#include "stdafx.h"
#include <iostream>
#include <windows.h>
using namespace std;
typedef struct _SYSTEM_HANDLE_STATE {
DWORD r1;
DWORD GrantedAccess;
DWORD HandleCount; // 减1为句柄计数
DWORD ReferenceCount; // 减1为指针引用计数
DWORD r5;
DWORD r6;
DWORD r7;
DWORD r8;
DWORD r9;
DWORD r10;
DWORD r11;
DWORD r12;
DWORD r13;
DWORD r14;
}SYSTEM_HANDLE_STATE, *PSYSTEM_HANDLE_STATE;
typedef long(__stdcall*PNtQueryObject)(HANDLE ObjectHandle,ULONG ObjectInformationClass,PVOID ObjectInformation,ULONG ObjectInformationLength,PULONG ReturnLength);
int main(){
PNtQueryObject NtQueryObject(reinterpret_cast<PNtQueryObject>(GetProcAddress(GetModuleHandleW(L"ntdll.dll"),"NtQueryObject")));
SYSTEM_HANDLE_STATE name,*pname;ULONG len;
HANDLE hEvent1=CreateEvent(NULL, TRUE, FALSE, NULL);
BOOL bRet = NtQueryObject(hEvent1,0,&name,sizeof name,&len);
cout<<bRet<<endl;
wcout<<name.HandleCount<<" "<<name.ReferenceCount<<endl;
CloseHandle(hEvent1);
bRet = NtQueryObject(hEvent1,0,&name,sizeof name,&len);// 0为查询对象的当前状态,包括句柄计数,引用计数等等
printf("%I32X\n", bRet);//返回0xC0000008,在windows内核中表示无效句柄,说明已经关闭句柄了
return 0;
}版权声明:本文为博主原创文章,未经博主允许不得转载。
转载于:https://www.cnblogs.com/qq76211822/p/4712038.html