代码拉取完成,页面将自动刷新
同步操作将从 Janisa/ComWeChatRobot 强制同步,此操作会覆盖自 Fork 仓库以来所做的任何修改,且无法恢复!!!
确定后同步将在后台操作,完成时将刷新页面,请耐心等待。
#include "pch.h"
#include "ntapi.h"
#pragma comment(lib,"ntdll.lib")
HMODULE hNtdll = GetModuleHandle(L"ntdll.dll");
pNtQuerySystemInformation NtQuerySystemInformation = (pNtQuerySystemInformation)GetProcAddress(hNtdll, "NtQuerySystemInformation");
pNtDuplicateObject NtDuplicateObject = (pNtDuplicateObject)GetProcAddress(hNtdll, "NtDuplicateObject");
pNtQueryObject NtQueryObject = (pNtQueryObject)GetProcAddress(hNtdll, "NtQueryObject");
BOOL CloseProcessHandle(DWORD pid, wchar_t* handlename) {
wstring name(handlename);
NTSTATUS status;
PSYSTEM_HANDLE_INFORMATION handleInfo;
ULONG handleInfoSize = 0x10000;
HANDLE processHandle, dupHandle;
POBJECT_TYPE_INFORMATION objectTypeInfo;
SYSTEM_HANDLE handle = { 0 };
bool thao = false;
wstring str = L"";
handleInfo = (PSYSTEM_HANDLE_INFORMATION)malloc(handleInfoSize);
while ((status = NtQuerySystemInformation(SystemHandleInformation, handleInfo, handleInfoSize, NULL)
) == STATUS_INFO_LENGTH_MISMATCH)
{
handleInfoSize *= 2;
PSYSTEM_HANDLE_INFORMATION tempinfo = (PSYSTEM_HANDLE_INFORMATION)realloc(handleInfo, (size_t)handleInfoSize);
if (tempinfo)
handleInfo = tempinfo;
}
if (handleInfo == NULL) {
return false;
}
for (ULONG i = 0; i < handleInfo->HandleCount; i++)
{
thao = false;
handle = handleInfo->Handles[i];
if (handle.ProcessId != pid)
continue;
processHandle = OpenProcess(PROCESS_DUP_HANDLE, FALSE, pid);
if (processHandle != NULL)
{
status = NtDuplicateObject(processHandle, (HANDLE)handle.Handle, GetCurrentProcess(), &dupHandle, 0, 0, 0);
if (status == 0)
{
objectTypeInfo = (POBJECT_TYPE_INFORMATION)malloc(0x2000);
if (NtQueryObject(dupHandle, ObjectTypeInformation, objectTypeInfo, 0x1000, NULL) == 0)
{
if (objectTypeInfo != NULL) {
str = wstring(objectTypeInfo->Name.Buffer);
}
if (str == L"Mutant")
{
NtQueryObject(dupHandle, ObjectNameInformation, objectTypeInfo, 0x1000, NULL);
if (objectTypeInfo != NULL) {
str = wstring(objectTypeInfo->Name.Buffer ? objectTypeInfo->Name.Buffer : L"");
}
if (str.find(name) != wstring::npos)
{
thao = true;
}
}
else if (str == L"Semaphore")
{
NtQueryObject(dupHandle, ObjectNameInformation, objectTypeInfo, 0x1000, NULL);
if (objectTypeInfo != NULL) {
str = wstring(objectTypeInfo->Name.Buffer ? objectTypeInfo->Name.Buffer : L"");
}
if (str.find(name) != wstring::npos)
{
thao = true;
}
}
}
CloseHandle(dupHandle);
free(objectTypeInfo);
objectTypeInfo = NULL;
if (thao == true)
{
HANDLE h_another_proc = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);
DuplicateHandle(h_another_proc, (HANDLE)handle.Handle, GetCurrentProcess(), &dupHandle, 0, FALSE, DUPLICATE_SAME_ACCESS | DUPLICATE_CLOSE_SOURCE); // ر
CloseHandle(dupHandle);
CloseHandle(h_another_proc);
}
}
CloseHandle(processHandle);
}
}
free(handleInfo);
handleInfo = NULL;
return thao;
}
此处可能存在不合适展示的内容,页面不予展示。您可通过相关编辑功能自查并修改。
如您确认内容无涉及 不当用语 / 纯广告导流 / 暴力 / 低俗色情 / 侵权 / 盗版 / 虚假 / 无价值内容或违法国家有关法律法规的内容,可点击提交进行申诉,我们将尽快为您处理。
马建仓 AI 助手