枚举进程句柄File,Section,Mutant,Timer关闭Mutex句柄实现游戏多开
枚举进程句柄File,Section,Mutant,Timer关闭Mutex句柄实现游戏多开2013-09-03 01:41472人阅读评论(0)收藏举报
标 题:枚举进程句柄File,Section,Mutant,Timer关闭Mutex句柄实现游戏多开
作 者: Y4ng
时 间: 2012-09-06 19:50:32 星期四
链 接:http://www.cnblogs.com/Y4ng/archive/2012/09/06/EnumProcessHandle_EnumMutex.html
相信做过游戏多开的朋友就会发现,很多游戏普遍使用互斥mutex来防止程序多开,说实话这种方式已经非常OUT了。但是由于时间和技术的沉淀关系,留下来的游戏依然会存在这种方式。 最近接触到一款游戏是N前非常火热的对战游戏,可以称为经典之作;它就是用的Mutant来实现游戏防止多开的,一般咱们测试的时候都是用Xuetr来关闭游戏,但是要作为成品发布不可能要求客户拿Xuetr来列进程对象句柄,关句柄吧~
网上搜索了半天都没有找到枚举进程句柄的例子,经过群里的大牛提点指到ZwQuerySystemInformationSystemHandleInformation 可以实现句柄枚举功能;经过一番搜索编码测试 于是有了本文代码;
view
plaincopy
/*头文件声明*/
typedefLONGNTSTATUS;
#defineSTATUS_INFO_LENGTH_MISMATCH((NTSTATUS)0xC0000004L)
#defineNT_SUCCESS(Status)((NTSTATUS)(Status)>=0)
typedefenum_SYSTEM_INFORMATION_CLASS{
SystemBasicInformation,//0YN
SystemProcessorInformation,//1YN
SystemPerformanceInformation,//2YN
SystemTimeOfDayInformation,//3YN
SystemNotImplemented1,//4YN
SystemProcessesAndThreadsInformation,//5YN
SystemCallCounts,//6YN
SystemConfigurationInformation,//7YN
SystemProcessorTimes,//8YN
SystemGlobalFlag,//9YY
SystemNotImplemented2,//10YN
SystemModuleInformation,//11YN
SystemLockInformation,//12YN
SystemNotImplemented3,//13YN
SystemNotImplemented4,//14YN
SystemNotImplemented5,//15YN
SystemHandleInformation,//16YN
SystemObjectInformation,//17YN
SystemPagefileInformation,//18YN
SystemInstructionEmulationCounts,//19YN
SystemInvalidInfoClass1,//20
SystemCacheInformation,//21YY
SystemPoolTagInformation,//22YN
SystemProcessorStatistics,//23YN
SystemDpcInformation,//24YY
SystemNotImplemented6,//25YN
SystemLoadImage,//26NY
SystemUnloadImage,//27NY
SystemTimeAdjustment,//28YY
SystemNotImplemented7,//29YN
SystemNotImplemented8,//30YN
SystemNotImplemented9,//31YN
SystemCrashDumpInformation,//32YN
SystemExceptionInformation,//33YN
SystemCrashDumpStateInformation,//34YY/N
SystemKernelDebuggerInformation,//35YN
SystemContextSwitchInformation,//36YN
SystemRegistryQuotaInformation,//37YY
SystemLoadAndCallImage,//38NY
SystemPrioritySeparation,//39NY
SystemNotImplemented10,//40YN
SystemNotImplemented11,//41YN
SystemInvalidInfoClass2,//42
SystemInvalidInfoClass3,//43
SystemTimeZoneInformation,//44YN
SystemLookasideInformation,//45YN
SystemSetTimeSlipEvent,//46NY
SystemCreateSession,//47NY
SystemDeleteSession,//48NY
SystemInvalidInfoClass4,//49
SystemRangeStartInformation,//50YN
SystemVerifierInformation,//51YY
