查询句柄引用计数源码
#include "stdafx.h" #include <iostream> #include <windows.h> using namespace std; typedef struct _SYSTEM_HANDLE_STATE { DWORD r1; DWORD GrantedAccess; DWORD HandleCount; // 减1为句柄计数 DWORD ReferenceCount; // 减1为指针引用计数 DWORD r5; DWORD r6; DWORD r7; DWORD r8; DWORD r9; DWORD r10; DWORD r11; DWORD r12; DWORD r13; DWORD r14; }SYSTEM_HANDLE_STATE, *PSYSTEM_HANDLE_STATE; typedef long(__stdcall*PNtQueryObject)(HANDLE ObjectHandle,ULONG ObjectInformationClass,PVOID ObjectInformation,ULONG ObjectInformationLength,PULONG ReturnLength); int main(){ PNtQueryObject NtQueryObject(reinterpret_cast<PNtQueryObject>(GetProcAddress(GetModuleHandleW(L"ntdll.dll"),"NtQueryObject"))); SYSTEM_HANDLE_STATE name,*pname;ULONG len; HANDLE hEvent1=CreateEvent(NULL, TRUE, FALSE, NULL); BOOL bRet = NtQueryObject(hEvent1,0,&name,sizeof name,&len); cout<<bRet<<endl; wcout<<name.HandleCount<<" "<<name.ReferenceCount<<endl; CloseHandle(hEvent1); bRet = NtQueryObject(hEvent1,0,&name,sizeof name,&len);// 0为查询对象的当前状态,包括句柄计数,引用计数等等 printf("%I32X\n", bRet);//返回0xC0000008,在windows内核中表示无效句柄,说明已经关闭句柄了 return 0; }
版权声明:本文为博主原创文章,未经博主允许不得转载。