I don't know where can I post but I think it will be ok here.
I tried to write a clone of Unlocker, my code below:
Code: Select all
type
PSYSTEM_HANDLE_INFORMATION = ^SYSTEM_HANDLE_INFORMATION;
SYSTEM_HANDLE_INFORMATION = packed record
ProcessId: dword;
ObjectTypeNumber: byte;
Flags: byte;
Handle: word;
pObject: pointer;
GrantedAccess: dword;
end;
PSYSTEM_HANDLE_INFORMATION_EX = ^SYSTEM_HANDLE_INFORMATION_EX;
SYSTEM_HANDLE_INFORMATION_EX = packed record
NumberOfHandles: dword;
Information: array [0..0] of SYSTEM_HANDLE_INFORMATION;
end;
PUnicodeString = ^TUnicodeString;
TUnicodeString = packed record
Length: Word;
MaximumLength: Word;
Buffer: PWideChar;
end;
const OB_TYPE_FILE = 28;
SystemHandleInformation = 16;
function ZwQueryObject(ObjectHandle: THandle;
ObjectInformationClass: integer; ObjectInformation:Pointer;
Length: ULONG; ReturnLength: PULONG): cardinal; stdcall;
external 'ntdll.dll';
Function ZwQuerySystemInformation(ASystemInformationClass: dword;
ASystemInformation: Pointer;
ASystemInformationLength: dword;
AReturnLength:PCardinal): cardinal;
stdcall;external 'ntdll.dll';
Function GetInfoTable(ATableType:dword):Pointer;
var
mSize: dword;
mPtr: pointer;
St: cardinal;
begin
Result := nil;
mSize := $4000;
repeat
mPtr := VirtualAlloc(nil, mSize, MEM_COMMIT or MEM_RESERVE, PAGE_READWRITE);
if mPtr = nil then Exit;
St := ZwQuerySystemInformation(ATableType, mPtr, mSize, nil);
if St = cardinal($C0000004) then
begin
VirtualFree(mPtr, 0, MEM_RELEASE);
mSize := mSize * 2;
end;
until St <> cardinal($C0000004);
if St = 0
then Result := mPtr
else VirtualFree(mPtr, 0, MEM_RELEASE);
end;
function Unlock(FileName:string):boolean;
var inf:PSYSTEM_HANDLE_INFORMATION_EX;
i:integer;
process,h:cardinal;
p:pointer;
buf:array[0..max_path] of char;
s:string;
begin
result:=false;
p:=GetMemory(max_path);
ZeroMemory(p,max_path);
QueryDosDevice(PChar(ExtractFileDrive('c:\1.txt')),@buf,SizeOf(buf));
s:=FileName;
Delete(s,1,2);
s:=buf+s;
inf:=GetInfoTable(SystemHandleInformation);
for i:=0 to inf.NumberOfHandles-1 do begin
if inf.Information[i].ObjectTypeNumber=OB_TYPE_FILE then begin
process:=OpenProcess(PROCESS_DUP_HANDLE,false,inf.Information[i].ProcessId);
DuplicateHandle(process,inf.Information[i].Handle,getcurrentprocess,
@h,0,false,DUPLICATE_SAME_ACCESS);
ZwQueryObject(h,1,p,max_path,nil);
if s=WideCharToString(TUnicodeString(p^).Buffer) then
begin
CloseHandle(h);
if DuplicateHandle(process,inf.Information[i].Handle,GetCurrentProcess,
@h,0,false,DUPLICATE_CLOSE_SOURCE) then result:=true;
end;
ZeroMemory(p,max_path);
CloseHandle(h);
CloseHandle(process);
end;
end;
end;
Code: Select all
ZwQueryObject(h,1,p,max_path,nil);
Is there anybody help me ?
Thank you