SystemAddVerifier,//52NY
SystemSessionProcessesInformation//53YN
}SYSTEM_INFORMATION_CLASS;
typedefstruct_CLIENT_ID
{
HANDLEUniqueProcess;
HANDLEUniqueThread;
}CLIENT_ID,*PCLIENT_ID;
typedefstruct
{
USHORTLength;
USHORTMaxLen;
USHORT*Buffer;
}UNICODE_STRING,*PUNICODE_STRING;
typedefstruct_OBJECT_ATTRIBUTES
{
ULONGLength;
HANDLERootDirectory;
PUNICODE_STRINGObjectName;
ULONGAttributes;
PVOIDSecurityDescriptor;
PVOIDSecurityQualityOfService;
}OBJECT_ATTRIBUTES,*POBJECT_ATTRIBUTES;
typedefstruct_IO_COUNTERSEX{
LARGE_INTEGERReadOperationCount;
LARGE_INTEGERWriteOperationCount;
LARGE_INTEGEROtherOperationCount;
LARGE_INTEGERReadTransferCount;
LARGE_INTEGERWriteTransferCount;
LARGE_INTEGEROtherTransferCount;
}IO_COUNTERSEX,*PIO_COUNTERSEX;
typedefenum{
StateInitialized,
StateReady,
StateRunning,
StateStandby,
StateTerminated,
StateWait,
StateTransition,
StateUnknown
}THREAD_STATE;
typedefstruct_VM_COUNTERS{
SIZE_TPeakVirtualSize;
SIZE_TVirtualSize;
ULONGPageFaultCount;
SIZE_TPeakWorkingSetSize;
SIZE_TWorkingSetSize;
SIZE_TQuotaPeakPagedPoolUsage;
SIZE_TQuotaPagedPoolUsage;
SIZE_TQuotaPeakNonPagedPoolUsage;
SIZE_TQuotaNonPagedPoolUsage;
SIZE_TPagefileUsage;
SIZE_TPeakPagefileUsage;
}VM_COUNTERS;
typedefVM_COUNTERS*PVM_COUNTERS;
typedefstruct_SYSTEM_THREADS{
LARGE_INTEGERKernelTime;
LARGE_INTEGERUserTime;
LARGE_INTEGERCreateTime;
ULONGWaitTime;
PVOIDStartAddress;
CLIENT_IDClientId;
ULONGPriority;
ULONGBasePriority;
ULONGContextSwitchCount;
THREAD_STATEState;
ULONGWaitReason;
}SYSTEM_THREADS,*PSYSTEM_THREADS;
typedefstruct_SYSTEM_PROCESSES{//InformationClass5
ULONGNextEntryDelta;
ULONGThreadCount;
ULONGReserved1;
LARGE_INTEGERCreateTime;
LARGE_INTEGERUserTime;
LARGE_INTEGERKernelTime;
UNICODE_STRINGProcessName;
ULONGBasePriority;
ULONGProcessId;
ULONGInheritedFromProcessId;
ULONGHandleCount;
ULONGReserved2;
VM_COUNTERSVmCounters;
IO_COUNTERSEXIoCounters;//Windows2000only
SYSTEM_THREADSThreads;
}SYSTEM_PROCESSES,*PSYSTEM_PROCESSES;
typedefstruct_SYSTEM_HANDLE_INFORMATION
{
ULONGProcessId;
UCHARObjectTypeNumber;
UCHARFlags;
USHORTHandle;
PVOIDObject;
ACCESS_MASKGrantedAccess;
}SYSTEM_HANDLE_INFORMATION,*PSYSTEM_HANDLE_INFORMATION;
typedefenum_OBJECT_INFORMATION_CLASS{
ObjectBasicInformation,
ObjectNameInformation,
ObjectTypeInformation,
ObjectAllInformation,
ObjectDataInformation
}OBJECT_INFORMATION_CLASS;
typedefstruct_OBJECT_NAME_INFORMATION{
UNICODE_STRINGName;
