OpenThreadToken() error 1008, ERROR_NO_TOKEN

Question

I'm trying to read from the memory of the MineSweeper to learn that kind of stuff, but I have a little problem.

When I try to print the modules it says to me I have no rights to do that. I know that's because the memory of that process is protected from write-read, and to read from it, I need to have debug rights.

And right there, my problem is when I call the OpenThreadToken(..), it fails with code 1008, and that's ERROR_NO_TOKEN.

Here you are the code, and sorry for the long intro:

int privileges(){
HANDLE token;
TOKEN_PRIVILEGES tp;
DWORD siz = sizeof(TOKEN_PRIVILEGES);

if (OpenThreadToken(GetCurrentThread(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY,
FALSE, &token) != 0){ //HERE IT FAILS
    LookupPrivilegeValue(NULL, SE_DEBUG_NAME, &tp.Privileges[0].Luid);
    tp.PrivilegeCount = 1;
    tp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
    if (AdjustTokenPrivileges(token, 0, &tp, siz, NULL ,NULL) != 0){
        cout << "--Conseguido acceso debug.\n";
        return TRUE;
    }
    else {
        cout << "fail adjust\n";
        return FALSE;
    }
}
else {
    cout << "fail if: " << GetLastError() << endl;
    cin.get();
    return FALSE;
}

I don't know why it fails. I've tried with the Microsoft example too, but same problem.

Does anybody know why it fails?

Answer 1

Threads only have their own tokens if you are using the impersonation APIs, otherwise there is only a process token. Simply fall back to OpenProcessToken if OpenThreadToken fails with ERROR_NO_TOKEN.