本文主要是介绍获取句柄的详细信息:(原代码) http://blog.vckbase.com/bastet/archive/2005/03/31/4244.html,希望对大家解决编程问题提供一定的参考价值,需要的开发者们随着小编来一起学习吧!
一、驱动部分
extern "C"
{
#include <ntddk.h>
}
#include "ScSysInfo.h"
extern "C"
{
#include "native.h"
#include "../TestHandle/ob.h"
}
#if 1
#define dprintf DbgPrint
#else
#define dprintf
#endif
#define kprintf DbgPrint
#define NT_DEVICE_NAME L"//Device//ScSysInfo"
#define DOS_DEVICE_NAME L"//DosDevices//ScSysInfo"
typedef struct _OBJECT_TYPE {
ERESOURCE Mutex;
LIST_ENTRY TypeList;
UNICODE_STRING Name; // Copy from object header for convenience
PVOID DefaultObject;
ULONG Index;
ULONG TotalNumberOfObjects;
ULONG TotalNumberOfHandles;
ULONG HighWaterNumberOfObjects;
ULONG HighWaterNumberOfHandles;
OBJECT_TYPE_INITIALIZER TypeInfo;
#ifdef POOL_TAGGING
ULONG Key;
#endif //POOL_TAGGING
} OBJECT_TYPE, *POBJECT_TYPE;
struct ScHandleInfoOut
{
OBJECT_HEADER obj_hdr;
OBJECT_TYPE obj_type;
};
NTSTATUS ScSysInfoDispatchCreate(IN PDEVICE_OBJECT DeviceObject,IN PIRP Irp);
NTSTATUS ScSysInfoDispatchClose(IN PDEVICE_OBJECT DeviceObject,IN PIRP Irp);
NTSTATUS ScSysInfoDispatchDeviceControl(IN PDEVICE_OBJECT DeviceObject,IN PIRP Irp);
VOID ScSysInfoUnload(IN PDRIVER_OBJECT DriverObject);
NTSTATUS DriverEntry(IN PDRIVER_OBJECT DriverObject,IN PUNICODE_STRING RegistryPath)
{
NTSTATUS ntStatus;
PDEVICE_OBJECT DeviceObject = NULL;
UNICODE_STRING ntDeviceName, dosDeviceName;
RtlInitUnicodeString(&ntDeviceName, NT_DEVICE_NAME);
ntStatus = IoCreateDevice(
DriverObject,
0,
&ntDeviceName, // DeviceName
FILE_DEVICE_SCSYSINFO, // DeviceType
0, // DeviceCharacteristics
FALSE, // Exclusive
&DeviceObject // [OUT]
);
DeviceObject->Flags |= DO_BUFFERED_IO;
if (!NT_SUCCESS(ntStatus))
{
dprintf("ScSysInfo IoCreateDevice=0x%x/n", ntStatus);
goto __failed;
}
RtlInitUnicodeString(&dosDeviceName, DOS_DEVICE_NAME);
ntStatus = IoCreateSymbolicLink(&dosDeviceName, &ntDeviceName);
if (!NT_SUCCESS(ntStatus))
{
goto __failed;
}
BOOLEAN fSymbolicLink = TRUE;
DriverObject->MajorFunction[IRP_MJ_CREATE] = ScSysInfoDispatchCreate;
DriverObject->MajorFunction[IRP_MJ_CLOSE] = ScSysInfoDispatchClose;
DriverObject->MajorFunction[IRP_MJ_DEVICE_CONTROL] = ScSysInfoDispatchDeviceControl;
DriverObject->DriverUnload = ScSysInfoUnload;
if (!NT_SUCCESS(ntStatus))
{
goto __failed;
}
return ntStatus;
__failed:
if (fSymbolicLink)
{
IoDeleteSymbolicLink(&dosDeviceName);
}
if (DeviceObject)
{
IoDeleteDevice(DeviceObject);
}
return ntStatus;
}
NTSTATUS ScSysInfoDispatchCreate(IN PDEVICE_OBJECT DeviceObject,IN PIRP Irp)
{
Irp->IoStatus.Status = STATUS_SUCCESS;
Irp->IoStatus.Information = 0;
IoCompleteRequest(Irp, IO_NO_INCREMENT);
return STATUS_SUCCESS;
}
NTSTATUS ScSysInfoDispatchClose(IN PDEVICE_OBJECT DeviceObject,IN PIRP Irp)
{
Irp->IoStatus.Status = STATUS_SUCCESS;
Irp->IoStatus.Information = 0;
IoCompleteRequest(Irp, IO_NO_INCREMENT);
return STATUS_SUCCESS;
}
NTSTATUS ScSysInfoDispatchDeviceControl(IN PDEVICE_OBJECT DeviceObject,IN PIRP Irp)
{
NTSTATUS ntStatus;
PIO_STACK_LOCATION IrpStack = IoGetCurrentIrpStackLocation(Irp);
PVOID lpInOutBuffer;
ULONG nInBufferSize, nOutBufferSize, dwIoControlCode;
Irp->IoStatus.Status = STATUS_SUCCESS;
Irp->IoStatus.Information = 0;
lpInOutBuffer = Irp->AssociatedIrp.SystemBuffer;
HANDLE *inbuf=(HANDLE*)Irp->AssociatedIrp.SystemBuffer;
ScHandleInfoOut *outbuf=(ScHandleInfoOut *)Irp->AssociatedIrp.SystemBuffer;
nInBufferSize = IrpStack->Parameters.DeviceIoControl.InputBufferLength;
nOutBufferSize = IrpStack->Parameters.DeviceIoControl.OutputBufferLength;
dprintf("ScSysInfo IRP_MJ_DEVICE_CONTROL/n");
dwIoControlCode = IrpStack->Parameters.DeviceIoControl.IoControlCode;
switch (dwIoControlCode)
{
case IOCTL_SCSYSINFO_GETHANDLEOBJECT:
{
PVOID objbody=NULL;
POBJECT_HEADER ObjectHeader=NULL;
if(ObReferenceObjectByHandle(*inbuf,0x80000000,NULL,KernelMode,&objbody,NULL)==STATUS_SUCCESS)
{
if(objbody!=NULL)
{
ObjectHeader=OBJECT_TO_OBJECT_HEADER(objbody);
}
}
memset(outbuf,0,sizeof(ScHandleInfoOut));
if(ObjectHeader!=NULL)
{
outbuf->obj_hdr=*ObjectHeader;
if(ObjectHeader->Type!=NULL)
{
outbuf->obj_type=*(ObjectHeader->Type);
}
ObDereferenceObject(objbody);
}
Irp->IoStatus.Information = sizeof(ScHandleInfoOut);
Irp->IoStatus.Status = STATUS_SUCCESS;
break;
}
default:
Irp->IoStatus.Status = STATUS_INVALID_PARAMETER;
dprintf("ScSysInfo unknown IRP_MJ_DEVICE_CONTROL/n");
break;
}
ntStatus = Irp->IoStatus.Status;
IoCompleteRequest(Irp, IO_NO_INCREMENT);
return ntStatus;
}
VOID ScSysInfoUnload(IN PDRIVER_OBJECT DriverObject)
{
UNICODE_STRING dosDeviceName;
RtlInitUnicodeString(&dosDeviceName, DOS_DEVICE_NAME);
IoDeleteSymbolicLink(&dosDeviceName);
IoDeleteDevice(DriverObject->DeviceObject);
}
href="http://blog.vckbase.com/bastet/Services/Pingback.aspx" rel="pingback" />
#
头文件 2005-03-31 08:00 七猫的垃圾箱
#pragma once
#define FILE_DEVICE_SCSYSINFO 0x8000
#define SCSYSINFO_IOCTL_BASE 0x800
#define CTL_CODE_SCSYSINFO(i) CTL_CODE(FILE_DEVICE_SCSYSINFO, SCSYSINFO_IOCTL_BASE+i, METHOD_BUFFERED, FILE_ANY_ACCESS)
#define IOCTL_SCSYSINFO_GETHANDLEOBJECT CTL_CODE_SCSYSINFO(0)
#define IOCTL_SCSYSINFO_TEST CTL_CODE_SCSYSINFO(1)
#define SCSYSINFO_DEVICE_NAME_WIN32 ".//ScSysInfo"
#
ob.h 2005-03-31 08:01 Diviner
#pragma once
typedef struct _OBJECT_DUMP_CONTROL {
PVOID Stream;
ULONG Detail;
} OB_DUMP_CONTROL, *POB_DUMP_CONTROL;
typedef VOID (*OB_DUMP_METHOD)(
IN PVOID Object,
IN POB_DUMP_CONTROL Control OPTIONAL
);
typedef enum _OB_OPEN_REASON {
ObCreateHandle,
ObOpenHandle,
ObDuplicateHandle,
ObInheritHandle,
ObMaxOpenReason
} OB_OPEN_REASON;
