delphi package - easy access to kernel objects etc.
enoder
Posts: 4 Joined: Mon Apr 11, 2005 4:19 pm
Post
by enoder » Mon Apr 11, 2005 4:21 pm
Hi,
Is there any way to get the process ID of the process that is currently locking a Mutex?
Thanks
madshi
Site Admin
Posts: 10766 Joined: Sun Mar 21, 2004 5:25 pm
Post
by madshi » Tue Apr 12, 2005 6:47 am
enoder
Posts: 4 Joined: Mon Apr 11, 2005 4:19 pm
Post
by enoder » Tue Apr 12, 2005 2:32 pm
Thanks but that only gives me
Mutant_basic_information
LONG CurrentCount;
BOOLEAN OwnedByCaller;
BOOLEAN AbandonedState;
I know that thie can be done somehow, because if you look at process explorer by sysinternals they can display it.
Anymore ideas?
madshi
Site Admin
Posts: 10766 Joined: Sun Mar 21, 2004 5:25 pm
Post
by madshi » Tue Apr 12, 2005 3:10 pm
Ah yes, I thought the "owned" field would contain a thread ID, but I was wrong.
Probably you can ask the owner somehow by using some of the native APIs. NtQueryMutex or something like that. Don't know the details, though.
enoder
Posts: 4 Joined: Mon Apr 11, 2005 4:19 pm
Post
by enoder » Fri Apr 15, 2005 10:18 pm
Can I use your hooking API to hook calls to create WaitForSingleObject and ReleaseMutex?
If so can I hook these calls from a specific dll ?
If I can do both of the above I can track who currently owns the mutex, by recording the process id of the process calling that function in that dll.
Thanks
madshi
Site Admin
Posts: 10766 Joined: Sun Mar 21, 2004 5:25 pm
Post
by madshi » Sat Apr 16, 2005 8:00 am
You can hook those APIs, however please be aware that these APIs are called *very* often. They're also often called by madCodeHook itself. So be cautious that you don't create endless recursion. E.g. if you hook WaitForSingleObject and if you then call WaitForSingleObject in the hook callback function, then you have endless recursion. Same thing if you call something in the hook callback function which internally calls WaitForSingleObject. E.g. I think you can't use madCodeHook's IPC functionality inside of a WaitForSingleObject hook callback, cause that would result in endless recursion. Understand what I mean?
enoder
Posts: 4 Joined: Mon Apr 11, 2005 4:19 pm
Post
by enoder » Thu Apr 21, 2005 1:25 pm
Thanks for the reply, sounds like it may not be very efficient to Globally hook those API's - although I may have to use this method as a last resort.
madshi
Site Admin
Posts: 10766 Joined: Sun Mar 21, 2004 5:25 pm
Post
by madshi » Thu Apr 21, 2005 1:44 pm
It's definately not very efficient.