Jump to content
Sign in to follow this  
Lemonparty

Close handle inside running process

Recommended Posts

Lemonparty

Hello here, i want to ask, it's possible to close Handle inside already started process?
I think it something like this:
1. Get process name (we probably need to write it inside script manually, for example Notepad.exe)

2. Get process Handles, maybe this will do the job  WinAPI_EnumProcessHandles

3. Find the right one Handle and close it! (we  need to write Handle name manually, cause it's the same all time) https://www.autoitscript.com/autoit3/docs/libfunctions/_WinAPI_CloseHandle.htm

I think we need WinApi Closehandle, but i can't really make snippet, brains are confused

 

Easy example of how to make this by using Process Explorer by Microsoft

CGhfQ3x.png

Share this post


Link to post
Share on other sites
Tekk

I do not guarantee this snippet to be completely correct; for example I believe the 3rd argument of NtQueryObject is actually supposed to be a UNICODE_STRING structure (I found the MSDN documentation lacking), however it should point you in the right direction.

 

#include <WinAPIProc.au3>
#include <WinAPISys.au3>
#include <WinAPI.au3>

#include <ProcessConstants.au3>

Global Const $OBJECT_NAME = "ImmersiveColorMutex"
Global $g_nProcessId = ProcessExists("notepad.exe")

Global $g_aHandles = _WinAPI_EnumProcessHandles($g_nProcessId)
Global $g_hProcess, $g_sObject

For $i = 1 To $g_aHandles[0][0]
    $g_sObject = DllCall("Ntdll.dll", "INT", "NtQueryObject", "HANDLE", $g_aHandles[$i][0], "INT", 1, "WSTR", 0, "ULONG", 0x10000, "ULONG_PTR*", 0)[3]

    If StringInStr($g_sObject, $OBJECT_NAME) > 0 Then
        $g_hProcess = _WinAPI_OpenProcess($PROCESS_DUP_HANDLE, 0, $g_nProcessId)

        _WinAPI_DuplicateHandle($g_hProcess, $g_aHandles[$i][0], 0, 0, 0, $DUPLICATE_CLOSE_SOURCE)

        _WinAPI_CloseHandle($g_hProcess)

        ExitLoop  ; ?
    EndIf
Next

 

Edited by Tekk

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.