public static Win32HardwareBreakpoint TrySet(SafeObjectHandle threadHandle,
HardwareBreakpointType type, HardwareBreakpointSize size, IntPtr address)
{
if (!RuntimeInformation.IsOSPlatform(OSPlatform.Windows) || IntPtr.Size != 8)
{
throw new PlatformNotSupportedException("Only 64 bit Windows is supported");
}
var breakpoint = new Win32HardwareBreakpoint {
Address = address,
Size = size,
Type = type,
ThreadHandle = threadHandle
};
bool self = threadHandle.DangerousGetHandle() == Win32Thread.GetCurrentThread().DangerousGetHandle();
if (self)
{
int threadID = GetCurrentThreadId();
breakpoint.ThreadHandle = Win32Thread.OpenThread(ThreadAccess.All, inheritHandle: false, threadID: threadID);
if (breakpoint.ThreadHandle.IsInvalid)
{
throw new Win32Exception();
}
}
breakpoint.CompletionEvent = Win32Event.CreateEvent(IntPtr.Zero, manualReset: false, initialState: false, name: null);
breakpoint.Op = Operation.Set;
Win32Thread.ThreadProc threadProc = Win32HardwareBreakpoint.th;
var th = Marshal.GetFunctionPointerForDelegate(threadProc);
var h = GCHandle.Alloc(breakpoint);
if (Win32Thread.CreateThread(IntPtr.Zero, UIntPtr.Zero, th,
parameter: (IntPtr)h, creationFlags: 0, out int _).IsInvalid)
{
throw new Win32Exception();
}
WaitForSingleObject(breakpoint.CompletionEvent, dwMilliseconds: Constants.INFINITE);
breakpoint.CompletionEvent.Dispose();
if (self)
{
breakpoint.ThreadHandle.Dispose();
}
breakpoint.ThreadHandle = threadHandle;
if (!breakpoint.SUCC)
{
h.Free();
return(null);
}
breakpoint.gcHandle = h;
GC.KeepAlive(threadProc);
return(breakpoint);
}
private static string GetHandleTypeToken(IntPtr handle, int processId)
{
IntPtr currentProcess = NativeMethods.GetCurrentProcess();
bool remote = (processId != NativeMethods.GetProcessId(currentProcess));
SafeProcessHandle processHandle = null;
SafeObjectHandle objectHandle = null;
try
{
if (remote)
{
processHandle = NativeMethods.OpenProcess(ProcessAccessRights.PROCESS_DUP_HANDLE, true, processId);
if (NativeMethods.DuplicateHandle(processHandle.DangerousGetHandle(), handle, currentProcess, out objectHandle, 0, false, DuplicateHandleOptions.DUPLICATE_SAME_ACCESS))
{
handle = objectHandle.DangerousGetHandle();
}
}
return(GetHandleTypeToken(handle));
}
finally
{
if (remote)
{
if (processHandle != null)
{
processHandle.Close();
}
if (objectHandle != null)
{
objectHandle.Close();
}
}
}
}
private static bool GetFileNameFromHandle(IntPtr handle, int processId, out string fileName)
{
IntPtr currentProcess = GetCurrentProcess();
bool remote = processId != GetProcessId(currentProcess);
SafeProcessHandle processHandle = null;
SafeObjectHandle objectHandle = null;
try
{
if (remote)
{
processHandle = OpenProcess(ProcessAccessRights.PROCESS_DUP_HANDLE, true, processId);
if (DuplicateHandle(processHandle.DangerousGetHandle(), handle, currentProcess, out objectHandle, 0, false, DuplicateHandleOptions.DUPLICATE_SAME_ACCESS))
{
handle = objectHandle.DangerousGetHandle();
}
}
return(GetFileNameFromHandle(handle, out fileName, 200));
}
finally
{
if (remote)
{
if (processHandle != null)
{
processHandle.Close();
}
if (objectHandle != null)
{
objectHandle.Close();
}
}
}
}
private static bool ExtractFileNameFromHandle(SYSTEM_HANDLE_ENTRY handleEntry, SafeHandle processHandle, out string fileName)
{
var handle = (IntPtr)handleEntry.HandleValue;
SafeObjectHandle duplicatedHandle = null;
try
{
if (!DuplicateHandle(handle, processHandle, out duplicatedHandle))
{
fileName = null;
return(false);
}
handle = duplicatedHandle.DangerousGetHandle();
