|
|
- HANDLE GetProcessKernelObject(DWORD ProcessId)
- {
- HMODULE hNtDll = NULL;
- ZWQUERYSYSTEMINFORMATION pfnZwQuerySystemInformation = NULL;
- NTQUERYOBJECT pfnNtQueryObject = NULL;
- PSYSTEM_HANDLE_INFORMATION pSysHandleInfo = NULL;
- POBJECT_ALL_INFORMATION pAllInfo =NULL;
- POBJECT_NAME_INFORMATION pNameInfo = NULL;
- ULONG nNumberHandle =0;
- NTSTATUS ntStatus = 0;
- ULONG ulSize,ulCount;
- char cBuffer[0x80000],cInfoBuffer[0x10000];
- hNtDll = GetModuleHandle(TEXT("ntdll.dll"));
- pfnZwQuerySystemInformation = (ZWQUERYSYSTEMINFORMATION)GetProcAddress(hNtDll,"ZwQuerySystemInformation");
- pfnNtQueryObject = (NTQUERYOBJECT)GetProcAddress(hNtDll,"NtQueryObject");
- ntStatus = pfnZwQuerySystemInformation(SystemHandleInformation,cBuffer,0x80000,&ulSize);
- if(NT_SUCCESS(ntStatus))
- {
- DWORD n = ulSize/sizeof(SYSTEM_HANDLE_INFORMATION);
- nNumberHandle = *(PULONG)cBuffer;
- pSysHandleInfo = (PSYSTEM_HANDLE_INFORMATION)(cBuffer +4);
- ulCount = 0;
- for(ULONG i=0;i!=nNumberHandle;++i)
- {
- if(pSysHandleInfo[i].ProcessId != ProcessId)
- continue;
- ntStatus = pfnNtQueryObject((HANDLE)pSysHandleInfo[i].Handle,ObjectAllInformation,cInfoBuffer,0x10000,&ulSize);
- ntStatus = pfnNtQueryObject((HANDLE)pSysHandleInfo[i].Handle,ObjectNameInformation,cInfoBuffer,0x10000,&ulSize);
- if(NT_SUCCESS(ntStatus))
- {
- pAllInfo = (POBJECT_ALL_INFORMATION)cInfoBuffer;
- pNameInfo = (POBJECT_NAME_INFORMATION)cInfoBuffer;
- if(_tcsstr(pNameInfo->NameBuffer,TEXT("QQGame_Mutex")) !=NULL)
- {
- return (HWND)pSysHandleInfo[i].Handle;
- }
- }
- }
- }
- return NULL;
- }
|
|
发表于 2011-7-19 10:24:59
发表于 2011-8-11 15:48:07
