获取进程句柄名称
getting process handle name
我正在尝试获取进程句柄的名称。我遍历所有句柄的列表并尝试获取这样的名称:
void SystemHandle::GetHandleName()
{
HANDLE hFake;
char* objectName = NULL;
if (NT_SUCCESS(DuplicateHandle(this->process, this->GetNativeHandle(), GetCurrentProcess(), &hFake, 0, FALSE, DUPLICATE_SAME_ACCESS)))
{
POBJECT_TYPE_INFORMATION typeInfo = (POBJECT_TYPE_INFORMATION)new BYTE[0x1000];
PUNICODE_STRING nameInfo = (PUNICODE_STRING)new BYTE[0x1000];
DWORD read;
NTSTATUS status = NtQueryObject(hFake, ObjectTypeInformation, typeInfo, 0x1000, &read);
std::cout << "NtQueryObject: " << status << ", Success: " << NT_SUCCESS(status) << "\n";
objectName = new char[nameInfo->Length];
if (NT_SUCCESS(status) && nameInfo->Length > 0)
{
std::cout << "nameInfo length: " << nameInfo->Length << "\n";
std::cout << "objectName size: " << sizeof(objectName) << "\n";
std::cout << "nameInfo buffer: " << sizeof(nameInfo->Buffer) << "\n";
WideToChar(objectName, nameInfo->Buffer);
strcpy_s(this->handleName, objectName);
}
delete nameInfo;
delete typeInfo;
}
if (hFake) CloseHandle(hFake);
}
void WideToChar(char* Dest, const WCHAR* Source)
{
int i = 0;
// get each char from Source and put it in Dest
while(Source[i] != '[==]')
{
Dest[i] = (CHAR)Source[i];
++i;
}
Dest[i] = '[==]'; // create the end
}
当我到达 while(Source[i] != '[=3=]').
时,我的问题从 WideToChar(objectName, nameInfo->Buffer); 开始,然后我将得到以下 error :
Unhandled exception at 0x00406CE5 in application.
exe: 0xC0000005: Access violation reading location 0xBAADF00D.
环绕
while(Source[i] != '[=10=]')
{
Dest[i] = (CHAR)Source[i];
++i;
}
在 if 条件内:
if(Source != NULL){
}
您为 nameInfo 变量分配了内存,但没有对其进行初始化。因此,当您尝试使用它时,nameInfo->Buffer 包含 0xBAADF00D - 未初始化堆内存的 Microsoft 幻数。然后你会遇到访问冲突。您还应该使用 WideCharToMultibyte 函数进行字符串转换。
我正在尝试获取进程句柄的名称。我遍历所有句柄的列表并尝试获取这样的名称:
void SystemHandle::GetHandleName()
{
HANDLE hFake;
char* objectName = NULL;
if (NT_SUCCESS(DuplicateHandle(this->process, this->GetNativeHandle(), GetCurrentProcess(), &hFake, 0, FALSE, DUPLICATE_SAME_ACCESS)))
{
POBJECT_TYPE_INFORMATION typeInfo = (POBJECT_TYPE_INFORMATION)new BYTE[0x1000];
PUNICODE_STRING nameInfo = (PUNICODE_STRING)new BYTE[0x1000];
DWORD read;
NTSTATUS status = NtQueryObject(hFake, ObjectTypeInformation, typeInfo, 0x1000, &read);
std::cout << "NtQueryObject: " << status << ", Success: " << NT_SUCCESS(status) << "\n";
objectName = new char[nameInfo->Length];
if (NT_SUCCESS(status) && nameInfo->Length > 0)
{
std::cout << "nameInfo length: " << nameInfo->Length << "\n";
std::cout << "objectName size: " << sizeof(objectName) << "\n";
std::cout << "nameInfo buffer: " << sizeof(nameInfo->Buffer) << "\n";
WideToChar(objectName, nameInfo->Buffer);
strcpy_s(this->handleName, objectName);
}
delete nameInfo;
delete typeInfo;
}
if (hFake) CloseHandle(hFake);
}
void WideToChar(char* Dest, const WCHAR* Source)
{
int i = 0;
// get each char from Source and put it in Dest
while(Source[i] != '[==]')
{
Dest[i] = (CHAR)Source[i];
++i;
}
Dest[i] = '[==]'; // create the end
}
当我到达 while(Source[i] != '[=3=]').
时,我的问题从 WideToChar(objectName, nameInfo->Buffer); 开始,然后我将得到以下 error :
Unhandled exception at 0x00406CE5 in application.
exe: 0xC0000005: Access violation reading location 0xBAADF00D.
环绕
while(Source[i] != '[=10=]')
{
Dest[i] = (CHAR)Source[i];
++i;
}
在 if 条件内:
if(Source != NULL){
}
您为 nameInfo 变量分配了内存,但没有对其进行初始化。因此,当您尝试使用它时,nameInfo->Buffer 包含 0xBAADF00D - 未初始化堆内存的 Microsoft 幻数。然后你会遇到访问冲突。您还应该使用 WideCharToMultibyte 函数进行字符串转换。