I'm trying to close a handle from another process, and I decided that the best method of doing this is using RemoteExecute.
Heres the function that will be copied:
Code: Select all
function FecharHandle( params: Pointer ): dword; stdcall;
begin
CloseHandle( $11111111 );
end;
Code: Select all
hProc := OpenProcess( PROCESS_ALL_ACCESS, False, GetCurrentProcessId );
WriteProcessMemory( hProc, Pointer( Cardinal( @FecharHandle ) + 5 ), @HandleToClose, SizeOf( Cardinal ), Written );
CloseHandle( hProc );
Code: Select all
RemoteExecute( TargetHandle, FecharHandle, AnyCardinal )
Heres the disassembled version of my FecharHandle function:
Code: Select all
0054056C /. 55 PUSH EBP
0054056D |. 8BEC MOV EBP,ESP
0054056F |. 53 PUSH EBX
00540570 |. 68 11111111 PUSH 11111111 ; /hObject = 11111111
00540575 |. E8 8A6AECFF CALL <JMP.&kernel32.CloseHandle> ; \CloseHandle
0054057A |. 8BC3 MOV EAX,EBX
0054057C |. 5B POP EBX
0054057D |. 5D POP EBP
0054057E \. C2 0400 RETN 4