看流星社区

 找回密码
 注册账号
查看: 1979|回复: 0

枚举进程句柄File,Section,Mutant,Timer关闭Mutex句柄实现游戏多开

[复制链接]

该用户从未签到

发表于 2017-6-1 17:20:55 | 显示全部楼层 |阅读模式
枚举进程句柄File,Section,Mutant,Timer关闭Mutex句柄实现游戏多开


2013-09-03 01:41472人阅读评论(0)收藏举报



标 题:枚举进程句柄File,Section,Mutant,Timer关闭Mutex句柄实现游戏多开
作 者: Y4ng
时 间: 2012-09-06 19:50:32 星期四
链 接:http://www.cnblogs.com/Y4ng/archive/2012/09/06/EnumProcessHandle_EnumMutex.html

相信做过游戏多开的朋友就会发现,很多游戏普遍使用互斥mutex来防止程序多开,说实话这种方式已经非常OUT了。但是由于时间和技术的沉淀关系,留下来的游戏依然会存在这种方式。 最近接触到一款游戏是N前非常火热的对战游戏,可以称为经典之作;它就是用的Mutant来实现游戏防止多开的,一般咱们测试的时候都是用Xuetr来关闭游戏,但是要作为成品发布不可能要求客户拿Xuetr来列进程对象句柄,关句柄吧~
网上搜索了半天都没有找到枚举进程句柄的例子,经过群里的大牛提点指到ZwQuerySystemInformationSystemHandleInformation 可以实现句柄枚举功能;经过一番搜索编码测试 于是有了本文代码;





[cpp]view
plaincopy






/*头文件声明*/
typedefLONGNTSTATUS;
#defineSTATUS_INFO_LENGTH_MISMATCH((NTSTATUS)0xC0000004L)
#defineNT_SUCCESS(Status)((NTSTATUS)(Status)>=0)

typedefenum_SYSTEM_INFORMATION_CLASS{
SystemBasicInformation,//0YN
SystemProcessorInformation,//1YN
SystemPerformanceInformation,//2YN
SystemTimeOfDayInformation,//3YN
SystemNotImplemented1,//4YN
SystemProcessesAndThreadsInformation,//5YN
SystemCallCounts,//6YN
SystemConfigurationInformation,//7YN
SystemProcessorTimes,//8YN
SystemGlobalFlag,//9YY
SystemNotImplemented2,//10YN
SystemModuleInformation,//11YN
SystemLockInformation,//12YN
SystemNotImplemented3,//13YN
SystemNotImplemented4,//14YN
SystemNotImplemented5,//15YN
SystemHandleInformation,//16YN
SystemObjectInformation,//17YN
SystemPagefileInformation,//18YN
SystemInstructionEmulationCounts,//19YN
SystemInvalidInfoClass1,//20
SystemCacheInformation,//21YY
SystemPoolTagInformation,//22YN
SystemProcessorStatistics,//23YN
SystemDpcInformation,//24YY
SystemNotImplemented6,//25YN
SystemLoadImage,//26NY
SystemUnloadImage,//27NY
SystemTimeAdjustment,//28YY
SystemNotImplemented7,//29YN
SystemNotImplemented8,//30YN
SystemNotImplemented9,//31YN
SystemCrashDumpInformation,//32YN
SystemExceptionInformation,//33YN
SystemCrashDumpStateInformation,//34YY/N
SystemKernelDebuggerInformation,//35YN
SystemContextSwitchInformation,//36YN
SystemRegistryQuotaInformation,//37YY
SystemLoadAndCallImage,//38NY
SystemPrioritySeparation,//39NY
SystemNotImplemented10,//40YN
SystemNotImplemented11,//41YN
SystemInvalidInfoClass2,//42
SystemInvalidInfoClass3,//43
SystemTimeZoneInformation,//44YN
SystemLookasideInformation,//45YN
SystemSetTimeSlipEvent,//46NY
SystemCreateSession,//47NY
SystemDeleteSession,//48NY
SystemInvalidInfoClass4,//49
SystemRangeStartInformation,//50YN
SystemVerifierInformation,//51YY
SystemAddVerifier,//52NY
SystemSessionProcessesInformation//53YN
}SYSTEM_INFORMATION_CLASS;