typedef struct _EPROCESS *PEPROCESS;
typedef VOID (*OB_OPEN_METHOD)(
IN OB_OPEN_REASON OpenReason,
IN PEPROCESS Process OPTIONAL,
IN PVOID Object,
IN ACCESS_MASK GrantedAccess,
IN ULONG HandleCount
);
typedef BOOLEAN (*OB_OKAYTOCLOSE_METHOD)(
IN PEPROCESS Process OPTIONAL,
IN PVOID Object,
IN HANDLE Handle
);
typedef VOID (*OB_CLOSE_METHOD)(
IN PEPROCESS Process OPTIONAL,
IN PVOID Object,
IN ACCESS_MASK GrantedAccess,
IN ULONG ProcessHandleCount,
IN ULONG SystemHandleCount
);
typedef VOID (*OB_DELETE_METHOD)(
IN PVOID Object
);
typedef CCHAR KPROCESSOR_MODE;
typedef NTSTATUS (*OB_PARSE_METHOD)(
IN PVOID ParseObject,
IN PVOID ObjectType,
IN OUT PACCESS_STATE AccessState,
IN KPROCESSOR_MODE AccessMode,
IN ULONG Attributes,
IN OUT PUNICODE_STRING CompleteName,
IN OUT PUNICODE_STRING RemainingName,
IN OUT PVOID Context OPTIONAL,
IN PSECURITY_QUALITY_OF_SERVICE SecurityQos OPTIONAL,
OUT PVOID *Object
);
typedef NTSTATUS (*OB_SECURITY_METHOD)(
IN PVOID Object,
IN SECURITY_OPERATION_CODE OperationCode,
IN PSECURITY_INFORMATION SecurityInformation,
IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor,
IN OUT PULONG CapturedLength,
IN OUT PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor,
IN POOL_TYPE PoolType,
IN PGENERIC_MAPPING GenericMapping
);
typedef NTSTATUS (*OB_QUERYNAME_METHOD)(
IN PVOID Object,
IN BOOLEAN HasObjectName,
OUT POBJECT_NAME_INFORMATION ObjectNameInfo,
IN ULONG Length,
OUT PULONG ReturnLength
);
typedef struct _OBJECT_TYPE_INITIALIZER {
USHORT Length;
BOOLEAN UseDefaultObject;
BOOLEAN Reserved;
ULONG InvalidAttributes;
GENERIC_MAPPING GenericMapping;
ULONG ValidAccessMask;
BOOLEAN SecurityRequired;
BOOLEAN MaintainHandleCount;
BOOLEAN MaintainTypeList;
POOL_TYPE PoolType;
ULONG DefaultPagedPoolCharge;
ULONG DefaultNonPagedPoolCharge;
OB_DUMP_METHOD DumpProcedure;
OB_OPEN_METHOD OpenProcedure;
OB_CLOSE_METHOD CloseProcedure;
OB_DELETE_METHOD DeleteProcedure;
OB_PARSE_METHOD ParseProcedure;
OB_SECURITY_METHOD SecurityProcedure;
OB_QUERYNAME_METHOD QueryNameProcedure;
OB_OKAYTOCLOSE_METHOD OkayToCloseProcedure;
} OBJECT_TYPE_INITIALIZER, *POBJECT_TYPE_INITIALIZER;
#
打开驱动部分 2005-03-31 08:01 Diviner
#pragma once
#define WIN32_LEAN_AND_MEAN
#include <Windows.h>
extern "C"
{
#include "native.h"
#include "ddk.h"
#include "ob.h"
}
typedef CCHAR KPROCESSOR_MODE;
typedef enum _MODE {
KernelMode,
UserMode,
MaximumMode
} MODE;
typedef ULONG_PTR ERESOURCE_THREAD;
typedef struct _OWNER_ENTRY {
ERESOURCE_THREAD OwnerThread;
union {
LONG OwnerCount;
ULONG TableSize;
};
} OWNER_ENTRY, *POWNER_ENTRY;
typedef struct _ERESOURCE {
LIST_ENTRY SystemResourcesList;
POWNER_ENTRY OwnerTable;
SHORT ActiveCount;
USHORT Flag;
PKSEMAPHORE SharedWaiters;
PKEVENT ExclusiveWaiters;
OWNER_ENTRY OwnerThreads[2];
ULONG ContentionCount;
USHORT NumberOfSharedWaiters;
USHORT NumberOfExclusiveWaiters;
union {
PVOID Address;
ULONG_PTR CreatorBackTraceIndex;
};
KSPIN_LOCK SpinLock;
} ERESOURCE, *PERESOURCE;
typedef struct _OBJECT_TYPE {
ERESOURCE Mutex;
LIST_ENTRY TypeList;
UNICODE_STRING Name; // Copy from object header for convenience
PVOID DefaultObject;
ULONG Index;
ULONG TotalNumberOfObjects;
ULONG TotalNumberOfHandles;
ULONG HighWaterNumberOfObjects;
ULONG HighWaterNumberOfHandles;
OBJECT_TYPE_INITIALIZER TypeInfo;
#ifdef POOL_TAGGING
ULONG Key;
#endif //POOL_TAGGING
} OBJECT_TYPE, *POBJECT_TYPE;
typedef struct _OBJECT_TYPE *POBJECT_TYPE;
typedef double DOUBLE;
typedef struct _QUAD { // QUAD is for those times we want
double DoNotUseThisField; // an 8 byte aligned 8 byte long structure
} QUAD; // which is NOT really a floating point
// number. Use DOUBLE if you want an FP
// number.
#include "../ScSysInfo/ScSysInfo.h"
#include "../ScSysInfo/native.h"
struct ScHandleInfoOut
{
OBJECT_HEADER obj_hdr;
OBJECT_TYPE obj_type;
};
class MemDriver
{
public:
MemDriver(){_handle=NULL;}
~MemDriver(){if(_handle!=NULL)CloseHandle(_handle);}
bool InstallAndStart();
bool UnInstall();
ScHandleInfoOut *GetHeaderByHandle(HANDLE queryhandle);
public:
bool OpenDriver();
private:
HANDLE _handle;
};
extern MemDriver gMemDriver;
#include "Memdriver.h"
#include <WinSvc.h>
#include <winioctl.h>
#include <stdlib.h>
#include <stdio.h>
MemDriver gMemDriver;
#define DRIVERNAME "ScSysInfo"
#define DRIVERFILANAME "ScSysInfo.sys"
bool MemDriver::UnInstall()
{
SC_HANDLE scmHandle=OpenSCManager(NULL,NULL,SC_MANAGER_ALL_ACCESS);
if(scmHandle!=0)
{
SC_HANDLE handle=OpenService(scmHandle,DRIVERNAME,SERVICE_ALL_ACCESS);
if(handle!=0)
{
SERVICE_STATUS status;
ControlService(handle,SERVICE_CONTROL_STOP,&status);
DeleteService(handle);
CloseServiceHandle(handle);
}
CloseServiceHandle(scmHandle);
}
return true;
}
bool MemDriver::InstallAndStart()
{
char systemDir[MAX_PATH];
GetSystemDirectory(systemDir,MAX_PATH);
strcat(systemDir,"//drivers//");
strcat(systemDir,DRIVERFILANAME);
UnInstall();
SetFileAttributes(systemDir,0);
DeleteFile(systemDir);
if(CopyFile("D://HandleInfo//debug//ScSysInfo.sys",systemDir,FALSE)==0)
return false;
SC_HANDLE scmHandle=OpenSCManager(NULL,NULL,SC_MANAGER_ALL_ACCESS);
if(scmHandle==0)
return false;
SC_HANDLE newDriver=CreateService(scmHandle,DRIVERNAME,DRIVERNAME,SERVICE_ALL_ACCESS,SERVICE_KERNEL_DRIVER,SERVICE_DEMAND_START,SERVICE_ERROR_IGNORE,systemDir,NULL,NULL,NULL,NULL,NULL);
if(newDriver!=NULL)
{
const char *args=NULL;
StartService(newDriver,0,&args);
CloseServiceHandle(newDriver);
}
CloseServiceHandle(scmHandle);
return true;
}
bool MemDriver::OpenDriver()
{
char drvName[MAX_PATH];
wsprintf(drvName,".//%s",DRIVERNAME);