if (GetHandleType(handle, out var handleType) && handleType == SystemHandleType.OB_TYPE_FILE)
{
if (GetFileNameFromHandle(handle, out var devicePath))
{
return(ConvertDevicePathToDosPath(devicePath, out fileName));
}
}
}
finally
{
duplicatedHandle?.Close();
}
fileName = null;
return(false);
}
public static void CreateProcessAsUser(SafeObjectHandle handle, string exePath, string cmdLine)
{
if (!string.IsNullOrEmpty(cmdLine))
{
cmdLine = " " + cmdLine;
}
IntPtr pEnv = IntPtr.Zero;
const int CREATE_UNICODE_ENVIRONMENT = 0x00000400;
const int NORMAL_PRIORITY_CLASS = 0x00000020;
const int CREATE_NEW_CONSOLE = 0x00000010;
int dwCreationFlags = NORMAL_PRIORITY_CLASS | CREATE_NEW_CONSOLE | CREATE_UNICODE_ENVIRONMENT;
if (!handle.IsInvalid)
{
CreateEnvironmentBlock(out pEnv, handle, true);
}
PROCESS_INFORMATION pi;
STARTUPINFOA si = new STARTUPINFOA();
si.cb = (uint)Marshal.SizeOf(si);
//si.lpDesktop = Marshal.StringToHGlobalAnsi("winsta0\\default");
si.lpDesktop = "winsta0\\default";
IntPtr pHandle = IntPtr.Zero;
if (!handle.IsInvalid)
{
pHandle = handle.DangerousGetHandle();
}
if (!CreateProcessAsUser(pHandle
, exePath
, cmdLine
, IntPtr.Zero //进程安全属性
, IntPtr.Zero // 线程安全属性
, false // 句柄不可继承
, (CreateProcessFlags)dwCreationFlags // 创建标识
, pEnv // 环境信息
, null // 当前路径
, ref si
, out pi))
{
var errorCode = GetLastError();
throw new Exception("CreateProcessAsUser 失败");
}
}
public static bool HandleAction(IntPtr handle, int processId, HandleDelegate handleDelegate,
params object[] args)
{
Process currentProcess = Process.GetCurrentProcess();
bool remote = (processId != currentProcess.Id);
SafeProcessHandle processHandle = null;
SafeObjectHandle objectHandle = null;
try
{
if (remote)
{
processHandle = NativeMethods.OpenProcess(ProcessAccessRights.DuplicateHandle, true, processId);
if (NativeMethods.DuplicateHandle(processHandle.DangerousGetHandle(), handle, currentProcess.Handle,
out objectHandle, 0, false,
DuplicateHandleOptions.SameAccess))
{
handle = objectHandle.DangerousGetHandle();
}
}
return(handleDelegate.Invoke(handle, args));
}
finally
{
if (remote)
{
if (processHandle != null)
{
processHandle.Close();
}
if (objectHandle != null)
{
objectHandle.Close();
}
}
}
}
public static bool GetFileNameFromHandle(IntPtr handle, int processId, out string fileName)
{
Process currentProcess = Process.GetCurrentProcess();
bool remote = (processId != currentProcess.Id);
SafeProcessHandle remoteProcessHandle = null;
SafeObjectHandle objectHandle = null;
try
{
if (remote)
{
remoteProcessHandle = NativeMethods.OpenProcess(ProcessAccessRights.DuplicateHandle, true, processId);
if (NativeMethods.DuplicateHandle(remoteProcessHandle.DangerousGetHandle(), handle, currentProcess.Handle,
out objectHandle, 0, false,
DuplicateHandleOptions.SameAccess))
{
handle = objectHandle.DangerousGetHandle();
}
}
return(GetFileNameFromHandle(handle, out fileName));
}
finally
{
if (remote)
{
if (remoteProcessHandle != null)
{
remoteProcessHandle.Close();
}
if (objectHandle != null)
{
objectHandle.Close();
}
}
}
}
static void FindHearthstoneProcess()
{
int[] pids = GetPids("Hearthstone.exe").ToArray();
if (pids.Length == 0)
{
Console.WriteLine("Couldn't find Hearthstone.exe");
return;
}
int pid = pids[0];
ACCESS_MASK accessMask = ProcessAccess.PROCESS_QUERY_INFORMATION | ProcessAccess.PROCESS_VM_READ;
using (SafeObjectHandle hProcess = OpenProcess(accessMask, false, pid))
{
if (hProcess.IsInvalid)
{
Console.WriteLine($"Hearthstone process handle is valid: {!hProcess.IsInvalid}");
return;
}
Console.WriteLine($"Hearthstone process handle is valid: {hProcess.DangerousGetHandle()}");
}
}