-
-
Save IgorYunusov/5b370da741a06d7b2d9bdd7d0f5014c4 to your computer and use it in GitHub Desktop.
Uses enumerate_handles from https://gist.github.com/MarkHC/902a13d4b8eab5f2421c13e27003b180
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| HANDLE get_handle_to_process(LPWSTR process) | |
| { | |
| HANDLE hProcess = NULL; | |
| enumerate_handles([&](PSYSTEM_HANDLE_TABLE_ENTRY_INFO handle) { | |
| if(GetCurrentProcessId() != handle->UniqueProcessId) return STATUS_UNSUCCESSFUL; | |
| BOOL found = FALSE; | |
| PVOID buffer = NULL; | |
| ULONG bufferSize = 0x100; | |
| NTSTATUS status; | |
| // | |
| // 7 is the process type index. It's possible that this is different value on your system. | |
| // Check the output print_handle_information for more info. You can compare the TypeName to | |
| // "Process" instead of doing it like this | |
| // | |
| if(handle->ObjectTypeIndex == 7) { | |
| WCHAR processPath[MAX_PATH] = {}; | |
| // | |
| // The handle needs to have PROCESS_QUERY_INFORMATION and PROCESS_VM_READ | |
| // access, otherwise this call fails | |
| // | |
| if(GetModuleFileNameExW((HANDLE)handle->HandleValue, NULL, processPath, MAX_PATH)) { | |
| LPWSTR filename = PathFindFileNameW(processPath); | |
| if(!wcscmp(filename, process)) { | |
| found = TRUE; | |
| hProcess = (HANDLE)handle->HandleValue; | |
| } | |
| } | |
| } | |
| // | |
| // STATUS_SUCCESS stops the enumeration | |
| // | |
| if(found) | |
| return STATUS_SUCCESS; | |
| return STATUS_UNSUCCESSFUL; | |
| }); | |
| return hProcess; | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment