2,640
社区成员
发帖
与我相关
我的任务
分享在编写完端口进程关联程序后的完善问题。(句柄数猛增)
用NTQuerySystemInformation(DWORD,PDWORD,DWORD,PDWORD)
必须给第二个参数赋予足够的空间,否则会出错,在NT下,必须将句柄转化为自身的才能有权限看到句柄信息,用BOOL DuplicateHandle(
HANDLE hSourceProcessHandle,
HANDLE hSourceHandle,
HANDLE hTargetProcessHandle,
LPHANDLE lpTargetHandle,
DWORD dwDesiredAccess,
BOOL bInheritHandle,
DWORD dwOptions
);
函数,可以作到,但是如果要做实时刷新的程序,每次刷新后就会因为复制句柄导致系统句柄数目增加,导致句柄数超过分配空间,NTQuerySystemInformation()函数返回错误。
我建立了PID链表,可是有些句柄是SOCKET句柄但是没有占用端口,判断上极为复杂,而且因为系统中的句柄少则6k-7k,多则上万,建立链表会导致程序运行效率,和对链表的操作变复杂。
有没有一种方法不用建立链表而不会导致句柄数目只在出现新端口时增加,和端口关闭时减少。
必须给第二个参数赋予足够的空间,否则会出错,在NT下,必须将句柄转化为自身的才能有权限看到句柄信息,用BOOL DuplicateHandle(
HANDLE hSourceProcessHandle,
HANDLE hSourceHandle,
HANDLE hTargetProcessHandle,
LPHANDLE lpTargetHandle,
DWORD dwDesiredAccess,
BOOL bInheritHandle,
DWORD dwOptions
);
函数,可以作到,但是如果要做实时刷新的程序,每次刷新后就会因为复制句柄导致系统句柄数目增加,导致句柄数超过分配空间,NTQuerySystemInformation()函数返回错误。
我建立了PID链表,可是有些句柄是SOCKET句柄但是没有占用端口,判断上极为复杂,而且因为系统中的句柄少则6k-7k,多则上万,建立链表会导致程序运行效率,和对链表的操作变复杂。
有没有一种方法不用建立链表而不会导致句柄数目只在出现新端口时增加,和端口关闭时减少。
...全文
请发表友善的回复…
发表回复
zhouqiaoqiao 2004-12-23
- 打赏
- 举报
我试过,没问题的!
Mr-Chen 2004-09-30
- 打赏
- 举报
Handle没关闭?
pepsi1980 2004-09-29
- 打赏
- 举报
我也想知道答案,友情UP;)
AthlonxpX86 2004-09-28
- 打赏
- 举报
同意不用就CloseHandle
boywang 2004-09-27
- 打赏
- 举报
有些句柄是protect from close的。
nwpulipeng 2004-09-27
- 打赏
- 举报
帮顶混分啦
不太明白
不太明白
pepsi1980 2004-09-27
- 打赏
- 举报
我回去实现一下,看有没有问题,同时帮你顶!:)
WYlslrt 2004-08-22
- 打赏
- 举报
up
WYlslrt 2004-08-20
- 打赏
- 举报
DuplicateHandle(hProc,(HANDLE)pHandleInfo->HndlOffset,hCurrentProc,&hMyHandle,STANDARD_RIGHTS_REQUIRED,true,0);
CloseHandle( hProc );
如果在此调用第二句时,会不正常显示,又是只显示三个句柄。不能完全显示
CloseHandle( hProc );
如果在此调用第二句时,会不正常显示,又是只显示三个句柄。不能完全显示
howtotell 2004-08-20
- 打赏
- 举报
void CStatus::ListStatus(void)
{
m_image.DeleteImageList();
m_tree.DeleteAllItems();
m_image.Create(16,16,ILC_MASK|ILC_COLOR32,0,0);
int nImage=0;
HTREEITEM m_TreeRoot;
HTREEITEM m_TreeSub;
int iRet;
WSADATA wsaData;
iRet = WSAStartup( MAKEWORD(1,1), & wsaData );
if(iRet)
printf("WSAStartup Error:%d\n", GetLastError() );
HANDLE hCurrentProc = GetCurrentProcess();
HANDLE hToken;
if(!OpenProcessToken(hCurrentProc,TOKEN_QUERY|TOKEN_ADJUST_PRIVILEGES,&hToken))
{
printf("OpenProcessToken Error:%d\n", GetLastError());
}
else
{
if(!RaisePrivleges(hToken,SE_DEBUG_NAME))
{
printf( "SetPrivleges SE_DEBUG_NAME Error:%d\n",GetLastError());
}
}
if(hToken)
{
CloseHandle(hToken );
}
HMODULE hNtdll = NULL;
hNtdll=LoadLibrary("ntdll.dll");
if(!hNtdll)
{
printf("LoadLibrary(NTDLL.DLL) Error:%d\n", GetLastError() );
return ;
}
NtQuerySystemInformation = (NTQUERYSYSTEMINFORMATION)
GetProcAddress(hNtdll,"NtQuerySystemInformation");
if(!NtQuerySystemInformation)
{
printf( "GetProcess( NtQuerySystemInformation ) Error:%d\n", GetLastError() );
return ;
}
DWORD dwNumBytes = MAX_HANDLE_LIST_BUF;
PDWORD pdwHandleList = (PDWORD)malloc( dwNumBytes );
if(!pdwHandleList)
{
printf( "Malloc for Handle List Error:%d\n", GetLastError() );
return ;
}
DWORD dwNumBytesRet = 0;
iRet=(*NtQuerySystemInformation)(NT_HANDLE_LIST,pdwHandleList,dwNumBytes,&dwNumBytesRet);
DWORD dwNumEntries;
PHANDLEINFO pHandleInfo;
if(iRet)
{
printf( "NtQuerySystemInformation return %d, Error:%d\n",dwNumBytesRet,GetLastError());
}
else
{
HANDLE hProc;
dwNumEntries = pdwHandleList[0];
pHandleInfo = (PHANDLEINFO)(pdwHandleList+1);
for(DWORD i=0;i<dwNumEntries;i++)
{
// if((pHandleInfo->ObjType==OBJECT_TYPE_SOCKET)&&(pHandleInfo->dwPid))
{
hProc = OpenProcess(WRITE_DAC,false,pHandleInfo-> dwPid );
if(hProc)
{
AdjustDacl( hProc );
CloseHandle( hProc );
}
HANDLE hMyHandle = NULL;
hProc = OpenProcess(PROCESS_DUP_HANDLE,true,pHandleInfo->dwPid);
if(hProc)
{
DuplicateHandle(hProc,(HANDLE)pHandleInfo->HndlOffset,hCurrentProc,&hMyHandle,STANDARD_RIGHTS_REQUIRED,true,0);
CloseHandle( hProc );
}
if(!hMyHandle)
{
Sleep( 0 );
}
else
{
sockaddr_in name = {0};
name.sin_family = AF_INET;
int namelen = sizeof(sockaddr_in);
SOCKET s = (SOCKET)hMyHandle;
iRet = getsockname(s,(sockaddr*)&name,& namelen );
if(iRet!=SOCKET_ERROR )
{
HANDLE hProcessSnap;
HANDLE hModuleSnap;
MODULEENTRY32 me32={0};
hModuleSnap = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE,pHandleInfo->dwPid);
if(hModuleSnap!=(HANDLE)-1)
{
me32.dwSize=sizeof(MODULEENTRY32);
if(Module32First(hModuleSnap,&me32))
{
SHFILEINFO stFileInfo;
SHGetFileInfo(me32.szExePath,FILE_ATTRIBUTE_NORMAL,
&stFileInfo, sizeof(stFileInfo),
SHGFI_ICON|SHGFI_USEFILEATTRIBUTES);
HICON hIcon=stFileInfo.hIcon;
if(hIcon==NULL)
{
m_image.Add(::AfxGetApp()->LoadIcon(IDI_UNKNOWN));
}
else
{
m_image.Add(hIcon);
}
m_TreeRoot=m_tree.InsertItem(me32.szExePath,nImage,nImage,NULL);
nImage++;
}
CloseHandle(hModuleSnap);
}
int sockType = 0;
int optlen = 4;
iRet = getsockopt(s,SOL_SOCKET,SO_TYPE,(char*)& sockType,&optlen);
CString strPid;
strPid.Format("PID: %d",pHandleInfo->dwPid);
m_image.Add(::AfxGetApp()->LoadIcon(IDI_UNKNOWN));
m_tree.InsertItem(strPid,nImage,nImage,m_TreeRoot);
nImage++;
CString strTcp;
strTcp.Format("协议: %s",szSockType[sockType]);
m_image.Add(::AfxGetApp()->LoadIcon(IDI_UNKNOWN));
m_tree.InsertItem(strTcp,nImage,nImage,m_TreeRoot);
nImage++;
CString strPort;
strPort.Format("端口: %d",ntohs(name.sin_port));
m_image.Add(::AfxGetApp()->LoadIcon(IDI_UNKNOWN));
m_tree.InsertItem(strPort,nImage,nImage,m_TreeRoot);
nImage++;
}
}
}
pHandleInfo++;
}
}
if(pdwHandleList)
free(pdwHandleList);
if(hCurrentProc)
CloseHandle(hCurrentProc);
m_tree.SetImageList(&m_image,LVSIL_NORMAL);
}
howtotell 2004-08-20
- 打赏
- 举报
#include "stdafx.h"
#include "CFireWall.h"
#include "Status.h"
#include <stdio.h>
#include <stdlib.h>
#include <winsock2.h>
#include <Aclapi.h>
#include "tlhelp32.h"
#include ".\status.h"
#pragma comment(lib,"ws2_32.lib")
// NtQuerySystemInformation record type 16
#define NT_HANDLE_LIST 16
#define OBJECT_TYPE_SOCKET 0x1A
#define MAX_HANDLE_LIST_BUF 0x200000
// 定义HanleInfo数据结构
typedef struct _HandleInfo
{
USHORT dwPid;
USHORT CreatorBackTraceIndex;
BYTE ObjType;
BYTE HandleAttributes;
USHORT HndlOffset;
DWORD dwKeObject;
ULONG GrantedAccess;
}HANDLEINFO,*PHANDLEINFO;
// 申明NtQuerySystemInformation()函数
typedef DWORD (CALLBACK* NTQUERYSYSTEMINFORMATION)( DWORD, PDWORD, DWORD, PVOID );
NTQUERYSYSTEMINFORMATION NtQuerySystemInformation;
// 判断SOCKET类型的数组
char szSockType[6][6] = { "NUL", "TCP", "UDP", "RAW", "RDM", "SEQ" };
//
// RaisePrivleges()函数用来提升本进程的特权
//
bool RaisePrivleges( HANDLE hToken, char *pPriv )
{
TOKEN_PRIVILEGES tkp;
if (!LookupPrivilegeValue( NULL, pPriv, & tkp.Privileges[0].Luid ) )
{printf( "LookupPrivilegeValue Error:%d\n", GetLastError() );
return false;
}
tkp.PrivilegeCount = 1;
tkp.Privileges[0].Attributes |= SE_PRIVILEGE_ENABLED;
int iRet = AdjustTokenPrivileges(hToken,false,&tkp,0,(PTOKEN_PRIVILEGES)NULL,0);
if(iRet == NULL )//AdjustTokenPrivileges函数调用失败
{
printf( "AdjustTokenPrivileges Error:%d\n", GetLastError() );
return false;
}//AdjustTokenPrivileges调用成功
else
{//使用GetLastError()获得返回值
iRet = GetLastError();
switch ( iRet )
{case ERROR_NOT_ALL_ASSIGNED://未指派所有的特权
printf( "AdjustTokenPrivileges ERROR_NOT_ALL_ASSIGNED\n" );
return false;
case ERROR_SUCCESS://成功地指派了所有的特权
return true;
default://不知名的错误
printf( "AdjustTokenPrivileges Unknow Error:%d\n", iRet );
return false;
}
}
}//end of RaisePrivleges
//
// AdjustDacl用来调整目标进程的DACL
//
void AdjustDacl( HANDLE hProcess )
{
SID world = { SID_REVISION, 1, SECURITY_WORLD_SID_AUTHORITY,0};
LPTSTR ptstrName = (LPTSTR)& world;
EXPLICIT_ACCESS ea =
{
STANDARD_RIGHTS_ALL | SPECIFIC_RIGHTS_ALL,
SET_ACCESS,
NO_INHERITANCE,
{
0,
NO_MULTIPLE_TRUSTEE,
TRUSTEE_IS_SID,
TRUSTEE_IS_USER,
ptstrName
}
};
ACL * pdacl = 0;
if(SetEntriesInAcl(1, & ea, 0, & pdacl) != ERROR_SUCCESS )
printf( "SetEntriesInAcl Error:%d", GetLastError() );
if(SetSecurityInfo(hProcess,SE_KERNEL_OBJECT,DACL_SECURITY_INFORMATION,0,0, pdacl,0)!=ERROR_SUCCESS)
printf( "SetSecurityInfo Error:%d", GetLastError() );
LocalFree(pdacl);
}//end of AdjustDacl
// CStatus 对话框
IMPLEMENT_DYNCREATE(CStatus, CDHtmlDialog)
CStatus::CStatus(CWnd* pParent /*=NULL*/)
: CDHtmlDialog(CStatus::IDD, CStatus::IDH, pParent)
{
}
CStatus::~CStatus()
{
}
void CStatus::DoDataExchange(CDataExchange* pDX)
{
CDHtmlDialog::DoDataExchange(pDX);
DDX_Control(pDX, IDC_TREE1, m_tree);
}
BOOL CStatus::OnInitDialog()
{
CDHtmlDialog::OnInitDialog();
ListStatus();
return TRUE; // 除非将焦点设置到控件,否则返回 TRUE
}
BEGIN_MESSAGE_MAP(CStatus, CDHtmlDialog)
// ON_BN_CLICKED(IDC_BUTTON1, OnBnClickedButton1)
ON_NOTIFY(NM_DBLCLK, IDC_TREE1, OnNMDblclkTree1)
ON_NOTIFY(TVN_SELCHANGED, IDC_TREE1, OnTvnSelchangedTree1)
END_MESSAGE_MAP()
BEGIN_DHTML_EVENT_MAP(CStatus)
DHTML_EVENT_ONCLICK(_T("ButtonOK"), OnButtonOK)
DHTML_EVENT_ONCLICK(_T("ButtonCancel"), OnButtonCancel)
END_DHTML_EVENT_MAP()
#include "CFireWall.h"
#include "Status.h"
#include <stdio.h>
#include <stdlib.h>
#include <winsock2.h>
#include <Aclapi.h>
#include "tlhelp32.h"
#include ".\status.h"
#pragma comment(lib,"ws2_32.lib")
// NtQuerySystemInformation record type 16
#define NT_HANDLE_LIST 16
#define OBJECT_TYPE_SOCKET 0x1A
#define MAX_HANDLE_LIST_BUF 0x200000
// 定义HanleInfo数据结构
typedef struct _HandleInfo
{
USHORT dwPid;
USHORT CreatorBackTraceIndex;
BYTE ObjType;
BYTE HandleAttributes;
USHORT HndlOffset;
DWORD dwKeObject;
ULONG GrantedAccess;
}HANDLEINFO,*PHANDLEINFO;
// 申明NtQuerySystemInformation()函数
typedef DWORD (CALLBACK* NTQUERYSYSTEMINFORMATION)( DWORD, PDWORD, DWORD, PVOID );
NTQUERYSYSTEMINFORMATION NtQuerySystemInformation;
// 判断SOCKET类型的数组
char szSockType[6][6] = { "NUL", "TCP", "UDP", "RAW", "RDM", "SEQ" };
//
// RaisePrivleges()函数用来提升本进程的特权
//
bool RaisePrivleges( HANDLE hToken, char *pPriv )
