进程句柄查看工具（File,Event,Mutant,Section等句柄）

悬念 · 发表于 2014-6-21 13:47:09

SeekHandle.rar (1.62 MB, 下载次数: 150)
源码：

// SeekHandleDlg.cpp : 实现文件
//
#include "stdafx.h"
#include "SeekHandle.h"
#include "SeekHandleDlg.h"
#include "type.h"
#include"tlhelp32.h"
#include "afxdialogex.h"
#ifdef _DEBUG
#define new DEBUG_NEW
#endif
// 用于应用程序“关于”菜单项的 CAboutDlg 对话框
class CAboutDlg : public CDialogEx
{
public:
CAboutDlg();
// 对话框数据
enum { IDD = IDD_ABOUTBOX };
protected:
virtual void DoDataExchange(CDataExchange* pDX); // DDX/DDV 支持
// 实现
protected:
DECLARE_MESSAGE_MAP()
};
CAboutDlg::CAboutDlg() : CDialogEx(CAboutDlg::IDD)
{
}
void CAboutDlg::DoDataExchange(CDataExchange* pDX)
{
CDialogEx::DoDataExchange(pDX);
}
BEGIN_MESSAGE_MAP(CAboutDlg, CDialogEx)
END_MESSAGE_MAP()
// CSeekHandleDlg 对话框
CSeekHandleDlg::CSeekHandleDlg(CWnd* pParent /*=NULL*/)
: CDialogEx(CSeekHandleDlg::IDD, pParent)
{
m_hIcon = AfxGetApp()->LoadIcon(IDR_MAINFRAME);
}
void CSeekHandleDlg::DoDataExchange(CDataExchange* pDX)
{
CDialogEx::DoDataExchange(pDX);
DDX_Control(pDX, IDC_LSTPROC, m_lstProc);
DDX_Control(pDX, IDC_LSTPROCINFO, m_lstProcInfo);
}
BEGIN_MESSAGE_MAP(CSeekHandleDlg, CDialogEx)
ON_WM_SYSCOMMAND()
ON_WM_PAINT()
ON_WM_QUERYDRAGICON()
ON_BN_CLICKED(IDOK, &CSeekHandleDlg::OnBnClickedOk)
ON_NOTIFY(NM_CLICK, IDC_LSTPROC, &CSeekHandleDlg::OnNMClickLstproc)
ON_NOTIFY(NM_RCLICK, IDC_LSTPROCINFO, &CSeekHandleDlg::OnNMRClickLstprocinfo)
ON_COMMAND(ID_CLOSEHAND, &CSeekHandleDlg::OnClosehand)
ON_COMMAND(ID_SHOWALL, &CSeekHandleDlg::OnShowall)
ON_COMMAND(ID_SCREEN, &CSeekHandleDlg::OnScreen)
ON_COMMAND(ID_CLEANMUTEX, &CSeekHandleDlg::OnCleanmutex)
END_MESSAGE_MAP()
// CSeekHandleDlg 消息处理程序
BOOL CSeekHandleDlg::OnInitDialog()
{
CDialogEx::OnInitDialog();
// 将“关于...”菜单项添加到系统菜单中。
// IDM_ABOUTBOX 必须在系统命令范围内。
ASSERT((IDM_ABOUTBOX & 0xFFF0) == IDM_ABOUTBOX);
ASSERT(IDM_ABOUTBOX < 0xF000);
CMenu* pSysMenu = GetSystemMenu(FALSE);
if (pSysMenu != NULL)
{
BOOL bNameValid;
CString strAboutMenu;
bNameValid = strAboutMenu.LoadString(IDS_ABOUTBOX);
ASSERT(bNameValid);
if (!strAboutMenu.IsEmpty())
{
pSysMenu->AppendMenu(MF_SEPARATOR);
pSysMenu->AppendMenu(MF_STRING, IDM_ABOUTBOX, strAboutMenu);
}
}
// 设置此对话框的图标。当应用程序主窗口不是对话框时，框架将自动
// 执行此操作
SetIcon(m_hIcon, TRUE); // 设置大图标
SetIcon(m_hIcon, FALSE); // 设置小图标
// TODO: 在此添加额外的初始化代码
//++++++++++++++++++++++++++++++++++++
//设置LISTCONTROL颜色
m_lstProc.SetBkColor(RGB(255, 255, 255));
m_lstProc.SetTextBkColor(RGB(255, 255, 255));
m_lstProc.SetTextColor(RGB(0, 0, 255));
//设置风格
m_lstProc.SetExtendedStyle(LVS_EX_FULLROWSELECT | LVS_EX_GRIDLINES);
//定义字段结构
LV_COLUMN h;
//定义LV_COLUMN结构对象 h
h.mask = LVXF_FMT | LVXF_TEXT | LVXF_WIDTH;
h.fmt = LVXFMT_CENTER; //居中
h.cx = 60; //宽度
h.pszText = "PID";
m_lstProc.InsertColumn(0, &h);
h.cx = 60;
h.pszText = "线程数";
m_lstProc.InsertColumn(1, &h);
h.cx = 100;
h.pszText = "工作集大小";
m_lstProc.InsertColumn(2, &h);
h.cx = 170;
h.pszText = "进程名";
m_lstProc.InsertColumn(3, &h);
//设置第一列居中
LVCOLUMN lvc;
lvc.mask = LVXF_FMT;
m_lstProc.GetColumn(0, &lvc);
lvc.fmt &= ~LVXFMT_JUSTIFYMASK;
lvc.fmt |= LVXFMT_CENTER;
m_lstProc.SetColumn(0, &lvc);
//++++++++++++++++++++++++++++++++++++
m_lstProcInfo.SetBkColor(RGB(255, 255, 255));
m_lstProcInfo.SetTextBkColor(RGB(255, 255, 255));
m_lstProcInfo.SetTextColor(RGB(0, 0, 255));
//设置风格
m_lstProcInfo.SetExtendedStyle(LVS_EX_FULLROWSELECT | LVS_EX_GRIDLINES);
//定义LV_COLUMN结构对象 h
h.mask = LVXF_FMT | LVXF_TEXT | LVXF_WIDTH;
h.fmt = LVXFMT_CENTER; //居中
h.cx = 350; //宽度
h.pszText = "名称";
m_lstProcInfo.InsertColumn(0, &h);
h.cx = 130; //宽度
h.pszText = "类型";
m_lstProcInfo.InsertColumn(1, &h);
h.cx = 80;
h.pszText = "句柄";
m_lstProcInfo.InsertColumn(2, &h);
//设置第一列居中
lvc.mask = LVXF_FMT;
m_lstProcInfo.GetColumn(0, &lvc);
lvc.fmt &= ~LVXFMT_JUSTIFYMASK;
lvc.fmt |= LVXFMT_CENTER;
m_lstProcInfo.SetColumn(0, &lvc);
//++++++++++++++++++++++++++++++++++++++
if (!ZwQuerySystemInformation)
{
MessageBox("Error：Get<ZwQuerySystemInformation>Add!");
ExitProcess(0);
}
m_pid = 0;
EnableDebugPrivilege();
GetProcList();
return TRUE; // 除非将焦点设置到控件，否则返回 TRUE
}
void CSeekHandleDlg::OnSysCommand(UINT nID, LPARAM lParam)
{
if ((nID & 0xFFF0) == IDM_ABOUTBOX)
{
CAboutDlg dlgAbout;
dlgAbout.DoModal();
}
else
{
CDialogEx::OnSysCommand(nID, lParam);
}
}
// 如果向对话框添加最小化按钮，则需要下面的代码
// 来绘制该图标。对于使用文档/视图模型的 MFC 应用程序，
// 这将由框架自动完成。
void CSeekHandleDlg::OnPaint()
{
if (IsIconic())
{
CPaintDC dc(this); // 用于绘制的设备上下文
SendMessage(WM_ICONERASEBKGND, reinterpret_cast<WPARAM>(dc.GetSafeHdc()), 0);
// 使图标在工作区矩形中居中
int cxIcon = GetSystemMetrics(SM_CXICON);
int cyIcon = GetSystemMetrics(SM_CYICON);
CRect rect;
GetClientRect(&rect);
int x = (rect.Width() - cxIcon + 1) / 2;
int y = (rect.Height() - cyIcon + 1) / 2;
// 绘制图标
dc.DrawIcon(x, y, m_hIcon);
}
else
{
CDialogEx::OnPaint();
}
}
//当用户拖动最小化窗口时系统调用此函数取得光标
//显示。
HCURSOR CSeekHandleDlg::OnQueryDragIcon()
{
return static_cast<HCURSOR>(m_hIcon);
}
void CSeekHandleDlg::OnBnClickedOk()
{
// TODO: 在此添加控件通知处理程序代码
// CDialogEx::OnOK();
}
/************************************************************************/
/* 获取进程列表 */
/************************************************************************/
VOID CSeekHandleDlg::GetProcList()
{
ULONG dwNeedSize;
PBYTE pBuffer = NULL;
PSYSTEM_PROCESSES psp = NULL;
CString strInfo;
char szANSIString[MAX_PATH];
int nIndex = 0;
memset(szANSIString, 0, sizeof(szANSIString));
NTSTATUS status = ZwQuerySystemInformation(SystemProcessesAndThreadsInformation, NULL, 0, &dwNeedSize);
if (status == STATUS_INFO_LENGTH_MISMATCH)
{
pBuffer = new BYTE[dwNeedSize];
status = ZwQuerySystemInformation(SystemProcessesAndThreadsInformation, (PVOID)pBuffer, dwNeedSize, NULL);
if (status == STATUS_SUCCESS)
{
psp = (PSYSTEM_PROCESSES)pBuffer; //强制转换
do
{
strInfo.Format("%4d", psp->ProcessId);
nIndex = m_lstProc.InsertItem(nIndex, strInfo);
m_lstProc.SetItemData(nIndex, psp->ProcessId);
strInfo.Format("%3d", psp->ThreadCount);
m_lstProc.SetItemText(nIndex, 1, strInfo);
strInfo.Format("%8dKB", psp->VmCounters.WorkingSetSize / 1024);