typedefstruct_CLIENT_ID
{
HANDLEUniqueProcess;
HANDLEUniqueThread;
}CLIENT_ID,*PCLIENT_ID;

typedefstruct
{
USHORTLength;
USHORTMaxLen;
USHORT*Buffer;
}UNICODE_STRING,*PUNICODE_STRING;

typedefstruct_OBJECT_ATTRIBUTES
{
ULONGLength;
HANDLERootDirectory;
PUNICODE_STRINGObjectName;
ULONGAttributes;
PVOIDSecurityDescriptor;
PVOIDSecurityQualityOfService;
}OBJECT_ATTRIBUTES,*POBJECT_ATTRIBUTES;

typedefstruct_IO_COUNTERSEX{
LARGE_INTEGERReadOperationCount;
LARGE_INTEGERWriteOperationCount;
LARGE_INTEGEROtherOperationCount;
LARGE_INTEGERReadTransferCount;
LARGE_INTEGERWriteTransferCount;
LARGE_INTEGEROtherTransferCount;
}IO_COUNTERSEX,*PIO_COUNTERSEX;

typedefenum{
StateInitialized,
StateReady,
StateRunning,
StateStandby,
StateTerminated,
StateWait,
StateTransition,
StateUnknown
}THREAD_STATE;

typedefstruct_VM_COUNTERS{
SIZE_TPeakVirtualSize;
SIZE_TVirtualSize;
ULONGPageFaultCount;
SIZE_TPeakWorkingSetSize;
SIZE_TWorkingSetSize;
SIZE_TQuotaPeakPagedPoolUsage;
SIZE_TQuotaPagedPoolUsage;
SIZE_TQuotaPeakNonPagedPoolUsage;
SIZE_TQuotaNonPagedPoolUsage;
SIZE_TPagefileUsage;
SIZE_TPeakPagefileUsage;
}VM_COUNTERS;
typedefVM_COUNTERS*PVM_COUNTERS;

typedefstruct_SYSTEM_THREADS{
LARGE_INTEGERKernelTime;
LARGE_INTEGERUserTime;
LARGE_INTEGERCreateTime;
ULONGWaitTime;
PVOIDStartAddress;
CLIENT_IDClientId;
ULONGPriority;
ULONGBasePriority;
ULONGContextSwitchCount;
THREAD_STATEState;
ULONGWaitReason;
}SYSTEM_THREADS,*PSYSTEM_THREADS;

typedefstruct_SYSTEM_PROCESSES{//InformationClass5
ULONGNextEntryDelta;
ULONGThreadCount;
ULONGReserved1[6];
LARGE_INTEGERCreateTime;
LARGE_INTEGERUserTime;
LARGE_INTEGERKernelTime;
UNICODE_STRINGProcessName;
ULONGBasePriority;
ULONGProcessId;
ULONGInheritedFromProcessId;
ULONGHandleCount;
ULONGReserved2[2];
VM_COUNTERSVmCounters;
IO_COUNTERSEXIoCounters;//Windows2000only
SYSTEM_THREADSThreads[1];
}SYSTEM_PROCESSES,*PSYSTEM_PROCESSES;

typedefstruct_SYSTEM_HANDLE_INFORMATION
{
ULONGProcessId;
UCHARObjectTypeNumber;
UCHARFlags;
USHORTHandle;
PVOIDObject;
ACCESS_MASKGrantedAccess;
}SYSTEM_HANDLE_INFORMATION,*PSYSTEM_HANDLE_INFORMATION;

typedefenum_OBJECT_INFORMATION_CLASS{
ObjectBasicInformation,
ObjectNameInformation,
ObjectTypeInformation,
ObjectAllInformation,
ObjectDataInformation
}OBJECT_INFORMATION_CLASS;

typedefstruct_OBJECT_NAME_INFORMATION{
UNICODE_STRINGName;
}OBJECT_NAME_INFORMATION,*POBJECT_NAME_INFORMATION;

typedefNTSTATUS(NTAPI*NTQUERYOBJECT)(
_In_opt_HANDLEHandle,
_In_OBJECT_INFORMATION_CLASSObjectInformationClass,
_Out_opt_PVOIDObjectInformation,
_In_ULONGObjectInformationLength,
_Out_opt_PULONGReturnLength
);


typedefNTSTATUS
(NTAPI*ZWQUERYSYSTEMINFORMATION)(
INSYSTEM_INFORMATION_CLASSSystemInformationClass,
OUTPVOIDSystemInformation,
INULONGSystemInformationLength,
OUTPULONGReturnLengthOPTIONAL
);
ZWQUERYSYSTEMINFORMATIONZwQuerySystemInformation=(ZWQUERYSYSTEMINFORMATION)GetProcAddress(GetModuleHandle("ntdll.dll"),"ZwQuerySystemInformation");
NTQUERYOBJECTNtQueryObject=(NTQUERYOBJECT)GetProcAddress(GetModuleHandle("ntdll.dll"),"NtQueryObject");







[cpp]view
plaincopy






/*功能函数体*/
int_tmain(intargc,_TCHAR*argv[])
{
DWORDdwSize=0;
PSYSTEM_HANDLE_INFORMATIONpmodule=NULL;
POBJECT_NAME_INFORMATIONpNameInfo;
POBJECT_NAME_INFORMATIONpNameType;
PVOIDpbuffer=NULL;
NTSTATUSStatus;
intnIndex=0;
DWORDdwFlags=0;
charszType[128]={0};
charszName[512]={0};

if(!ZwQuerySystemInformation)
{
gotoExit0;
}

pbuffer=VirtualAlloc(NULL,0x1000,MEM_COMMIT,PAGE_READWRITE);

if(!pbuffer)
{
gotoExit0;
}

Status=ZwQuerySystemInformation(SystemHandleInformation,pbuffer,0x1000,&dwSize);

if(!NT_SUCCESS(Status))
{
if(STATUS_INFO_LENGTH_MISMATCH!=Status)
{
gotoExit0;
}
else
{
//这里大家可以保证程序的正确性使用循环分配稍好
if(NULL!=pbuffer)
{
VirtualFree(pbuffer,0,MEM_RELEASE);
}

if(dwSize*2>0x4000000)//MAXSIZE
{
gotoExit0;
}

pbuffer=VirtualAlloc(NULL,dwSize*2,MEM_COMMIT,PAGE_READWRITE);

if(!pbuffer)
{
gotoExit0;
}

Status=ZwQuerySystemInformation(SystemHandleInformation,pbuffer,dwSize*2,NULL);

if(!NT_SUCCESS(Status))
{
gotoExit0;
}
}
}

pmodule=(PSYSTEM_HANDLE_INFORMATION)((PULONG)pbuffer+1);
dwSize=*((PULONG)pbuffer);

for(nIndex=0;nIndex<dwSize;nIndex++)
{

Status=NtQueryObject((HANDLE)pmodule[nIndex].Handle,ObjectNameInformation,szName,512,&amp;dwFlags);

if(!NT_SUCCESS(Status))
{
gotoExit0;
}

Status=NtQueryObject((HANDLE)pmodule[nIndex].Handle,ObjectTypeInformation,szType,128,&amp;dwFlags);

if(!NT_SUCCESS(Status))
{
gotoExit0;
}

pNameInfo=(POBJECT_NAME_INFORMATION)szName;
pNameType=(POBJECT_NAME_INFORMATION)szType;

printf("%wZ%wZ\n",pNameType,pNameInfo);

//匹配是否为需要关闭的句柄名称
if(0==wcscmp((wchar_t*)pNameType->Name.Buffer,L"Mutant"))
{
if(wcsstr((wchar_t*)pNameInfo->Name.Buffer,CLOSEMUTEXNAME))
{
CloseHandle((HANDLE)pmodule[nIndex].Handle);
gotoExit0;
}
}
}

Exit0:
if(NULL!=pbuffer)
{
VirtualFree(pbuffer,0,MEM_RELEASE);
}

return0;
}
点击按钮快速添加回复内容: 支持 高兴 激动 给力 加油 苦寻 生气 回帖 路过 感恩
您需要登录后才可以回帖 登录 | 注册账号

本版积分规则

小黑屋|手机版|Archiver|看流星社区 |网站地图

GMT+8, 2024-3-19 11:44

Powered by Kanliuxing X3.4

© 2010-2019 kanliuxing.com

快速回复 返回顶部 返回列表