获取进程句柄名称

getting process handle name

本文关键字:取进程句柄      更新时间:2023-10-16

我正在尝试获取进程句柄的名称。我遍历所有句柄的列表,并尝试像这样获取名称:

void SystemHandle::GetHandleName()
{
    HANDLE hFake;
    char* objectName = NULL;
    if (NT_SUCCESS(DuplicateHandle(this->process, this->GetNativeHandle(), GetCurrentProcess(), &hFake, 0, FALSE, DUPLICATE_SAME_ACCESS)))
    {
        POBJECT_TYPE_INFORMATION typeInfo = (POBJECT_TYPE_INFORMATION)new BYTE[0x1000];
        PUNICODE_STRING nameInfo = (PUNICODE_STRING)new BYTE[0x1000];
        DWORD read;
        NTSTATUS status = NtQueryObject(hFake, ObjectTypeInformation, typeInfo, 0x1000, &read);
        std::cout << "NtQueryObject: " << status << ", Success: " << NT_SUCCESS(status) << "n";
        objectName = new char[nameInfo->Length];
        if (NT_SUCCESS(status) && nameInfo->Length > 0)
        {
            std::cout << "nameInfo length: " << nameInfo->Length << "n";
            std::cout << "objectName size: " << sizeof(objectName) << "n";
            std::cout << "nameInfo buffer: " << sizeof(nameInfo->Buffer) << "n";
            WideToChar(objectName, nameInfo->Buffer);
            strcpy_s(this->handleName, objectName);
        }
        delete nameInfo;
        delete typeInfo;
    }
    if (hFake) CloseHandle(hFake);
}

void WideToChar(char* Dest, const WCHAR* Source)
{
    int i = 0;
    // get each char from Source and put it in Dest
    while(Source[i] != '')
    {
        Dest[i] = (CHAR)Source[i];
        ++i;
    }
    Dest[i] = ''; // create the end
}

我的问题始于WideToChar(objectName, nameInfo->Buffer);当我到达while(Source[i] != '')时。
然后我会得到以下错误

Unhandled exception at 0x00406CE5 in application.
exe: 0xC0000005: Access violation reading location 0xBAADF00D.

nameInfo 变量分配内存,但不对其进行初始化。因此,当您尝试使用它时,nameInfo->Buffer包含0xBAADF00D - Microsoft未初始化堆内存的幻数。然后,您将获得访问冲突。您还应该使用WideCharToMultibyte函数进行字符串转换。

    while(Source[i] != '')
    {
        Dest[i] = (CHAR)Source[i];
        ++i;
    }

在 if 条件内:

if(Source != NULL){
}
相关文章: