Closing a handle of another process.

delphi package - getting into other processes

Closing a handle of another process.

Postby nildo » Tue Sep 28, 2004 4:25 pm

Hello mathias and everyone!
I'm trying to close a handle from another process, and I decided that the best method of doing this is using RemoteExecute.

Heres the function that will be copied:

Code: Select all
function FecharHandle( params: Pointer ): dword; stdcall;
   CloseHandle( $11111111 );

Before I call RemoteExecute, I patch the function FecharHandle to close the correct handle instead of $11111111:

Code: Select all
   hProc := OpenProcess( PROCESS_ALL_ACCESS, False, GetCurrentProcessId );
   WriteProcessMemory( hProc, Pointer( Cardinal( @FecharHandle ) + 5 ), @HandleToClose, SizeOf( Cardinal ), Written  );
   CloseHandle( hProc );

And now I execute the function in the context of the other process:

Code: Select all
RemoteExecute( TargetHandle, FecharHandle, AnyCardinal )

RemoteExecute is returning True, but the handle didn't gets closed. Why? Do I have to patch the CloseHandle to call the original API or does RemoteExecute does that for me? Why this don't work?

Heres the disassembled version of my FecharHandle function:
Code: Select all
0054056C  /. 55             PUSH EBP
0054056D  |. 8BEC           MOV EBP,ESP
0054056F  |. 53             PUSH EBX
00540570  |. 68 11111111    PUSH 11111111                            ; /hObject = 11111111
00540575  |. E8 8A6AECFF    CALL <JMP.&kernel32.CloseHandle>         ; \CloseHandle
0054057A  |. 8BC3           MOV EAX,EBX
0054057C  |. 5B             POP EBX
0054057D  |. 5D             POP EBP
0054057E  \. C2 0400        RETN 4

Thank you!!!
Posts: 249
Joined: Mon Mar 22, 2004 11:32 am

Postby madshi » Tue Oct 05, 2004 6:27 am

As far as I see it "+ 5" is incorrect, it should be "+ 4". Also doing OpenProcess(..., GetCurrentProcessId) is wrong. You want to close a handle in a remote process, not in your own, right?

Anyway, you're doing more work than you need to!!!

Code: Select all
function FecharHandle(handle: dword): dword; stdcall;

  hProc := OpenProcess(PROCESS_ALL_ACCESS, False, remoteProcessId);
  RemoteExecute(hProc, @FecharHandle, AnyCardinal, pointer(handleToBeClosed));

That's it! You don't need to manipulate the FecharHandle function. Just let RemoteExecute transport the parameter for you.
Site Admin
Posts: 10225
Joined: Sun Mar 21, 2004 5:25 pm

Return to madRemote

Who is online

Users browsing this forum: No registered users and 2 guests