Esempio n. 1
0
        public NhaamaHandle(IntPtr handle, NhaamaProcess process)
        {
            _handle  = handle;
            _process = process;

            IntPtr dupHandle = IntPtr.Zero;

            var status = NtDll.NtDuplicateObject(process.BaseProcess.Handle, handle, Process.GetCurrentProcess().Handle, out dupHandle, 0, false, DuplicateOptions.DUPLICATE_SAME_ACCESS);

            if (status != NtStatus.Success)
            {
                throw new Exception($"Could not duplicate handle. (NtStatus:{status.ToString()})");
            }

            var objectNameInformationPtr = NtDll.NtQueryObject(dupHandle, OBJECT_INFORMATION_CLASS.ObjectNameInformation);

            if (objectNameInformationPtr == IntPtr.Zero)
            {
                return;
            }

            var objInfo = Marshal.PtrToStructure <Native.Structs.OBJECT_NAME_INFORMATION>(objectNameInformationPtr);

            if (objInfo.Name.ToString() != null)
            {
                Name = objInfo.Name.ToString();
            }

            Marshal.FreeHGlobal(objectNameInformationPtr);
            NtDll.NtClose(dupHandle);
        }
Esempio n. 2
0
        public void Close()
        {
            //IntPtr hProcess = OpenProcess(ProcessAccessFlags.DupHandle, false, pid);
            IntPtr dupHandle = IntPtr.Zero;

            var status = NtDll.NtDuplicateObject(_process.BaseProcess.Handle, _handle, IntPtr.Zero, out dupHandle, 0, false, DuplicateOptions.DUPLICATE_CLOSE_SOURCE);

            NtDll.NtClose(dupHandle);

            if (status != NtStatus.Success)
            {
                throw new Exception($"Could not close handle. (NtStatus:{status.ToString()})");
            }
        }