procexp 如何关闭另一个进程持有的互斥锁? [英] how does procexp close a mutex held by another process?
问题描述
我正在尝试使用 Win32 函数关闭由 Windows 上的进程持有的互斥锁.这可以使用 procexp 完成,但我需要在不使用 procexp GUI 的情况下以编程方式完成.
I am trying to close a mutex that is being held by a process on Windows using Win32 functions. This can be done using procexp but I need to do it programmatically without using the procexp GUI.
方法一:我尝试使用 EasyHook 将 dll 注入到进程中,然后从注入的线程中尝试以下操作:- OpenMutex
- 释放互斥锁它给了我 ERROR_NOT_OWNER 错误,可能是因为在与调用 AcquireMutex 的线程不同的线程上调用了释放.
Method1:
I tried injecting a dll into the processs using EasyHook and then tried the following from the injected thread:
- OpenMutex
- ReleaseMutex
It gave me the ERROR_NOT_OWNER error probably because the release was called on a different thread than the one that called AcquireMutex.
方法二:注入 dll 后,我尝试使用 mHook 挂钩 CreateMutex.上钩的 CreateMutex 刚刚回调了原来的 CreateMutex.但这只会使应用程序崩溃.
Method2: After injecting the dll, I tried to hook for CreateMutex using mHook. The hooked CreateMutex just called back the original CreateMutex. But this would just crash the application.
我可以使用 procexp 来关闭互斥锁,但我需要以编程方式来完成.procexp 是如何做到的?如何在没有任何内核模式代码的情况下以编程方式完成?
I can use procexp to close the mutex but I need to do it programmatically. How does procexp do it? How can it be done programmatically without any kernel mode code?
推荐答案
使用 NtQuerySystemInformation() 检索打开句柄数组,循环遍历数组直到在目标进程中找到所需的互斥句柄,然后使用 DuplicateHandle() 通过指定 DUPLICATE_CLOSE_SOURCE标志.
Use NtQuerySystemInformation() to retrieve an array of open handles, loop through the array until you find the desired mutex handle in the target process, then close it using DuplicateHandle() by specifying the DUPLICATE_CLOSE_SOURCE flag.
以下文章更详细地解释了它:
The following article explains it in more detail:
这篇关于procexp 如何关闭另一个进程持有的互斥锁?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
