My application sttops if I access a handle...

delphi package - easy access to kernel objects etc.
Post Reply
nildo
Posts: 249
Joined: Mon Mar 22, 2004 11:32 am
Contact:

My application sttops if I access a handle...

Post by nildo »

Hi mathias, Look at this code:

Code: Select all

procedure TfrmMain.Button1Click(Sender: TObject);
var
   nProc  :  Integer;
   nMod   : Integer;
   nHandle: Integer;
   OpenHan: THandle;
   DupHand: THandle;
   OptVal:  Array[1..10] Of Char;
   OptLen: Integer;
begin
   OptLen := SizeOf(OptVal);
   pbProc.Max := Processes.ItemCount;

   for nProc := 0 to Processes.ItemCount - 1 do
   begin
      pbProc.Position := nProc;
      Application.ProcessMessages;

      pbMod.Max := Processes.Items[ nProc ].Modules.ItemCount;

      for nMod := 0 to Processes.Items[ nProc ].Modules.ItemCount - 1 do
      begin
         pbMod.Position := nMod;
         Application.ProcessMessages;

         if LowerCase( ExtractFileName( Processes.Items[ nProc ].Modules.Items[ nMod ].FileName ) ) = 'ws2_32.dll' then
         begin
            OpenHan := OpenProcess( PROCESS_ALL_ACCESS, False, Processes.Items[ nProc ].ID );

            if OpenHan <> 0 then
            begin

               pbHandle.Max := Processes.Items[ nProc ].Handles.ItemCount;

               for nHandle := 0 to Processes.Items[ nProc ].Handles.ItemCount - 1 do
               begin

                  pbHandle.Position := nHandle;
                  Application.ProcessMessages;

                  if DuplicateHandle( OpenHan, Processes.Items[ nProc ].Handles.Items[ nHandle ].Handle, GetCurrentProcess, @Duphand, 0, False, DUPLICATE_SAME_ACCESS ) then
                  begin
                     Application.ProcessMessages;

                     if getsockopt( DupHand, IPPROTO_TCP, SO_ACCEPTCONN, PChar( @OptVal ), OptLen ) = 0 then
                        ShowMessage( Processes.Items[ nProc ].ExeFile );

                     CloseHandle( DupHand );
                  end;
               end;
            end;

            CloseHandle( OpenHan );
            Break;
         end;
      end;
   end;
end;
This code do the following:
Passes over all running process and check if they have the module "ws2_32.dll" attatched to it. If true then I Open this process using OpenProcess and I pass over all the handles, duplicating them and using "getsockopt" to check if its a valid socket handle. But, its not always, just in some process and in some handles. There are handles that accepts normaly but there are handles that my application freezes when I try to "getsockopt" in this handle. Why does this happens? Can you explain me why?
madshi
Site Admin
Posts: 10754
Joined: Sun Mar 21, 2004 5:25 pm

Re: My application sttops if I access a handle...

Post by madshi »

[quote="nildo"]Hi nildo, first let me optimize the code a bit. You're calling "Processes" multiple times. Each time you call it madKernel has to return a new IProcesses interface instance and internally has to enumerate all processes again. This is very bad for performance. Instead use "Processes" only once - much faster:

Code: Select all

procedure Button1Click(Sender: TObject);
var nProc   : Integer;
    nHandle : Integer;
    OptVal  : array[1..10] Of Char;
    OptLen  : Integer;
begin
   OptLen := SizeOf(OptVal);
   with Processes do begin
      pbProc.Max := ItemCount;
      for nProc := 0 to ItemCount - 1 do
         with Items[nProc] do begin
            pbProc.Position := nProc;
            Application.ProcessMessages;
            if Module('ws2_32.dll').IsValid then
               with Handles do begin
                  pbHandle.Max := ItemCount;
                  for nHandle := 0 to ItemCount - 1 do begin
                     pbHandle.Position := nHandle;
                     Application.ProcessMessages;
                     if Items[nHandle].ObjType in [otSocket, otFile] then
                        with Items[nHandle].Duplicate do
                           if IsValid then begin
                              Application.ProcessMessages;
                              if getsockopt( Handle, IPPROTO_TCP, SO_ACCEPTCONN, PChar( @OptVal ), OptLen ) = 0 then
                                 ShowMessage( ExeFile );
                           end;
                  end;
               end;
         end;
   end;
end;
I've also done some other optimizations (replacing some win32 API calls by madKernel methods). Does my optimized code freeze, too?
nildo
Posts: 249
Joined: Mon Mar 22, 2004 11:32 am
Contact:

Post by nildo »

:o :o :o :crazy: :o :crazy: :o :o :o
Wow thats incredible! All that I need is in

ObjType in [otSocket]

It worked perfectly, thank you a Lot!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
nildo
Posts: 249
Joined: Mon Mar 22, 2004 11:32 am
Contact:

Post by nildo »

Just a question... If the DLL was loaded dynamically , will Module('ws2_32.dll').IsValid return me True?
madshi
Site Admin
Posts: 10754
Joined: Sun Mar 21, 2004 5:25 pm

Post by madshi »

Yes.
nildo
Posts: 249
Joined: Mon Mar 22, 2004 11:32 am
Contact:

Post by nildo »

Thank you!

Mathias, the application keeps freezing if I change that GetSockOpt with my function

Code: Select all

function GetIPInfo(aSocket: Integer): TIpInfo;
var
  addr: TSockAddrIn;
  addrlen: integer;
  wsadata: TWSAData;
begin
   WSAStartup( $101, wsadata );

   try
      addrlen := sizeof(addr);
      getsockname(aSocket,addr,addrlen);
      Result.IPLocal := inet_ntoa(addr.sin_addr);
      Result.PORTALocal := ntohs(addr.sin_port);

      getPeername(aSocket,addr,addrlen);
      Result.IPRemoto := inet_ntoa(addr.sin_addr);
      Result.PORTARemota := ntohs(addr.sin_port);
   finally
      WSACleanup;
   end;
end;
:cry:
madshi
Site Admin
Posts: 10754
Joined: Sun Mar 21, 2004 5:25 pm

Post by madshi »

In the NT family ask "KernelObj.ObjTypeStr". It should be "Socket", I believe. Please check for which object the freeze occurs. Is it really a socket?
nildo
Posts: 249
Joined: Mon Mar 22, 2004 11:32 am
Contact:

Post by nildo »

In NT family its "File". It should not be socket because on your help its saying that on NT Family it should be of the type otFile instead of otSocket. But I've checked the ObjTypeStr is "File".
madshi
Site Admin
Posts: 10754
Joined: Sun Mar 21, 2004 5:25 pm

Post by madshi »

Please check a *real* socket handle. Which ObjTypeStr does that have? I think ObjType is otFile, but ObjTypeStr might show the "real" object type (at least I hope so).
nildo
Posts: 249
Joined: Mon Mar 22, 2004 11:32 am
Contact:

Post by nildo »

Mathias, I think I've found the problem... When it freezes the "KernelObj.ObjName" is blank. So I've put the "if IsValid and ( KernelObj.ObjName <> '' ) then" and now does not freezes
nildo
Posts: 249
Joined: Mon Mar 22, 2004 11:32 am
Contact:

Post by nildo »

Mathias, KernelObj.ObjName works only on NT based system, as your help is saying. But on windows 9x, will this function return me blank? I can not do these tests here because we don't have win9x here...
madshi
Site Admin
Posts: 10754
Joined: Sun Mar 21, 2004 5:25 pm

Post by madshi »

ObjName will return an empty string an error "ERROR_CALL_NOT_IMPLEMENTED" in win9x.
Post Reply