|
| 1 | +#include "_global.h" |
| 2 | +#include "debugger.h" |
| 3 | +#include "TitanEngine\TitanEngine.h" |
| 4 | + |
| 5 | +struct SYSTEM_HANDLE_INFORMATION{ |
| 6 | + ULONG ProcessId; |
| 7 | + UCHAR ObjectTypeNumber; |
| 8 | + UCHAR Flags; |
| 9 | + USHORT Handle; |
| 10 | + PVOID Object; |
| 11 | + DWORD GrantedAccess; |
| 12 | +}; |
| 13 | + |
| 14 | +struct OBJECT_TYPE_INFORMATION |
| 15 | +{ |
| 16 | + UNICODE_STRING Name; |
| 17 | + ULONG TotalNumberOfObjects; |
| 18 | + ULONG TotalNumberOfHandles; |
| 19 | + ULONG TotalPagedPoolUsage; |
| 20 | + ULONG TotalNonPagedPoolUsage; |
| 21 | + ULONG TotalNamePoolUsage; |
| 22 | + ULONG TotalHandleTableUsage; |
| 23 | + ULONG HighWaterNumberOfObjects; |
| 24 | + ULONG HighWaterNumberOfHandles; |
| 25 | + ULONG HighWaterPagedPoolUsage; |
| 26 | + ULONG HighWaterNonPagedPoolUsage; |
| 27 | + ULONG HighWaterNamePoolUsage; |
| 28 | + ULONG HighWaterHandleTableUsage; |
| 29 | + ULONG InvalidAttributes; |
| 30 | + GENERIC_MAPPING GenericMapping; |
| 31 | + ULONG ValidAccess; |
| 32 | + BOOLEAN SecurityRequired; |
| 33 | + BOOLEAN MaintainHandleCount; |
| 34 | + USHORT MaintainTypeList; |
| 35 | + DWORD PoolType; |
| 36 | + ULONG PagedPoolUsage; |
| 37 | + ULONG NonPagedPoolUsage; |
| 38 | +}; |
| 39 | + |
| 40 | +struct MYHANDLES{ |
| 41 | + DWORD_PTR HandleCount; |
| 42 | + SYSTEM_HANDLE_INFORMATION Handles[1]; |
| 43 | +}; |
| 44 | + |
| 45 | +#ifdef _WIN64 |
| 46 | +DWORD (*NtQuerySystemInformation)(DWORD SystemInfoClass, void* SystemInfo, DWORD SystemInfoSize, DWORD* ReturnedSize) = nullptr; |
| 47 | +#else //x86 |
| 48 | +DWORD(__stdcall *NtQuerySystemInformation)(DWORD SystemInfoClass, void* SystemInfo, DWORD SystemInfoSize, DWORD* ReturnedSize) = nullptr; |
| 49 | +#endif //_WIN64 |
| 50 | +#ifdef _WIN64 |
| 51 | +DWORD (*NtQueryObject)(HANDLE ObjectHandle, ULONG ObjectInformationClass, PVOID ObjectInformation, ULONG ObjectInformationLength, PULONG ReturnLength) = nullptr; |
| 52 | +#else //x86 |
| 53 | +DWORD(__stdcall *NtQueryObject)(HANDLE ObjectHandle, ULONG ObjectInformationClass, PVOID ObjectInformation, ULONG ObjectInformationLength, PULONG ReturnLength) = nullptr; |
| 54 | +#endif //_WIN64 |
| 55 | + |
| 56 | +extern "C" DLL_EXPORT long _dbg_enumhandles(duint* handles, unsigned char* typeNumbers, unsigned int* grantedAccess, unsigned int maxcount) |
| 57 | +{ |
| 58 | + MYHANDLES* myhandles = (MYHANDLES*)emalloc(16384, "_dbg_enumhandles"); |
| 59 | + DWORD size = 16384; |
| 60 | + DWORD errcode = 0xC0000004; |
| 61 | + if (NtQuerySystemInformation == nullptr) |
| 62 | + *(FARPROC*)&NtQuerySystemInformation = GetProcAddress(GetModuleHandleW(L"ntdll.dll"), "NtQuerySystemInformation"); |
| 63 | + while (errcode == 0xC0000004) |
| 64 | + { |
| 65 | + errcode = NtQuerySystemInformation(16, myhandles, size, &size); |
| 66 | + if (errcode == 0xC0000004) |
| 67 | + { |
| 68 | + myhandles = (MYHANDLES*)erealloc(myhandles, size + 16384, "_dbg_enumhandles"); |
| 69 | + size += 16384; |
| 70 | + } |
| 71 | + else |
| 72 | + { |
| 73 | + break; |
| 74 | + } |
| 75 | + } |
| 76 | + if (errcode != 0) |
| 77 | + { |
| 78 | + efree(myhandles, "_dbg_enumhandles"); |
| 79 | + return 0; |
| 80 | + } |
| 81 | + else |
| 82 | + { |
| 83 | + unsigned int j = 0; |
| 84 | + for (unsigned int i = 0; i < myhandles->HandleCount; i++) |
| 85 | + { |
| 86 | + DWORD pid = fdProcessInfo->dwProcessId; |
| 87 | + if (myhandles->Handles[i].ProcessId == pid) |
| 88 | + { |
| 89 | + handles[j] = myhandles->Handles[j].Handle; |
| 90 | + typeNumbers[j] = myhandles->Handles[j].ObjectTypeNumber; |
| 91 | + grantedAccess[j] = myhandles->Handles[j].GrantedAccess; |
| 92 | + if (++j == maxcount) break; |
| 93 | + } |
| 94 | + } |
| 95 | + efree(myhandles, "_dbg_enumhandles"); |
| 96 | + return j; |
| 97 | + } |
| 98 | +} |
| 99 | + |
| 100 | +extern "C" DLL_EXPORT bool _dbg_gethandlename(char *name, char* typeName, size_t buffersize, duint remotehandle) |
| 101 | +{ |
| 102 | + HANDLE hLocalHandle; |
| 103 | + if (typeName && DuplicateHandle(fdProcessInfo->hProcess, (HANDLE)remotehandle, GetCurrentProcess(), &hLocalHandle, DUPLICATE_SAME_ACCESS, FALSE, 0)) |
| 104 | + { |
| 105 | + OBJECT_TYPE_INFORMATION* objectTypeInfo = (OBJECT_TYPE_INFORMATION*)emalloc(128, "_dbg_gethandlename"); |
| 106 | + if (NtQueryObject == nullptr) |
| 107 | + *(FARPROC*)&NtQueryObject = GetProcAddress(GetModuleHandleW(L"ntdll.dll"), "NtQueryObject"); |
| 108 | + if (NtQueryObject(hLocalHandle, 2, objectTypeInfo, 128, NULL) >= 0) |
| 109 | + strcpy_s(typeName, buffersize, StringUtils::Utf16ToUtf8(objectTypeInfo->Name.Buffer).c_str()); |
| 110 | + efree(objectTypeInfo, "_dbg_gethandlename"); |
| 111 | + CloseHandle(hLocalHandle); |
| 112 | + } |
| 113 | + wchar_t *buffer; |
| 114 | + buffer = (wchar_t*)HandlerGetHandleNameW(fdProcessInfo->hProcess, fdProcessInfo->dwProcessId, (HANDLE)remotehandle, false); |
| 115 | + if (buffer) |
| 116 | + { |
| 117 | + strcpy_s(name, buffersize, StringUtils::Utf16ToUtf8(buffer).c_str()); |
| 118 | + VirtualFree(buffer, 0, MEM_RELEASE); |
| 119 | + return true; |
| 120 | + } |
| 121 | + return true; |
| 122 | +} |
0 commit comments