m_lstProc.SetItemText(nIndex, 2, strInfo);
WideCharToMultiByte(CP_ACP, WC_COMPOSITECHECK,
(LPCWSTR)psp->ProcessName.Buffer,
-1,
szANSIString,
sizeof(szANSIString),
NULL,
NULL);
m_lstProc.SetItemText(nIndex, 3, szANSIString);
psp = (PSYSTEM_PROCESSES)((ULONG)psp + psp->NextEntryDelta);
} while (psp->NextEntryDelta != 0);
}
delete[]pBuffer;
pBuffer = NULL;
}
}
void CSeekHandleDlg::OnNMClickLstproc(NMHDR *pNMHDR, LRESULT *pResult)
{
LPNMITEMACTIVATE pNMItemActivate = reinterpret_cast<LPNMITEMACTIVATE>(pNMHDR);
// TODO: 在此添加控件通知处理程序代码
DWORD pid;
int nIndex = 0;
POSITION p = m_lstProc.GetFirstSelectedItemPosition();
if (p == NULL)
{
MessageBox("没有行被选中!", "温馨提示");
return;
}
// 获取刚选取的位置的下标(从0开始的)
int index = m_lstProc.GetNextSelectedItem(p);
pid = m_lstProc.GetItemData(index);
m_pid = pid; // 赋值给全局PID
enumProcInfo(EM_SHOWNORMAL,pid);
*pResult = 0;
}
bool CSeekHandleDlg::EnableDebugPrivilege()
{
HANDLE hToken;
LUID sedebugnameValue;
TOKEN_PRIVILEGES tkp;
if (!OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken))
{
return FALSE;
}
if (!LookupPrivilegeValue(NULL, SE_DEBUG_NAME, &sedebugnameValue))
{
CloseHandle(hToken);
return false;
}
tkp.PrivilegeCount = 1;
tkp.Privileges[0].Luid = sedebugnameValue;
tkp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
if (!AdjustTokenPrivileges(hToken, FALSE, &tkp, sizeof(tkp), NULL, NULL))
{
CloseHandle(hToken);
return false;
}
return true;
}
void CSeekHandleDlg::OnNMRClickLstprocinfo(NMHDR *pNMHDR, LRESULT *pResult)
{
LPNMITEMACTIVATE pNMItemActivate = reinterpret_cast<LPNMITEMACTIVATE>(pNMHDR);
// TODO: 在此添加控件通知处理程序代码
NM_LISTVIEW* pNMListView = (NM_LISTVIEW*)pNMHDR;
if (pNMListView->iItem != -1)
{
DWORD dwPos = GetMessagePos();
CPoint point(LOWORD(dwPos), HIWORD(dwPos));
CMenu menu;
VERIFY(menu.LoadMenu(IDR_MENU)); //IDR_MENU_POPUP是新建菜单ID
CMenu* popup = menu.GetSubMenu(0);
ASSERT(popup != NULL);
popup->TrackPopupMenu(TPM_LEFTALIGN | TPM_RIGHTBUTTON, point.x, point.y, this);
}
*pResult = 0;
}
/************************************************************************/
/* 处理进程信息 */
/************************************************************************/
VOID CSeekHandleDlg::enumProcInfo(ENUMTYPE enType,int pid,ULONG uHandle)
{
NTSTATUS status;
int nIndex = 0;
ULONG dwNeedSize, Count, dwFlags;
PBYTE pBuffer = NULL;
PSYSTEM_HANDLE_INFORMATION pHandleInfo;
char szName[512];
char szType[128];
POBJECT_NAME_INFORMATION pNameInfo;
POBJECT_NAME_INFORMATION pNameType;
CString strInfo;
char szANSIName[MAX_PATH];
char szANSIType[MAX_PATH];
m_lstProcInfo.DeleteAllItems();
dwNeedSize = 16 * 1024;
status = STATUS_INFO_LENGTH_MISMATCH;
while (STATUS_INFO_LENGTH_MISMATCH == status)
{
dwNeedSize *= 2;
if (pBuffer)
free(pBuffer);
pBuffer = (BYTE *)malloc(dwNeedSize);
status = ZwQuerySystemInformation(SystemHandleInformation, pBuffer, dwNeedSize, &dwNeedSize);
if (dwNeedSize > 20 * 1024 * 1024 || (status != STATUS_INFO_LENGTH_MISMATCH && status != 0))
{
free(pBuffer);
