Delphi版多开源码,也就是遍历系统内核对象句柄
2010-08-12 22:03
309 查看
此源码翻译自C++,可用于遍历系统内核对象句柄,然后找到其他进程的Mutex句柄
远程注入后关闭句柄,解决Mutex,实现多开。
或者做成dll注入,关闭句柄
注:本程序有一Bug;有时无法获取其他进程完整的内核对象句柄表(包括Mutex),望高手们可以修正此Bug。
procedure EumKnlObjectName(var sList:TStrings);
type
PObjectTypeInformation = ^TObjectTypeInformation;
TObjectTypeInformation = packed record
Name: Unicode_STRING;
ObjectCount, HandleCount: Cardinal;
Reserved1: array[0..3] of Cardinal;
PeakObjectCount, PeakHandleCount: Cardinal;
Reserved2: array[0..3] of Cardinal;
InvalidAttributes: Cardinal;
GenericMapping: TGenericMapping;
ValidAccess: Cardinal;
Unknown: UCHAR;
MaintainHandleDatabase: Boolean;
Reserved3: array[0..1] of UCHAR;
PoolType: Cardinal;
PagedPoolUsage, NonPagedPoolUsage: Cardinal;
end;
POBJECT_ALL_TYPES_INFORMATION = ^TOBJECT_ALL_TYPES_INFORMATION;
TOBJECT_ALL_TYPES_INFORMATION = record // Information Class 3
NumberOfTypes: DWORD;
TypeInformation: TObjectTypeInformation;
end;
TOBJECT_INFORMATION_CLASS = (
ObjectBasicInformation,
ObjectNameInformation,
ObjectTypeInformation,
ObjectAllTypesInformation,
ObjectHandleInformation);
PObjectNameInformation = ^TObjectNameInformation;
TObjectNameInformation = packed record
Name: UNICODE_STRING;
end;
PSystemHandleInformation = ^TSystemHandleInformation;
TSystemHandleInformation = packed record
ProcessId: DWORD;
ObjectTypeNumber: Byte;
Flags: Byte;
Handle: Word;
eObject: Pointer;
GrantedAccess: ACCESS_MASK;
end;
PSystemHandleInformation_Ex = ^TSystemHandleInformation_Ex;
TSystemHandleInformation_Ex = packed record
NumberOfHandles: DWORD;
Information: TSystemHandleInformation;
end;
PNtQuerySystemInformation = function(SystemInformationClass: DWORD; SystemInformation: Pointer; SystemInformationLength: ULONG; ReturnLength: PULONG): DWORD; stdcall;
PNtQueryObject = function(ObjectHandle: THANDLE;
ObjectInformationClass: TOBJECT_INFORMATION_CLASS;
ObjectInformation: Pointer;
ObjectInformationLength: DWORD;
ReturnLength: PDWORD): DWORD; stdcall;
var
_ModuleHandle, _Count, i: Dword;
_NtQueryObject: PNtQueryObject;
_ObjTypeInfo: POBJECT_ALL_TYPES_INFORMATION;
_P, _StrLen, _Size: DWORD;
_ObjName: string;
_NtQuerySystemInformation: PNtQuerySystemInformation;
pHandleInfor: PSystemHandleInformation_Ex;
_HandleInfor: PSystemHandleInformation;
_Name: PObjectNameInformation;
begin
_Count := 0;
_ModuleHandle := GetModuleHandle('ntdll.dll');
_NtQueryObject := GetProcAddress(_ModuleHandle, 'NtQueryObject');
_NtQuerySystemInformation := GetProcAddress(LoadLibrary('ntdll.dll'), 'NtQuerySystemInformation');
_Size := $4000;
GetMem(pHandleInfor, _Size);
while _NtQuerySystemInformation(16, pHandleInfor, _Size, nil) <> 0 do
begin
_Size := _Size + _Size;
ReallocMem(pHandleInfor, _Size);
end;
_Name := GetMemory($1000);
for I := 0 to pHandleInfor^.NumberOfHandles - 1 do
begin
_HandleInfor := PSystemHandleInformation(dword(pHandleInfor) + 4 + (i * SizeOf(TSystemHandleInformation)));
if (_HandleInfor^.ProcessId <> GetCurrentProcessId) then
begin
if _NtQueryObject(_HandleInfor^.Handle, ObjectNameInformation, _Name, $2000, nil) = 0 then
begin
_ObjName := WideCharToString(_Name.Name.Buffer);
sList.Add(IntToHex(Dword(_HandleInfor^.Handle), 8) + '-' + IntToStr(_HandleInfor^.ObjectTypeNumber) + ':' + _ObjName);
end;
end;
end;
end;
其中上面的UNICODE_STRING,是一个record,buffer是pwidechar,Length是word,MaximumLength也是word
如果不想这样动态调用内核Api
可以下载Jedi Api,完全翻译好头文件的,Delphi Pas
最后,希望高手能解决我的问题
无法获取其他进程完整的内核对象句柄表(包括Mutex),但可以获取本进程的
远程注入后关闭句柄,解决Mutex,实现多开。
或者做成dll注入,关闭句柄
注:本程序有一Bug;有时无法获取其他进程完整的内核对象句柄表(包括Mutex),望高手们可以修正此Bug。
procedure EumKnlObjectName(var sList:TStrings);
type
PObjectTypeInformation = ^TObjectTypeInformation;
TObjectTypeInformation = packed record
Name: Unicode_STRING;
ObjectCount, HandleCount: Cardinal;
Reserved1: array[0..3] of Cardinal;