}OBJECT_NAME_INFORMATION,*POBJECT_NAME_INFORMATION;
typedefNTSTATUS(NTAPI*NTQUERYOBJECT)(
_In_opt_HANDLEHandle,
_In_OBJECT_INFORMATION_CLASSObjectInformationClass,
_Out_opt_PVOIDObjectInformation,
_In_ULONGObjectInformationLength,
_Out_opt_PULONGReturnLength
);
typedefNTSTATUS
(NTAPI*ZWQUERYSYSTEMINFORMATION)(
INSYSTEM_INFORMATION_CLASSSystemInformationClass,
OUTPVOIDSystemInformation,
INULONGSystemInformationLength,
OUTPULONGReturnLengthOPTIONAL
);
ZWQUERYSYSTEMINFORMATIONZwQuerySystemInformation=(ZWQUERYSYSTEMINFORMATION)GetProcAddress(GetModuleHandle("ntdll.dll"),"ZwQuerySystemInformation");
NTQUERYOBJECTNtQueryObject=(NTQUERYOBJECT)GetProcAddress(GetModuleHandle("ntdll.dll"),"NtQueryObject");
view
plaincopy
/*功能函数体*/
int_tmain(intargc,_TCHAR*argv[])
{
DWORDdwSize=0;
PSYSTEM_HANDLE_INFORMATIONpmodule=NULL;
POBJECT_NAME_INFORMATIONpNameInfo;
POBJECT_NAME_INFORMATIONpNameType;
PVOIDpbuffer=NULL;
NTSTATUSStatus;
intnIndex=0;
DWORDdwFlags=0;
charszType={0};
charszName={0};
if(!ZwQuerySystemInformation)
{
gotoExit0;
}
pbuffer=VirtualAlloc(NULL,0x1000,MEM_COMMIT,PAGE_READWRITE);
if(!pbuffer)
{
gotoExit0;
}
Status=ZwQuerySystemInformation(SystemHandleInformation,pbuffer,0x1000,&dwSize);
if(!NT_SUCCESS(Status))
{
if(STATUS_INFO_LENGTH_MISMATCH!=Status)
{
gotoExit0;
}
else
{
//这里大家可以保证程序的正确性使用循环分配稍好
if(NULL!=pbuffer)
{
VirtualFree(pbuffer,0,MEM_RELEASE);
}
if(dwSize*2>0x4000000)//MAXSIZE
{
gotoExit0;
}
pbuffer=VirtualAlloc(NULL,dwSize*2,MEM_COMMIT,PAGE_READWRITE);
if(!pbuffer)
{
gotoExit0;
}
Status=ZwQuerySystemInformation(SystemHandleInformation,pbuffer,dwSize*2,NULL);
if(!NT_SUCCESS(Status))
{
gotoExit0;
}
}
}
pmodule=(PSYSTEM_HANDLE_INFORMATION)((PULONG)pbuffer+1);
dwSize=*((PULONG)pbuffer);
for(nIndex=0;nIndex<dwSize;nIndex++)
{
Status=NtQueryObject((HANDLE)pmodule.Handle,ObjectNameInformation,szName,512,&dwFlags);
if(!NT_SUCCESS(Status))
{
gotoExit0;
}
Status=NtQueryObject((HANDLE)pmodule.Handle,ObjectTypeInformation,szType,128,&dwFlags);
if(!NT_SUCCESS(Status))
{
gotoExit0;
}
pNameInfo=(POBJECT_NAME_INFORMATION)szName;
pNameType=(POBJECT_NAME_INFORMATION)szType;
printf("%wZ%wZ\n",pNameType,pNameInfo);
//匹配是否为需要关闭的句柄名称
if(0==wcscmp((wchar_t*)pNameType->Name.Buffer,L"Mutant"))
{
if(wcsstr((wchar_t*)pNameInfo->Name.Buffer,CLOSEMUTEXNAME))
{
CloseHandle((HANDLE)pmodule.Handle);
gotoExit0;
}
}
}
Exit0:
if(NULL!=pbuffer)
{
VirtualFree(pbuffer,0,MEM_RELEASE);
}
return0;
}
页:
[1]