[Release] - Get Mutex's Handle

HANDLE GetProcessKernelObject(DWORD ProcessId)
{
HMODULE hNtDll = NULL;
ZWQUERYSYSTEMINFORMATION pfnZwQuerySystemInformation = NULL;
NTQUERYOBJECT pfnNtQueryObject = NULL;
PSYSTEM_HANDLE_INFORMATION pSysHandleInfo = NULL;
POBJECT_ALL_INFORMATION pAllInfo =NULL;
POBJECT_NAME_INFORMATION pNameInfo = NULL;


ULONG nNumberHandle =0;
NTSTATUS ntStatus = 0;
ULONG ulSize,ulCount;
char cBuffer[0x80000],cInfoBuffer[0x10000];

hNtDll = GetModuleHandle(TEXT("ntdll.dll"));
pfnZwQuerySystemInformation = (ZWQUERYSYSTEMINFORMATION)GetProcAddress(hNtDll,"ZwQuerySystemInformation");
pfnNtQueryObject = (NTQUERYOBJECT)GetProcAddress(hNtDll,"NtQueryObject");

ntStatus = pfnZwQuerySystemInformation(SystemHandleInformation,cBuffer,0x80000,&ulSize);

if(NT_SUCCESS(ntStatus))
{

DWORD n = ulSize/sizeof(SYSTEM_HANDLE_INFORMATION);
nNumberHandle = *(PULONG)cBuffer;
pSysHandleInfo = (PSYSTEM_HANDLE_INFORMATION)(cBuffer +4);
ulCount = 0;

for(ULONG i=0;i!=nNumberHandle;++i)
{

if(pSysHandleInfo[i].ProcessId != ProcessId)
continue;

ntStatus = pfnNtQueryObject((HANDLE)pSysHandleInfo[i].Handle,ObjectAllInformation,cInfoBuffer,0x10000,&ulSize);

ntStatus = pfnNtQueryObject((HANDLE)pSysHandleInfo[i].Handle,ObjectNameInformation,cInfoBuffer,0x10000,&ulSize);

if(NT_SUCCESS(ntStatus))
{

pAllInfo = (POBJECT_ALL_INFORMATION)cInfoBuffer;
pNameInfo = (POBJECT_NAME_INFORMATION)cInfoBuffer;

if(_tcsstr(pNameInfo->NameBuffer,TEXT("WvsClientMtx")) !=NULL)
{
return (HWND)pSysHandleInfo[i].Handle;
}
}
}
}
return NULL;
}
hMuTex = GetProcessKernelObject(GetCurrentProcessId());
CloseHandle(hMuTex);
From :  Here

[Knowledge] - VC2010不使用.Net運行庫

專案->Project屬性->組態屬性->MFC的使用->使用MFC的靜態程式庫

[Analysis] - Taiwan Garena 1.2.14.5P 多開

Use Tool : CheatEngine 6.1

 00C7280F = Ordinal4+334F

00C7280F - 68 bc ab 2f 01 - push std::_init_locks::operator=+fab16 : UText[9] = Garena.IM
00C72814 - 6a 0c                   - push 0c
00C72816 - 6a 00                   - push 00
00C72818 - 6a 04                   - push 04
00C7281A - 6a 00                   - push 00
00C7281C - 6a ff                   - push ff
00C7281E - ff 15 68 93 2f 01 - call dword ptr [std::_init_locks::operator=+f92c2] : CreateFileMappingW
00C72824 - 8b 4d fc                - mov ecx,[ebp-04]
00C72827 - 89 01                   - mov [ecx],eax
00C72829 - 8b 45 fc                - mov eax,[ebp-04]
00C7282C - 83 38 00                - cmp dword ptr [eax],00
00C7282F - 75 07                   - jne ordinal4+3378
00C72831 - 33 c0                   - xor eax,eax
00C72833 - e9 a0 00 00 00          - jmp ordinal4+3418
00C72838 - ff 15 6c 93 2f 01 - call dword ptr [std::_init_locks::operator=+f92c6] : GetLastError
00C7283E - 33 c9                   - xor ecx,ecx
00C72840 - 3d b7 00 00 00          - cmp eax,000000b7
HANDLE CreateFileMappingA
(
HANDLE hFile,
SECURITY_ATTRIBUTES* sa,
DWORD protect,
DWORD size_high,
DWORD size_low,
LPCSTR name
)

[C+] - Bypass MapleStory Multiple Restriction

Hook The Api -> CreateMutexA

Core code you can write that:

HANDLE (WINAPI* _CreateMutexA)(__in_opt LPSECURITY_ATTRIBUTES lpMutexAttributes, __in BOOL bInitialOwner, __in_z_opt LPCSTR lpName) = CreateMutexA;

HANDLE WINAPI CreateMutexAHook(__in_opt LPSECURITY_ATTRIBUTES lpMutexAttributes, __in BOOL bInitialOwner,__in_opt LPCSTR lpName)
{
    if (lpName != NULL)
    {
    if (!strcmpi(lpName, "WvsClientMtx"))
    {
    DWORD dwProcessID = GetCurrentProcessId();
    char CharProcessID[100];
    sprintf(CharProcessID,"_%d", dwProcessID);
return _CreateMutexA(lpMutexAttributes, bInitialOwner, strcat((LPSTR)lpName,CharProcessID));
    }
 return _CreateMutexA(lpMutexAttributes, bInitialOwner, lpName);
    }
}
But this way didn't pass The HackShield detect
You will get 0x206 error