Close handle inside running process

[Lemonparty]

Hello here, i want to ask, it's possible to close Handle inside already started process?
I think it something like this:
1. Get process name (we probably need to write it inside script manually, for example Notepad.exe)

2. Get process Handles, maybe this will do the job  WinAPI_EnumProcessHandles

3. Find the right one Handle and close it! (we  need to write Handle name manually, cause it's the same all time) https://www.autoitscript.com/autoit3/docs/libfunctions/_WinAPI_CloseHandle.htm

I think we need WinApi Closehandle, but i can't really make snippet, brains are confused

 

Easy example of how to make this by using Process Explorer by Microsoft

[Tekk]

I do not guarantee this snippet to be completely correct; for example I believe the 3rd argument of NtQueryObject is actually supposed to be a UNICODE_STRING structure (I found the MSDN documentation lacking), however it should point you in the right direction.

 

#include <WinAPIProc.au3>
#include <WinAPISys.au3>
#include <WinAPI.au3>

#include <ProcessConstants.au3>

Global Const $OBJECT_NAME = "ImmersiveColorMutex"
Global $g_nProcessId = ProcessExists("notepad.exe")

Global $g_aHandles = _WinAPI_EnumProcessHandles($g_nProcessId)
Global $g_hProcess, $g_sObject

For $i = 1 To $g_aHandles[0][0]
    $g_sObject = DllCall("Ntdll.dll", "INT", "NtQueryObject", "HANDLE", $g_aHandles[$i][0], "INT", 1, "WSTR", 0, "ULONG", 0x10000, "ULONG_PTR*", 0)[3]

    If StringInStr($g_sObject, $OBJECT_NAME) > 0 Then
        $g_hProcess = _WinAPI_OpenProcess($PROCESS_DUP_HANDLE, 0, $g_nProcessId)

        _WinAPI_DuplicateHandle($g_hProcess, $g_aHandles[$i][0], 0, 0, 0, $DUPLICATE_CLOSE_SOURCE)

        _WinAPI_CloseHandle($g_hProcess)

        ExitLoop  ; ?
    EndIf
Next

 

Edited August 28, 2017 by Tekk