How can I see the Handles of a process?
Is there a simple command for AHK V2 so that I can find a Handle named "DiscordHook"?
How can I see the Handles of a process?
Re: How can I see the Handles of a process?
There is no AHK command for this.
Here is a v1 version to get process handles -> viewtopic.php?p=96242#p96242
If you need help to convert to v2, you can ask
Here is a v1 version to get process handles -> viewtopic.php?p=96242#p96242
If you need help to convert to v2, you can ask
[AHK] v2.0.5 | [WIN] 11 Pro (Version 22H2) | [GitHub] Profile
Re: How can I see the Handles of a process?
Maybe there are still some permission problems, because not all names could be resolved. Or I have forgotten something.
Code: Select all
#Requires AutoHotkey v2.0
#DllLoad "advapi32.dll"
#DllLoad "ntdll.dll"
ProcessID := 5064
Main := Gui()
LV := Main.AddListView("xm ym w800 r30", ["Handle", "Type", "Name", "Path"])
for i, v in PH := GetProcessHandles(ProcessID)
{
LV.Add("", PH[i]["Handle"], PH[i]["Type"], PH[i]["Name"], PH[i]["Path"])
}
Main.OnEvent("Close", (*) => ExitApp)
Main.Show()
GetProcessHandles(ProcessID)
{
static PROCESS_QUERY_INFORMATION := 0x0400
static PROCESS_DUP_HANDLE := 0x0040
static TOKEN_ADJUST_PRIVILEGES := 0x0020
static hCurrentProcess := DllCall("GetCurrentProcess", "Ptr")
hProcess := OpenProcess(hCurrentProcess, PROCESS_QUERY_INFORMATION)
hToken := OpenProcessToken(hProcess, TOKEN_ADJUST_PRIVILEGES)
LUID := LookupPrivilegeValue("SeDebugPrivilege")
AdjustTokenPrivileges(hToken, LUID)
CloseHandle(hToken)
mHandles := SystemHandleInformation(ProcessID)
ProcessHandles := Map()
for i, v in mHandles
{
PH := Map()
if !(hProc := OpenProcess(mHandles[i]["UniqueProcessId"], PROCESS_QUERY_INFORMATION | PROCESS_DUP_HANDLE))
continue
if !(hDublicate := DuplicateObject(hProc, hCurrentProcess, mHandles[i]["HandleValue"], 4))
continue
PH["Handle"] := mHandles[i]["HandleValue"]
PH["Name"] := ObjectNameInformation(mHandles[i]["HandleValue"])
PH["Type"] := ObjectTypeInformation(mHandles[i]["HandleValue"])
PH["Path"] := GetFinalPathNameByHandle(mHandles[i]["HandleValue"])
ProcessHandles[A_Index] := PH
CloseHandle(hDublicate)
CloseHandle(hProc)
}
CloseHandle(hProcess)
return ProcessHandles
}
AdjustTokenPrivileges(hToken, LUID)
{
static SE_PRIVILEGE_ENABLED := 0x00000002
TOKEN_PRIVILEGES := Buffer(16, 0)
NumPut("UInt", 1, TOKEN_PRIVILEGES, 0)
NumPut("Int64", LUID, TOKEN_PRIVILEGES, 4)
NumPut("UInt", SE_PRIVILEGE_ENABLED, TOKEN_PRIVILEGES, 12)
if !(DllCall("advapi32\AdjustTokenPrivileges", "Ptr", hToken, "Int", 0, "Ptr", TOKEN_PRIVILEGES, "UInt", TOKEN_PRIVILEGES.Size, "Ptr", 0, "Ptr", 0))
return false
return true
}
CloseHandle(hObject)
{
if (hObject)
DllCall("CloseHandle", "Ptr", hObject)
}
DuplicateObject(hProcess, hCurrentProcess, Handle, Options)
{
static STATUS_SUCCESS := 0x00000000
NT_STATUS := DllCall("ntdll\NtDuplicateObject", "Ptr", hProcess, "Ptr", Handle, "Ptr", hCurrentProcess, "Ptr*", &hDublicate := 0, "UInt", 0, "UInt", 0, "UInt", Options)
if (NT_STATUS = STATUS_SUCCESS)
return hDublicate
return false
}
GetFinalPathNameByHandle(hFile)
{
Size := DllCall("GetFinalPathNameByHandleW", "Ptr", hFile, "Ptr", 0, "UInt", 0, "UInt", 0, "UInt")
VarSetStrCapacity(&FilePath, Size)
if !(DllCall("GetFinalPathNameByHandleW", "Ptr", hFile, "Str", FilePath, "UInt", Size, "UInt", 0, "UInt"))
return
return FilePath
}
LookupPrivilegeValue(Name)
{
if !(DllCall("advapi32\LookupPrivilegeValueW", "Ptr", 0, "Str", Name, "Int64*", &LUID := 0))
