Skip to content

Require administrator permissions only when injecting. #17

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
josago97 wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Require administrator permissions only when injecting. #17

josago97 wants to merge 1 commit into from

Conversation

@josago97
Copy link

@josago97 josago97 commented Jun 21, 2025

The Process.EnterDebugMode call requires administrator privileges. These are not needed for basic memory read/write operations, but are required for code injection. Therefore, we only call it when injection is needed, allowing regular memory access without prompting the user for elevated permissions.

@aevitas
Copy link
Owner

aevitas commented Jun 22, 2025

Thanks for your submission!

There's a few things that come to mind when making these changes, in no specific order:

  1. Did you double check memory allocations still work with these changes?
  2. If I recall correctly, OpenProcess also requires administrator access if a process is opened with permissive permissions. I don't think it requires SeDebug privileges with the default flags, but since the flags are part of the constructor, anyone requesting more liberal permissions could be faced with problems.
  3. What would be the case for not having debug privileges?

There should be some tests in the project already, perhaps it would be good to add a few that cover these cases so we can make sure nothing seriously breaks.

@josago97
Copy link
Author

josago97 commented Jun 22, 2025

  1. There are some tests that use memory allocations. These tests continue to pass with this contribution.
  2. I've tried calling the native Windows API directly to check if administrator permissions were required, and indeed they are not. I've also tried other libraries, and administrator permissions are not required to read and write memory either. Perhaps they aren't required even for injection. It could be that if the process being read has been run with higher permissions, it's necessary to match those permissions to access its memory.
  3. If I want to manipulate the memory of a program like Notepad, I wouldn't need administrator permissions. So, why force the user to grant them?

Also, we would need to change the way we access process modules because the Process class caches the collection the first time it's read, and if a new module is opened, it won't appear. It would be more convenient to call the native Windows API to access the updated list.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@josago97 @aevitas