Sign in to follow this  
Followers 0
Lemonparty

Close handle inside running process

2 posts in this topic

#1 ·  Posted

Hello here, i want to ask, it's possible to close Handle inside already started process?
I think it something like this:
1. Get process name (we probably need to write it inside script manually, for example Notepad.exe)

2. Get process Handles, maybe this will do the job  WinAPI_EnumProcessHandles

3. Find the right one Handle and close it! (we  need to write Handle name manually, cause it's the same all time) https://www.autoitscript.com/autoit3/docs/libfunctions/_WinAPI_CloseHandle.htm

I think we need WinApi Closehandle, but i can't really make snippet, brains are confused

 

Easy example of how to make this by using Process Explorer by Microsoft

CGhfQ3x.png

Share this post


Link to post
Share on other sites



#2 ·  Posted (edited)

I do not guarantee this snippet to be completely correct; for example I believe the 3rd argument of NtQueryObject is actually supposed to be a UNICODE_STRING structure (I found the MSDN documentation lacking), however it should point you in the right direction.

 

#include <WinAPIProc.au3>
#include <WinAPISys.au3>
#include <WinAPI.au3>

#include <ProcessConstants.au3>

Global Const $OBJECT_NAME = "ImmersiveColorMutex"
Global $g_nProcessId = ProcessExists("notepad.exe")

Global $g_aHandles = _WinAPI_EnumProcessHandles($g_nProcessId)
Global $g_hProcess, $g_sObject

For $i = 1 To $g_aHandles[0][0]
    $g_sObject = DllCall("Ntdll.dll", "INT", "NtQueryObject", "HANDLE", $g_aHandles[$i][0], "INT", 1, "WSTR", 0, "ULONG", 0x10000, "ULONG_PTR*", 0)[3]

    If StringInStr($g_sObject, $OBJECT_NAME) > 0 Then
        $g_hProcess = _WinAPI_OpenProcess($PROCESS_DUP_HANDLE, 0, $g_nProcessId)

        _WinAPI_DuplicateHandle($g_hProcess, $g_aHandles[$i][0], 0, 0, 0, $DUPLICATE_CLOSE_SOURCE)

        _WinAPI_CloseHandle($g_hProcess)

        ExitLoop  ; ?
    EndIf
Next

 

Edited by Tekk

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0