-2

I've implemented the ReadProcessMemory function from kernel32.dll using C# PInvoke. Compiling and installing on Windows 10 it functions flawlessly. However, installing the same program in Windows 11, it throws error 299 both in running with administrator privileges and not.

Here is the c# code:

[DllImport("kernel32.dll", SetLastError = setLastError)]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool ReadProcessMemory(
    [In] IntPtr hProcess,
    [In] IntPtr lpBaseAddress,
    [Out] byte[] lpBuffer,
    [In] UIntPtr dwSize,
    [Out] out UIntPtr lpNumberOfBytesRead
);

And I use Process.Handle for hProcess. But since it works on Windows 10, the same compiled code, not recompiled I cant image it is wrong. Most likely some setting on Windows that does not allow for one process to read the memory of another process even though we are running with administrator privileges.

Improve this question
2
  • 1
    @isomania Error 299 means "Only part of a ReadProcessMemory or WriteProcessMemory request was completed". So check the address range you are requesting. Commented May 14, 2024 at 14:51
  • Okay further testing shows that the memory region is PAGE_NOACCESS on Windows 11 and PAGE_READWRITE on Windows 10. Running VirtualProtectEx yields in (0x5) ERROR_ACCESS_DENIED even tough I'm running in Administrator privileges. What has been modified in Windows 11 secrecy update to make this change? And how can I modify it back? Commented May 15, 2024 at 6:16

1 Answer 1

Reset to default
0

After installing the following two Windows updates:

 2024-05 .NET 8.0.5  Security Update for x64 Client (KB5038352)
 2024-05 .NET 6.0.30 Security Update for x64 Client (KB5038350)

It works as intended on Windows 11.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.