return false
return LUID
}
ObjectNameInformation(Handle)
{
static STATUS_SUCCESS := 0x00000000
static ObjectNameInformation := 1
DllCall("ntdll\NtQueryObject", "Ptr", Handle, "UInt", ObjectNameInformation, "Ptr", 0, "UInt", 0, "uint*", &Size := 0, "UInt")
Buf := Buffer(Size, 0)
NT_STATUS := DllCall("ntdll\NtQueryObject", "Ptr", Handle, "UInt", ObjectNameInformation, "Ptr", Buf.Ptr, "UInt", Buf.Size, "uint*", &Size := 0, "UInt")
if (NT_STATUS = STATUS_SUCCESS)
{
return StrGet(NumGet(buf, A_PtrSize, "uptr"), NumGet(buf, 0, "ushort") // 2, "UTF-16")
}
return
}
ObjectTypeInformation(Handle)
{
static STATUS_SUCCESS := 0x00000000
static ObjectTypeInformation := 2
DllCall("ntdll\NtQueryObject", "Ptr", Handle, "UInt", ObjectTypeInformation, "Ptr", 0, "UInt", 0, "uint*", &Size := 0, "UInt")
Buf := Buffer(Size, 0)
NT_STATUS := DllCall("ntdll\NtQueryObject", "Ptr", Handle, "UInt", ObjectTypeInformation, "Ptr", Buf.Ptr, "UInt", Buf.Size, "uint*", &Size := 0, "UInt")
if (NT_STATUS = STATUS_SUCCESS)
{
return StrGet(NumGet(buf, A_PtrSize, "uptr"), NumGet(buf, 0, "ushort") // 2, "UTF-16")
}
return
}
OpenProcess(ProcessID, DesiredAccess, InheritHandle := 0)
{
if !(hProcess := DllCall("OpenProcess", "UInt", DesiredAccess, "Int", InheritHandle, "UInt", ProcessID, "Ptr"))
return false
return hProcess
}
OpenProcessToken(hProcess, DesiredAccess)
{
if !(DllCall("advapi32\OpenProcessToken", "Ptr", hProcess, "UInt", DesiredAccess, "Ptr*", &hToken := 0))
return false
return hToken
}
SystemHandleInformation(ProcessID)
{
static STATUS_SUCCESS := 0x00000000
static STATUS_INFO_LENGTH_MISMATCH := 0xC0000004
static STATUS_BUFFER_TOO_SMALL := 0xC0000023
static SYSTEM_SYSTEM_HANDLE_INFORMATION := 0x00000010
Buf := Buffer(0, 0)
NT_STATUS := DllCall("ntdll\NtQuerySystemInformation", "Int", SYSTEM_SYSTEM_HANDLE_INFORMATION, "Ptr", Buf.Ptr, "UInt", Buf.Size, "UInt*", &Size := 0, "UInt")
while (NT_STATUS = STATUS_INFO_LENGTH_MISMATCH) || (NT_STATUS = STATUS_BUFFER_TOO_SMALL)
{
Buf := Buffer(Size, 0)
NT_STATUS := DllCall("ntdll\NtQuerySystemInformation", "Int", SYSTEM_SYSTEM_HANDLE_INFORMATION, "Ptr", Buf.Ptr, "UInt", Buf.Size, "UInt*", &Size := 0, "UInt")
}
if (NT_STATUS = STATUS_SUCCESS)
{
NumberOfHandles := NumGet(Buf, 0x0000, "UInt")
Addr := Buf.Ptr + 0x0008
HANDLE_INFORMATION := Map()
loop NumberOfHandles
{
if (NumGet(Addr, 0x0000, "UShort") = ProcessID)
{
HANDLE := Map()
HANDLE["UniqueProcessId"] := NumGet(Addr, 0x0000, "UShort")
HANDLE["HandleValue"] := NumGet(Addr, 0x0006, "UShort")
HANDLE_INFORMATION[A_Index] := HANDLE
}
Addr += 0x0018
}
return HANDLE_INFORMATION
}
return false
}
[AHK] v2.0.5 | [WIN] 11 Pro (Version 22H2) | [GitHub] Profile
Re: How can I see the Handles of a process?
@jNizM
Indeed, I can't find Device/Afd and many other Handles.
Indeed, I can't find Device/Afd and many other Handles.
Re: How can I see the Handles of a process?
Can you test it? Changed some things
https://github.com/jNizM/ahk-scripts-v2/blob/main/src/ProcessThreadModule/GetProcessHandles.ahk
https://github.com/jNizM/ahk-scripts-v2/blob/main/src/ProcessThreadModule/GetProcessHandles.ahk
[AHK] v2.0.5 | [WIN] 11 Pro (Version 22H2) | [GitHub] Profile
Re: How can I see the Handles of a process?
yes it works!jNizM wrote: ↑01 Feb 2023, 05:47Can you test it? Changed some things
https://github.com/jNizM/ahk-scripts-v2/blob/main/src/ProcessThreadModule/GetProcessHandles.ahk
Thank you!