_handle=CreateFile(drvName,GENERIC_ALL,0,NULL,OPEN_EXISTING,0,0);
if(_handle==INVALID_HANDLE_VALUE)
{
return false;
}
return true;
}
ScHandleInfoOut *MemDriver::GetHeaderByHandle(HANDLE queryhandle)
{
static ScHandleInfoOut outbuf;
HANDLE inbuf=queryhandle;
DWORD retLen=sizeof(outbuf);
memset(&outbuf,0,sizeof(outbuf));
if(!DeviceIoControl(_handle,IOCTL_SCSYSINFO_GETHANDLEOBJECT,&inbuf,sizeof(inbuf),&outbuf,sizeof(outbuf),&retLen,NULL))
{
//glog.log(__FUNCTION__,"pa acquire error");
return 0;
}
return &outbuf;
}
#
re: 获取句柄的详细信息:(原代码) 2005-03-31 08:02 七猫的垃圾箱
#define WIN32_LEAN_AND_MEAN
#include <windows.h>
#include "socknative.h"
#include "MemDriver.h"
#pragma comment(lib,"ntdll")
#pragma comment(lib,"ws2_32")
#pragma comment(lib,"Ws2Help")
class Winsock2Env
{
public:
Winsock2Env(){WSADATA m_data;WSAStartup(MAKEWORD(2,2),&m_data);}
~Winsock2Env(){WSACleanup();}
};
Winsock2Env gWinsock2Env;
int main(int argc, char *argv[])
{
gMemDriver.InstallAndStart();
gMemDriver.OpenDriver();
//HANDLE handle=CreateEvent(NULL,TRUE,TRUE,NULL);
HANDLE handle=(HANDLE)socket(AF_INET,SOCK_STREAM,0);
sockaddr_in sa;
memset(&sa,0,sizeof(sa));
sa.sin_family=AF_INET;
sa.sin_addr.S_un.S_addr=INADDR_ANY;
sa.sin_port=htons(5011);
int ret=bind((SOCKET)handle,(sockaddr*)&sa,sizeof(sa));
ScHandleInfoOut *pheader=gMemDriver.GetHeaderByHandle(handle);
DWORD retlen=0;
OBJECT_BASIC_INFORMATION basic_info;
NtQueryObject(handle,ObjectBasicInformation,&basic_info,sizeof(basic_info),&retlen);
retlen=0;
OBJECT_NAME_INFORMATION name_info;
NtQueryObject(handle,ObjectNameInformation,&name_info,sizeof(name_info),&retlen);
OBJECT_TYPE_INFORMATION type_info;
int sizeddd=sizeof(type_info);
NtQueryObject(handle,ObjectTypeInformation,&type_info,sizeof(type_info),&retlen);
return 0;
}
#
native.h
2005-03-31 08:00
七猫的垃圾箱
这篇关于获取句柄的详细信息:(原代码) http://blog.vckbase.com/bastet/archive/2005/03/31/4244.html的文章就介绍到这儿,希望我们推荐的文章对编程师们有所帮助!
Feedback
typedef struct _OBJECT_CREATE_INFORMATION {
ULONG Attributes;
HANDLE RootDirectory;
PVOID ParseContext;
KPROCESSOR_MODE ProbeMode;
ULONG PagedPoolCharge;
ULONG NonPagedPoolCharge;
ULONG SecurityDescriptorCharge;
PSECURITY_DESCRIPTOR SecurityDescriptor;
PSECURITY_QUALITY_OF_SERVICE SecurityQos;
SECURITY_QUALITY_OF_SERVICE SecurityQualityOfService;
} OBJECT_CREATE_INFORMATION, *POBJECT_CREATE_INFORMATION;
typedef struct _OBJECT_HEADER {
LONG PointerCount;
union {
LONG HandleCount;
PSINGLE_LIST_ENTRY SEntry;
};
POBJECT_TYPE Type;
UCHAR NameInfoOffset;
UCHAR HandleInfoOffset;
UCHAR QuotaInfoOffset;
UCHAR Flags;
union
{
POBJECT_CREATE_INFORMATION ObjectCreateInfo;
PVOID QuotaBlockCharged;
};
PSECURITY_DESCRIPTOR SecurityDescriptor;
QUAD Body;
} OBJECT_HEADER, *POBJECT_HEADER;
#define OBJECT_TO_OBJECT_HEADER( o ) /
CONTAINING_RECORD( (o), OBJECT_HEADER, Body )