{
TOKEN_PRIVILEGES tkp;
if (!LookupPrivilegeValue( NULL, pPriv, & tkp.Privileges[0].Luid ) )
{printf( "LookupPrivilegeValue Error:%d\n", GetLastError() );
return false;
}
tkp.PrivilegeCount = 1;
tkp.Privileges[0].Attributes |= SE_PRIVILEGE_ENABLED;
int iRet = AdjustTokenPrivileges(hToken,false,&tkp,0,(PTOKEN_PRIVILEGES)NULL,0);
if(iRet == NULL )//AdjustTokenPrivileges函数调用失败
{
printf( "AdjustTokenPrivileges Error:%d\n", GetLastError() );
return false;
}//AdjustTokenPrivileges调用成功
else
{//使用GetLastError()获得返回值
iRet = GetLastError();
switch ( iRet )
{case ERROR_NOT_ALL_ASSIGNED://未指派所有的特权
printf( "AdjustTokenPrivileges ERROR_NOT_ALL_ASSIGNED\n" );
return false;
case ERROR_SUCCESS://成功地指派了所有的特权
return true;
default://不知名的错误
printf( "AdjustTokenPrivileges Unknow Error:%d\n", iRet );
return false;
}
}
}//end of RaisePrivleges
//
// AdjustDacl用来调整目标进程的DACL
//
void AdjustDacl( HANDLE hProcess )
{
SID world = { SID_REVISION, 1, SECURITY_WORLD_SID_AUTHORITY,0};
LPTSTR ptstrName = (LPTSTR)& world;
EXPLICIT_ACCESS ea =
{
STANDARD_RIGHTS_ALL | SPECIFIC_RIGHTS_ALL,
SET_ACCESS,
NO_INHERITANCE,
{
0,
NO_MULTIPLE_TRUSTEE,
TRUSTEE_IS_SID,
TRUSTEE_IS_USER,
ptstrName
}
};
ACL * pdacl = 0;
if(SetEntriesInAcl(1, & ea, 0, & pdacl) != ERROR_SUCCESS )
printf( "SetEntriesInAcl Error:%d", GetLastError() );
if(SetSecurityInfo(hProcess,SE_KERNEL_OBJECT,DACL_SECURITY_INFORMATION,0,0, pdacl,0)!=ERROR_SUCCESS)
printf( "SetSecurityInfo Error:%d", GetLastError() );
LocalFree(pdacl);
}//end of AdjustDacl
// CStatus 对话框
IMPLEMENT_DYNCREATE(CStatus, CDHtmlDialog)
CStatus::CStatus(CWnd* pParent /*=NULL*/)
: CDHtmlDialog(CStatus::IDD, CStatus::IDH, pParent)
{
}
CStatus::~CStatus()
{
}
void CStatus::DoDataExchange(CDataExchange* pDX)
{
CDHtmlDialog::DoDataExchange(pDX);
DDX_Control(pDX, IDC_TREE1, m_tree);
}
BOOL CStatus::OnInitDialog()
{
CDHtmlDialog::OnInitDialog();
ListStatus();
return TRUE; // 除非将焦点设置到控件,否则返回 TRUE
}
BEGIN_MESSAGE_MAP(CStatus, CDHtmlDialog)
// ON_BN_CLICKED(IDC_BUTTON1, OnBnClickedButton1)
ON_NOTIFY(NM_DBLCLK, IDC_TREE1, OnNMDblclkTree1)
ON_NOTIFY(TVN_SELCHANGED, IDC_TREE1, OnTvnSelchangedTree1)
END_MESSAGE_MAP()
BEGIN_DHTML_EVENT_MAP(CStatus)
DHTML_EVENT_ONCLICK(_T("ButtonOK"), OnButtonOK)
DHTML_EVENT_ONCLICK(_T("ButtonCancel"), OnButtonCancel)
END_DHTML_EVENT_MAP()
DentistryDoctor 2004-08-20
- 打赏
- 举报
是不是忘了调用CloseHandle?
WYlslrt 2004-08-20
- 打赏
- 举报
up
