2012年10月31日 星期三

[Release] - Get Mutex's Handle

HANDLE GetProcessKernelObject(DWORD ProcessId)
{
HMODULE hNtDll = NULL;
ZWQUERYSYSTEMINFORMATION pfnZwQuerySystemInformation = NULL;
NTQUERYOBJECT pfnNtQueryObject = NULL;
PSYSTEM_HANDLE_INFORMATION pSysHandleInfo = NULL;
POBJECT_ALL_INFORMATION pAllInfo =NULL;
POBJECT_NAME_INFORMATION pNameInfo = NULL;


ULONG nNumberHandle =0;
NTSTATUS ntStatus = 0;
ULONG ulSize,ulCount;
char cBuffer[0x80000],cInfoBuffer[0x10000];

hNtDll = GetModuleHandle(TEXT("ntdll.dll"));
pfnZwQuerySystemInformation = (ZWQUERYSYSTEMINFORMATION)GetProcAddress(hNtDll,"ZwQuerySystemInformation");
pfnNtQueryObject = (NTQUERYOBJECT)GetProcAddress(hNtDll,"NtQueryObject");

ntStatus = pfnZwQuerySystemInformation(SystemHandleInformation,cBuffer,0x80000,&ulSize);

if(NT_SUCCESS(ntStatus))
{

DWORD n = ulSize/sizeof(SYSTEM_HANDLE_INFORMATION);
nNumberHandle = *(PULONG)cBuffer;
pSysHandleInfo = (PSYSTEM_HANDLE_INFORMATION)(cBuffer +4);
ulCount = 0;

for(ULONG i=0;i!=nNumberHandle;++i)
{

if(pSysHandleInfo[i].ProcessId != ProcessId)
continue;

ntStatus = pfnNtQueryObject((HANDLE)pSysHandleInfo[i].Handle,ObjectAllInformation,cInfoBuffer,0x10000,&ulSize);

ntStatus = pfnNtQueryObject((HANDLE)pSysHandleInfo[i].Handle,ObjectNameInformation,cInfoBuffer,0x10000,&ulSize);

if(NT_SUCCESS(ntStatus))
{

pAllInfo = (POBJECT_ALL_INFORMATION)cInfoBuffer;
pNameInfo = (POBJECT_NAME_INFORMATION)cInfoBuffer;

if(_tcsstr(pNameInfo->NameBuffer,TEXT("WvsClientMtx")) !=NULL)
{
return (HWND)pSysHandleInfo[i].Handle;
}
}
}
}
return NULL;
}

hMuTex = GetProcessKernelObject(GetCurrentProcessId());
CloseHandle(hMuTex);

From :  Here

沒有留言:

張貼留言