Dynamic array of structures in C++/ cannot fill a dynamic array of doubles in structure from dynamic array of structures
- How do I apply the interface concept with the base-class in design?
- File refuses to compile std::erase() even if using -std=g++23
- How can I do a successful map when the number of elements to be mapped is not consistent in Thrust C++
- Can std::bit_cast be applied to an empty object?
- Unexpected inter-thread happens-before relationships from relaxed memory ordering
- How i can move element of dynamic vector in argument of function push_back for dynamic vector
- Brick Breaker Ball Bounce
- Thread-safe lock-free min where both operands can change c++
- Watchdog Timer Reset on ESP32 using Webservers
- How to solve compiler error: no matching function for call to 'dmhFS::dmhFS()' in my case?
- Conda CMAKE CXX Compiler error while compiling Pytorch
Related Questions in WINAPI
- How to immediately apply DISPLAYCONFIG_SCALING display scaling mode with SetDisplayConfig and DISPLAYCONFIG_PATH_TARGET_INFO
- Changing the theme of a #32768 (menu) window class at runtime
- Issue with GetOpenFileName while debugging
- How to populate a ListBox with SendMessage?
- Is there a function to end a child process?
- HDR video publishing
- Frameless Qt + WinAPI maximized window size is bigger than the availableGeometry()
- Mount .iso file with python
- What is Win32 x86-64 CONTEXT::VectorRegister for?
- WinAPI - right mouse drag & drop and IContextMenu
- Win32 per-filesystem cache tuning?
- Client connection timeout during Android & Windows PC communication via sockets
- MessageBoxEx sometimes shows as hollow window, border only, and only on Windows 11
- Win32api send message and Pydirectinput and Powertoy (Keyboard Manager ) Not working when open the application
- Would it be possible to run an application right after csrss.exe loads? (Windows)
Related Questions in DIRECTORY
- I cant access file directory with PHP local host on XAMPP. it just shows one of the files I have in my visual studio code
- PHP string variable to multiple rows in table sql insert
- Android - Why my app picks values on default folder (instead XXHDPI)
- Use htaccess to add subdirectory to url while displaying base url
- Dockerfile and package-json are in different folders
- VS2022 C++ empty directory for audio file. CMake; SFML
- Visual Studio Error: The system cannot find the file specified
- Email from SharePoint: "Heads up! We noticed that you recently deleted a large number of files from a site" but the user doesn't deleting anything
- Duplicate folder into new folder one level up in the directionary
- Shapefiles not showing up in assigned directory in R - says it exists but can't find it
- Recursively calculate SHA256 sum of all files in directory using OpenSSL
- $WinREAgent folder keeps to automatically appear
- thunderbird local archive folder missing
- Python folder path string escape character error
- Switch r settings to not have to create directory when saving files into new subfolders
Related Questions in OPENPROCESS
- Get full executable path of SYSTEM process without full admin rights/elevation on Windows?
- I have try to open process in cpp by using psapi library but *some process not openning* and I displaying it in webpage using tomcat server and jni
- how to move a drawing in open processing
- P5js/Openprocessing Character moving question?
- OpenProcess() fails for some users with access denied
- ReadProcessMemory returns nothing
- Access Denied Calling OpenProcess From Process Running As IIS APPPOOL Account on Windows Server 2019
- How do I accessing a protected process's .exe address?
- Creating Visualisations in Processing and Understanding Code
- return 0, Error Code 6, OpenProcess() in c++
- open a process and capture screen of its area in c++ on Windows using Qt
- C# open rasphone.exe with arguments
- Invalid Handle when using a single HANDLE with two calls of ReadProcessMemory
- OpenProcess call returns pseudo handle
- Read memory from application which does not allow it
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
Popular # Hahtags
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
Cheat Engine is not a Protected Process and neither are 99.9% of cheats. You can check the certificate for the exe in Process Hacker and you will see it only has Code Signing and no Protected Process designation.
If you cannot access a cheat's memory it's because they're protecting it with a kernel driver. You must also be running in kernel if you want to touch the process. If they have somehow created a PP then you need to be in kernel.
There are many usermode methods they can use to protect themselves as well, they can simply hook OpenProcess() in every running process including yours and return 0 when you're trying to open their process.
You would need to get a copy of the cheat and reverse engineer it to figure out how it's protecting itself, then you can start removing or bypassing these protections.