Malware Analyst's Cookbook and DVD by Michael Ligh & Steven Adair & Blake Hartstein & Matthew Richard

Malware Analyst's Cookbook and DVD by Michael Ligh & Steven Adair & Blake Hartstein & Matthew Richard

Author:Michael Ligh & Steven Adair & Blake Hartstein & Matthew Richard
Language: eng
Format: epub, mobi
Publisher: Wiley Publishing, Inc.
Published: 2010-09-28T04:00:00+00:00


HANDLE hDupHandle;

BOOL bStatus = FALSE;

HANDLE hProc = OpenProcess(PROCESS_DUP_HANDLE, FALSE, dwPid);

if (hProc != NULL) {

if (DuplicateHandle(hProc,

(HANDLE)dwHval,

GetCurrentProcess(),

&hDupHandle,

0, FALSE,

DUPLICATE_SAME_ACCESS|DUPLICATE_CLOSE_SOURCE))

{

if (CloseHandle(hDupHandle)) {

bStatus = TRUE;

}

}

CloseHandle(hProc);

}

if (bStatus) {

_tprintf(_T("Cannot close the remote handle!\n"));

} else {

_tprintf(_T("Remote handle close succeeded!\n"));

}

return 0;

}

To use the program, you pass it the PID of the owning process (1592 for Explorer in this case) and the handle value for the object you want to access. The following commands show how it closes Explorer’s handle to toli.exe, which then allows you to copy it and/or delete it.

F:\>closehandle.exe 1592 0x204

Remote handle close succeeded!



Download



Copyright Disclaimer:
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.