static void Main(string[] args)
{
CProcess CurrentProcess = new CProcess(), TargetProcess = new CProcess(Options.TargetProcess), ServProcess;
int counter = 0, maxCount = 1;
List <Service.HANDLE_INFO> HandleList = new List <Service.HANDLE_INFO>();
IntPtr hProcess = IntPtr.Zero;
switch (args.Length)
{
case 0:
CurrentProcess.SetPrivilege("SeDebugPrivilege", true);
CurrentProcess.SetPrivilege("SeTcbPrivilege", true);
TargetProcess.Wait(Options.DelayToWait);
if (TargetProcess.IsValidProcess())
{
HandleList = Service.ServiceEnumHandles(TargetProcess.GetPid(), Options.DesiredAccess);
if (HandleList.Count > 0)
{
foreach (Service.HANDLE_INFO enumerator in HandleList)
{
if (counter == maxCount)
{
break;
}
if (enumerator.Pid == Kernel32.GetCurrentProcessId())
{
continue;
}
ServProcess = new CProcess(enumerator.Pid);
if (Service.ServiceSetHandleStatus(ServProcess, (IntPtr)enumerator.hProcess, true, true) == true)
{
hProcess = Service.ServiceStartProcess(null, Directory.GetCurrentDirectory() + "\\" + Options.YourProcess + " " + enumerator.hProcess, null, true, ServProcess.GetHandle());
Service.ServiceSetHandleStatus(ServProcess, (IntPtr)enumerator.hProcess, false, false);
counter++;
}
if (hProcess != null)
{
Kernel32.CloseHandle(hProcess);
}
ServProcess.Close();
}
}
TargetProcess.Close();
}
CurrentProcess.SetPrivilege("SeDebugPrivilege", false);
CurrentProcess.SetPrivilege("SeTcbPrivilege", false);
break;
case 1:
Application.EnableVisualStyles();
Application.SetCompatibleTextRenderingDefault(false);
Application.Run(new HLeaker_GUI((IntPtr)(Convert.ToInt32(args[args.Length - 1]))));
break;
default:
break;
}
}
/// <summary>
/// This function enumrates the handles to our target process
/// </summary>
public static List <HANDLE_INFO> ServiceEnumHandles(int ProcessId, UInt32 DesiredAccess)
{
UInt32 status = 0;
IntPtr buffer = IntPtr.Zero, ipHandle = IntPtr.Zero;
int bufferSize = 0;
uint pId = 0;
List <HANDLE_INFO> handlelist = new List <HANDLE_INFO>();
IntPtr ProcessHandle = IntPtr.Zero, ProcessCopy = IntPtr.Zero;
ntdll.SYSTEM_HANDLE wHandles = new ntdll.SYSTEM_HANDLE();
HANDLE_INFO hi;
long lHandleCount = 0;
CProcess Process = null;
do
{
status = (UInt32)ntdll.NtQuerySystemInformation(0x10, buffer, bufferSize, ref bufferSize);
if (status != 0)
{
if (status == 0xc0000004)
{
if (buffer != null)
{
Kernel32.VirtualFree(buffer, bufferSize, 0x8000);
}
buffer = Kernel32.VirtualAlloc(IntPtr.Zero, bufferSize, 0x1000, 0x40);
continue;
}
break;
}
else
{
if (IntPtr.Size == 8)
{
lHandleCount = Marshal.ReadInt64(buffer);
ipHandle = new IntPtr(buffer.ToInt64() + 8);
}
else
{
lHandleCount = Marshal.ReadInt32(buffer);
ipHandle = new IntPtr(buffer.ToInt32() + 4);
}
for (long i = 0; i < lHandleCount; i++)
{
wHandles = new ntdll.SYSTEM_HANDLE();
if (IntPtr.Size == 8)
{
wHandles = (ntdll.SYSTEM_HANDLE)Marshal.PtrToStructure(ipHandle, wHandles.GetType());
ipHandle = new IntPtr(ipHandle.ToInt64() + Marshal.SizeOf(wHandles));
}
else
{
ipHandle = new IntPtr(ipHandle.ToInt64() + Marshal.SizeOf(wHandles));
wHandles = (ntdll.SYSTEM_HANDLE)Marshal.PtrToStructure(ipHandle, wHandles.GetType());
}
if (wHandles.ObjectTypeNumber == 7 &&
wHandles.ProcessID != Kernel32.GetCurrentProcessId() &&
(((uint)(wHandles.GrantedAccess) & DesiredAccess)) == DesiredAccess)
{
if (Options.UseDuplicateHandle == true)
{
ProcessHandle = Kernel32.OpenProcess(0x0040, false, wHandles.ProcessID);
if (Kernel32.DuplicateHandle(ProcessHandle, (IntPtr)(wHandles.Handle), Kernel32.GetCurrentProcess(), ref ProcessCopy, 0x0400, false, 0))
{
if (Kernel32.GetProcessId(ProcessCopy) == ProcessId &&
wHandles.ProcessID != ProcessId)
{
hi = new HANDLE_INFO(wHandles.ProcessID, (IntPtr)wHandles.Handle);
handlelist.Add(hi);
}
}
if (ProcessHandle != IntPtr.Zero)
{
Kernel32.CloseHandle(ProcessHandle);
}
if (ProcessCopy != IntPtr.Zero)
{
Kernel32.CloseHandle(ProcessCopy);
}
}
else
{
Process = new CProcess(wHandles.ProcessID, 0x1fffff);
if (Process.IsValidProcess() && ServiceGetProcessId(Process, (IntPtr)wHandles.Handle, ref pId))
{
if (pId == ProcessId)
{
hi = new HANDLE_INFO(wHandles.ProcessID, (IntPtr)wHandles.Handle);
handlelist.Add(hi);
}
}
if (Process.IsValidProcess())
{
Process.Close();
}
}
}
}
break;
}
} while (true);
if (buffer != null)
{
Kernel32.VirtualFree(buffer, bufferSize, 0x8000);
}
return(handlelist);
}