MessageBox("NtQuerySystemInformation 函数调用失败! ");
return;
}
}
Count = *(DWORD *)pBuffer;
pHandleInfo = (PSYSTEM_HANDLE_INFORMATION)(pBuffer + sizeof(DWORD));
for (int i = 0; i < Count; i++) //复制指定进程的
{
if (pHandleInfo.ProcessId == pid)
{
memset(szName, 0, sizeof(szName));
memset(szType, 0, sizeof(szType));
NTSTATUS Status = NtQueryObject((HANDLE)pHandleInfo.Handle, ObjectNameInformation, szName, 512, &dwFlags);
Status = NtQueryObject((HANDLE)pHandleInfo.Handle, ObjectTypeInformation, szType, 128, &dwFlags);
pNameInfo = (POBJECT_NAME_INFORMATION)szName;
pNameType = (POBJECT_NAME_INFORMATION)szType;
memset(szANSIName, 0, sizeof(szANSIName));
memset(szANSIType, 0, sizeof(szANSIType));
WideCharToMultiByte(CP_ACP, WC_COMPOSITECHECK,
(LPCWSTR)pNameInfo->Name.Buffer,
-1,
szANSIName,
sizeof(szANSIName),
NULL,
NULL);
WideCharToMultiByte(CP_ACP, WC_COMPOSITECHECK,
(LPCWSTR)pNameType->Name.Buffer,
-1,
szANSIType,
sizeof(szANSIType),
NULL,
NULL);
// 判断名称或者类型是否为空
if (enType==EM_SHOWNORMAL)
{
if (strcmp(szANSIType, "") == 0)
continue;
}
else if (enType==EM_SHOWALL)
{
;// 显示所就继续向下执行
}
else if (enType == EM_KILLHANDLE)
{
if (uHandle == pHandleInfo.Handle)
{
HANDLE hProcess;
HMODULE hModel;
PVOID lpCloseHandle;
CString strMsg;
hProcess = OpenProcess(PROCESS_CREATE_THREAD | PROCESS_VM_WRITE | PROCESS_VM_OPERATION, FALSE, pid);
hModel = GetModuleHandle("Kernel32.dll");
lpCloseHandle = GetProcAddress(hModel, "CloseHandle");
CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)lpCloseHandle,(LPVOID)uHandle, 0, NULL);
CloseHandle(hProcess);
continue;
}
if (strcmp(szANSIType, "") == 0)
continue;
}
else if (enType==EM_KILLMUTEX)
{
if (strcmp(szANSIType,"Mutant")==0)
{
HANDLE hProcess;
HMODULE hModel;
PVOID lpCloseHandle;
CString strMsg;
hProcess = OpenProcess(PROCESS_CREATE_THREAD | PROCESS_VM_WRITE | PROCESS_VM_OPERATION, FALSE, pid);
hModel = GetModuleHandle("Kernel32.dll");
lpCloseHandle = GetProcAddress(hModel, "CloseHandle");
CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)lpCloseHandle, (LPVOID)uHandle, 0, NULL);
CloseHandle(hProcess);
continue;
}
if (strcmp(szANSIType, "") == 0)
continue;
}
nIndex = m_lstProcInfo.InsertItem(nIndex, szANSIName);
m_lstProcInfo.SetItemText(nIndex, 1, szANSIType);
strInfo.Format("%d", pHandleInfo.Handle);
m_lstProcInfo.SetItemText(nIndex, 2, strInfo);
m_lstProcInfo.SetItemData(nIndex, pHandleInfo.Handle);
}
}
free(pBuffer);
}
void CSeekHandleDlg::OnShowall()
{
// TODO: 在此添加命令处理程序代码
if (m_pid == 0)
MessageBox("请先选择进程!");
enumProcInfo(EM_SHOWALL, m_pid);
}
void CSeekHandleDlg::OnScreen()
{
// TODO: 在此添加命令处理程序代码
if (m_pid == 0)
MessageBox("请先选择进程!");
enumProcInfo(EM_SHOWNORMAL, m_pid);
}
void CSeekHandleDlg::OnClosehand()
{
// TODO: 在此添加命令处理程序代码
ULONG uHandle;
int iItemSel = m_lstProcInfo.GetNextItem(-1, LVIS_SELECTED);
if (iItemSel != -1)
{
uHandle = m_lstProcInfo.GetItemData(iItemSel);
enumProcInfo(EM_KILLHANDLE, m_pid, uHandle);
}
}
void CSeekHandleDlg::OnCleanmutex()
{
// TODO: 在此添加命令处理程序代码
enumProcInfo(EM_KILLMUTEX,m_pid);
}

