![]() ![]() ![]() We use NtQuerySystemInformation to get the list of all open handles in the system, and then we iterate through the list, duplicating handles, to gain access to the object, and call NtQueryObject to get the name of the object. In the process, we need to use these undocumented API calls: NtQuerySystemInformation, NtQueryObject, and DuplicateHandle. To destroy it, we need to find all the handles to the object and close them. The basic idea is to destroy the mutex object before we start another instance of the Task Manager. ![]() Wcscat( mutexName, L " \\BaseNamedObjects\\" ) _itow( sid, mutexName + wcslen( mutexName ), 10 ) full name of the mutex (we want to mess only with session of the current user) If( !::ProcessIdToSessionId( ::GetCurrentProcessId(), &sid ) ) ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |