Hi. i have a question, can somebody share code like my title post in Delphi language?
here is my mean (example) :
that picture the Name is "\BaseNamedObject\LOADERF_MUTEX", here is my question.
i inject my dll into the process and how code to change the name "\BaseNamedObject\LOADERF_MUTEX" with "\BaseNamedObject\MUTEX" ?
Thanks a lot for answer my question, i need the code for my program
[Question] Replace FileName Handle by Mutant
Re: [Question] Replace FileName Handle by Mutant
I doubt that this is possible to do with documented APIs. I don't know how to do it with undocumented means, either...
Re: [Question] Replace FileName Handle by Mutant
thx for reply sir, and can you give a sample code?madshi wrote:I doubt that this is possible to do with documented APIs. I don't know how to do it with undocumented means, either...
this is my sample code for CloseHandle the handled by mutant
Code: Select all
procedure Test;
var
sDummy : string;
hProcess : THandle;
hObject : THandle;
ResultLength: DWORD;
aBufferSize : DWORD;
aIndex : Integer;
pHandleInfo : PSYSTEM_HANDLE_INFORMATION;
HDummy : THandle;
lpwsName : PWideChar;
lpwsType : PWideChar;
lpszProcess : PAnsiChar;
begin
try
NTQueryObject := GetProcAddress(GetModuleHandle('NTDLL.DLL'), 'NtQueryObject');
NTQuerySystemInformation := GetProcAddress(GetModuleHandle('NTDLL.DLL'), 'NtQuerySystemInformation');
if (@NTQuerySystemInformation<>nil) and (@NTQuerySystemInformation<>nil) then
AbufferSize := DefaulBUFFERSIZE;
pHandleInfo := AllocMem(AbufferSize);
HDummy := NTQuerySystemInformation(DWORD(SystemHandleInformation), pHandleInfo,AbufferSize, @ResultLength); //Get the list of handles
if(HDummy = STATUS_SUCCESS) then //If no error continue
begin
for aIndex:=0 to pHandleInfo^.uCount-1 do //iterate the list
begin
hProcess := OpenProcess(PROCESS_DUP_HANDLE or PROCESS_QUERY_INFORMATION or PROCESS_VM_READ, FALSE, pHandleInfo.Handles[aIndex].uIdProcess); //open the process to get aditional info
if(hProcess <> INVALID_HANDLE_VALUE) then //Check valid handle
begin
hObject := 0;
if DuplicateHandle(hProcess, pHandleInfo.Handles[aIndex].Handle,GetCurrentProcess(), @hObject, STANDARD_RIGHTS_REQUIRED,FALSE, 0) then //Get a copy of the original handle
begin
lpwsName := GetObjectInfo(hObject, ObjectNameInformation); //Get the filename linked to the handle
if (lpwsName <> nil) then
begin
lpwsType := GetObjectInfo(hObject, ObjectTypeInformation);
lpszProcess := AllocMem(MAX_PATH);
if GetModuleFileNameEx(hProcess, 0,lpszProcess, MAX_PATH)<>0 then //get the name of the process
sDummy:=ExtractFileName(lpszProcess)
else
sDummy:= 'System Process';
if lpwsName = '\BaseNamedObjects\LOADPERF_MUTEX' then
begin
ShowMessage('Found And Killed');
CloseHandle(pHandleInfo.Handles[aIndex].Handle);
end;
FreeMem(lpwsName);
FreeMem(lpwsType);
FreeMem(lpszProcess);
end;
CloseHandle(hObject);
end;
CloseHandle(hProcess);
end;
end;
end;
finally
FreeMem(pHandleInfo);
end;
end;
Re: [Question] Replace FileName Handle by Mutant
As I said, I don't know how. Of course you can create a new handle, but it's luck if it gets the same handle value, and I don't really know if that achieves what you want.