阿杰 发表于 2011-7-19 10:24:59

找互拆体的句柄

HANDLE GetProcessKernelObject(DWORD ProcessId)
{

HMODULE hNtDll = NULL;
ZWQUERYSYSTEMINFORMATION pfnZwQuerySystemInformation = NULL;
NTQUERYOBJECT pfnNtQueryObject = NULL;
PSYSTEM_HANDLE_INFORMATION pSysHandleInfo = NULL;
POBJECT_ALL_INFORMATION pAllInfo =NULL;
POBJECT_NAME_INFORMATION pNameInfo = NULL;


ULONG nNumberHandle =0;
NTSTATUS ntStatus = 0;
ULONG ulSize,ulCount;
char cBuffer,cInfoBuffer;

hNtDll = GetModuleHandle(TEXT("ntdll.dll"));
pfnZwQuerySystemInformation = (ZWQUERYSYSTEMINFORMATION)GetProcAddress(hNtDll,"ZwQuerySystemInformation");
pfnNtQueryObject = (NTQUERYOBJECT)GetProcAddress(hNtDll,"NtQueryObject");

ntStatus = pfnZwQuerySystemInformation(SystemHandleInformation,cBuffer,0x80000,&ulSize);

if(NT_SUCCESS(ntStatus))
{
DWORD n = ulSize/sizeof(SYSTEM_HANDLE_INFORMATION);
nNumberHandle = *(PULONG)cBuffer;
pSysHandleInfo = (PSYSTEM_HANDLE_INFORMATION)(cBuffer +4);
ulCount = 0;

for(ULONG i=0;i!=nNumberHandle;++i)
{

if(pSysHandleInfo.ProcessId != ProcessId)
continue;


ntStatus = pfnNtQueryObject((HANDLE)pSysHandleInfo.Handle,ObjectAllInformation,cInfoBuffer,0x10000,&ulSize);
ntStatus = pfnNtQueryObject((HANDLE)pSysHandleInfo.Handle,ObjectNameInformation,cInfoBuffer,0x10000,&ulSize);
if(NT_SUCCESS(ntStatus))
{
pAllInfo = (POBJECT_ALL_INFORMATION)cInfoBuffer;
pNameInfo = (POBJECT_NAME_INFORMATION)cInfoBuffer;
if(_tcsstr(pNameInfo->NameBuffer,TEXT("QQGame_Mutex")) !=NULL)
{
return (HWND)pSysHandleInfo.Handle;
}
}
}
}
return NULL;
}

346022142 发表于 2011-8-11 15:48:07

:loveliness::loveliness:谢谢了收下之

wangmin1944 发表于 2014-1-16 13:30:56

upring 发表于 2015-3-17 15:16:44

必须赞 楼主好厉害

luqi_44 发表于 2015-4-30 20:26:51

受教了

luqi_44 发表于 2015-4-30 20:27:08

受教了
页: [1]
查看完整版本: 找互拆体的句柄