[SOLVED]: CreateToolhelp32Snapshot_ Windows Service

Just starting out? Need help? Post your questions and find answers here.
ALAN-MHz
User
User
Posts: 68
Joined: Fri Jul 29, 2005 11:47 am

[SOLVED]: CreateToolhelp32Snapshot_ Windows Service

Post by ALAN-MHz »

Hi all, it's normal that when i call CreateToolhelp32Snapshot_ on a windows service from purebasic v5.00 (both x86 and x64) i got #INVALID_HANDLE_VALUE ? how i can solve this problem ? i see process monitoring tool that can use it without problem and return process data!
Last edited by ALAN-MHz on Fri Jan 19, 2018 10:33 am, edited 1 time in total.
JHPJHP
Addict
Addict
Posts: 2129
Joined: Sat Oct 09, 2010 3:47 am
Contact:

Re: CreateToolhelp32Snapshot_ Windows Service

Post by JHPJHP »

Hi ALAN-MHz,

Without a working example...

CreateToolhelp32Snapshot function
Windows Dev Center wrote:Return value

If the function succeeds, it returns an open handle to the specified snapshot.

If the function fails, it returns INVALID_HANDLE_VALUE. To get extended error information, call GetLastError. Possible error codes include ERROR_BAD_LENGTH.

Remarks

The snapshot taken by this function is examined by the other tool help functions to provide their results. Access to the snapshot is read only. The snapshot handle acts as an object handle and is subject to the same rules regarding which processes and threads it is valid in.

To enumerate the heap or module states for all processes, specify TH32CS_SNAPALL and set th32ProcessID to zero. Then, for each additional process in the snapshot, call CreateToolhelp32Snapshot again, specifying its process identifier and the TH32CS_SNAPHEAPLIST or TH32_SNAPMODULE value.

When taking snapshots that include heaps and modules for a process other than the current process, the CreateToolhelp32Snapshot function can fail or return incorrect information for a variety of reasons. For example, if the loader data table in the target process is corrupted or not initialized, or if the module list changes during the function call as a result of DLLs being loaded or unloaded, the function might fail with ERROR_BAD_LENGTH or other error code. Ensure that the target process was not started in a suspended state, and try calling the function again. If the function fails with ERROR_BAD_LENGTH when called with TH32CS_SNAPMODULE or TH32CS_SNAPMODULE32, call the function again until it succeeds.
Script sample from the following example: Services, Stuff & Shellhook\Stuff\ProcessStuff\GetProcessPath.pb

Code: Select all

;...

Procedure GetProcessList()
  hSnapshot = CreateToolhelp32Snapshot_(#TH32CS_SNAPPROCESS, 0)

  If hSnapshot
    ProcEntry.PROCESSENTRY32
    ProcEntry\dwSize = SizeOf(PROCESSENTRY32)

    If Process32First_(hSnapshot, @ProcEntry)
      While Process32Next_(hSnapshot, @ProcEntry)
        AdjustCurrentProcessPrivilege(#SE_DEBUG_NAME, #True)
        dwProcessId = ProcEntry\th32ProcessID
        hProcess = OpenProcess_(#PROCESS_QUERY_INFORMATION | #PROCESS_VM_READ, #False, dwProcessId)

        If hProcess
          Debug GetProcessPath(hProcess)
          CloseHandle_(hProcess)
        EndIf
      Wend
    EndIf
    CloseHandle_(hSnapshot)
  EndIf
EndProcedure

;...
ALAN-MHz
User
User
Posts: 68
Joined: Fri Jul 29, 2005 11:47 am

Re: CreateToolhelp32Snapshot_ Windows Service

Post by ALAN-MHz »

i think that your post give me solution, because the sample code that you have posted, without "AdjustCurrentProcessPrivilege" i give a lot of ERROR 5 (ERROR_ACCESS_DENIED), so now i try to use this function on my function to see if problem is solved and post here the result!

UPDATE: Confirm that adding "AdjustCurrentProcessPrivilege" solved my problem, thanks!
Post Reply