复制代码

联系我时，请说是在挂海论坛上看到的，谢谢！

Beatix · 发表于 2014-7-26 06:01:21

不错，感谢无私和分享精神！

JenTan · 发表于 2014-8-13 07:10:19

来刷分的，hehe

Malimali · 发表于 2014-8-31 14:27:45

感谢楼主，有你们这样人人，社会才会W美

刻骨゛铭X1n╮ · 发表于 2014-9-16 05:01:12

无回帖，不论坛，这才是人道。

奈何桥、寂寞 · 发表于 2014-9-29 06:57:54

感恩无私的分享与奉献 :)

变异兔子 · 发表于 2014-10-12 15:07:01

我常来...支持海论坛

疼惜那份疼惜 · 发表于 2015-3-12 13:40:13

为保住菊花，这个一定得回复！

yuzhibo · 发表于 2015-6-25 07:36:56

顶楼主啦..希望楼主多发精品好帖啦....

゛永卟分离﹏ · 发表于 2015-8-22 17:21:54

勤奋真能造就财富吗？

		自动登录	找回密码
密码			立即注册

玩游戏来117游戏网(H5不下载也能玩手游传奇，吃鸡，竞技都有)	不懂社区·好资源不错过·各位资源站大佬欢迎来采集搬运	IOS签名/udid证书出售/送证书加群1040456405	██【我要租此广告位】██
.	.	.	.

进程句柄查看工具（File,Event,Mutant,Section等句柄）

免责声明：

浏览过的版块

最佳新人

活跃会员

开荒者

原创大师

推广达人

沙发王

侦察队队长

宣传达人

灌水之王

突出贡献

优秀版主

荣誉管理

论坛元老

在线王

源码大师

终身成就

杰出贡献

机器王

评分大师

回帖大师

CM制造者

CM杀手

艺术大师

签到达人

土豪

知识库