PeakObjectCount, PeakHandleCount: Cardinal;
Reserved2: array[0..3] of Cardinal;
InvalidAttributes: Cardinal;
GenericMapping: TGenericMapping;
ValidAccess: Cardinal;
Unknown: UCHAR;
MaintainHandleDatabase: Boolean;
Reserved3: array[0..1] of UCHAR;
PoolType: Cardinal;
PagedPoolUsage, NonPagedPoolUsage: Cardinal;
end;
POBJECT_ALL_TYPES_INFORMATION = ^TOBJECT_ALL_TYPES_INFORMATION;
TOBJECT_ALL_TYPES_INFORMATION = record // Information Class 3
NumberOfTypes: DWORD;
TypeInformation: TObjectTypeInformation;
end;
TOBJECT_INFORMATION_CLASS = (
ObjectBasicInformation,
ObjectNameInformation,
ObjectTypeInformation,
ObjectAllTypesInformation,
ObjectHandleInformation);
PObjectNameInformation = ^TObjectNameInformation;
TObjectNameInformation = packed record
Name: UNICODE_STRING;
end;
PSystemHandleInformation = ^TSystemHandleInformation;
TSystemHandleInformation = packed record
ProcessId: DWORD;
ObjectTypeNumber: Byte;
Flags: Byte;
Handle: Word;
eObject: Pointer;
GrantedAccess: ACCESS_MASK;
end;
PSystemHandleInformation_Ex = ^TSystemHandleInformation_Ex;
TSystemHandleInformation_Ex = packed record
NumberOfHandles: DWORD;
Information: TSystemHandleInformation;
end;
PNtQuerySystemInformation = function(SystemInformationClass: DWORD; SystemInformation: Pointer; SystemInformationLength: ULONG; ReturnLength: PULONG): DWORD; stdcall;
PNtQueryObject = function(ObjectHandle: THANDLE;
ObjectInformationClass: TOBJECT_INFORMATION_CLASS;
ObjectInformation: Pointer;
ObjectInformationLength: DWORD;
ReturnLength: PDWORD): DWORD; stdcall;
var
_ModuleHandle, _Count, i: Dword;
_NtQueryObject: PNtQueryObject;
_ObjTypeInfo: POBJECT_ALL_TYPES_INFORMATION;
_P, _StrLen, _Size: DWORD;
_ObjName: string;
_NtQuerySystemInformation: PNtQuerySystemInformation;
pHandleInfor: PSystemHandleInformation_Ex;
_HandleInfor: PSystemHandleInformation;
_Name: PObjectNameInformation;
begin
_Count := 0;
_ModuleHandle := GetModuleHandle('ntdll.dll');
_NtQueryObject := GetProcAddress(_ModuleHandle, 'NtQueryObject');
_NtQuerySystemInformation := GetProcAddress(LoadLibrary('ntdll.dll'), 'NtQuerySystemInformation');
_Size := $4000;
GetMem(pHandleInfor, _Size);
while _NtQuerySystemInformation(16, pHandleInfor, _Size, nil) <> 0 do
begin
_Size := _Size + _Size;
ReallocMem(pHandleInfor, _Size);
end;
_Name := GetMemory($1000);
for I := 0 to pHandleInfor^.NumberOfHandles - 1 do
begin
_HandleInfor := PSystemHandleInformation(dword(pHandleInfor) + 4 + (i * SizeOf(TSystemHandleInformation)));
if (_HandleInfor^.ProcessId <> GetCurrentProcessId) then
begin
if _NtQueryObject(_HandleInfor^.Handle, ObjectNameInformation, _Name, $2000, nil) = 0 then
begin
_ObjName := WideCharToString(_Name.Name.Buffer);
sList.Add(IntToHex(Dword(_HandleInfor^.Handle), 8) + '-' + IntToStr(_HandleInfor^.ObjectTypeNumber) + ':' + _ObjName);
end;
end;
end;
end;
其中上面的UNICODE_STRING,是一个record,buffer是pwidechar,Length是word,MaximumLength也是word
如果不想这样动态调用内核Api
可以下载Jedi Api,完全翻译好头文件的,Delphi Pas
最后,希望高手能解决我的问题
无法获取其他进程完整的内核对象句柄表(包括Mutex),但可以获取本进程的
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- 《GOF设计模式》—装饰(DECORATOR)—Delphi源码示例:改变对象内核
- 遍历Windows系统的内核模块(源码)
- 内核对象句柄表
- <Linux内核源码>文件系统VFS内核4.0.4版本基本概念源码
- QT 源码之QT元对象系统和信号槽机制
- 【转】在MAC系统中编译ANDROID源码与模拟器内核GoldFish
- windows核心编程--内核对象和句柄泄漏
- [RT-Thread 源码分析] 3. 内核对象管理
- 进程间共享内核对象句柄[继承方式]
- 《GOF设计模式》—桥接(BRIDGE)—Delphi源码示例:创建正确的Implementor对象(缺省的实现)
- 编译Android系统源码和内核源码
- Windows源码分析 - 1.初始化内核与执行体子系统
- 《GOF设计模式》—工厂方法(Factory Method)—Delphi源码示例:延迟初始化对象
- windows笔记-跨越进程边界共享内核对象【复制对象句柄】
- NET多线程同步方法详解(四):系统内核对象 互斥对象(Mutex)
- 为什么CreateThread()调用创建线程时,系统设置线程内核对象的引用计数为1,在Create函数返回前是2
- 最近刚为公司完成的一款监视的小工具软件!用DELPHI 7 写的,可以从后台监控系统﹑键盘﹑鼠标﹑屏幕以及文件与目录!有源码!
- 【Linux 内核网络协议栈源码剖析】系统网络协议栈初始化及数据传输通道建立过程
- Windows内核对象句柄的继承小总结