Process handle search

whynotregister · 27 Mar 2017, 01:54

The above picture shows the process that have the handle of chrome.exe.

I want to get a list of process that have a handle to a particular process.

27 Mar 2017, 02:01

Something like this? GetProcessThreads.ahk

whynotregister · 27 Mar 2017, 02:11

jNizM wrote:Something like this? GetProcessThreads.ahk

Well, can not get a list of handles instead of threads?

A_AhkUser · 27 Mar 2017, 14:01

Maybe that's what you are looking for:

Code: Select all

for process in ComObjGet("winmgmts:").ExecQuery("Select Handle, Name from Win32_Process WHERE Name='Chrome.exe'")
    processes .= process.Name . "  -  " . process.Handle . "`r`n"
MsgBox % processes

; see https://autohotkey.com/board/topic/8228-process-listfile-namescommand-lines/page-2 (lexikos answer)

whynotregister · 27 Mar 2017, 14:42

A_AhkUser wrote:Maybe that's what you are looking for:

Code: Select all

for process in ComObjGet("winmgmts:").ExecQuery("Select Handle, Name from Win32_Process WHERE Name='Chrome.exe'")
    processes .= process.Name . "  -  " . process.Handle . "`r`n"
MsgBox % processes

; see https://autohotkey.com/board/topic/8228-process-listfile-namescommand-lines/page-2 (lexikos answer)

Unfortunately, this does not show all the handles.
For example, when you do "openprocess" with the cheat engine, the "handle" should output the cheat engine process. However, this is not output.

A_AhkUser · 27 Mar 2017, 15:15

whynotregister wrote:Unfortunately, this does not show all the handles.

Not sure but maybe it is due to the fact that you lunched the processes from whom belong the aforementioned handles as administrator unlike the script itself.

28 Mar 2017, 02:18

Its a bit more complicated to get all handles...
You need SetPrivilege, OpenProcess, NtQuerySystemInformation/ZwQuerySystemInformation, NtQueryObject/ZwQueryObject

whynotregister · 28 Mar 2017, 04:00

jNizM wrote:Its a bit more complicated to get all handles...
You need SetPrivilege, OpenProcess, NtQuerySystemInformation/ZwQuerySystemInformation, NtQueryObject/ZwQueryObject

How should I implement it?
As far as I know, it is possible to implement in user mode api.

28 Mar 2017, 04:11

Will post an example as soon I finished it.

whynotregister · 28 Mar 2017, 04:18

jNizM wrote:Will post an example as soon I finished it.

Very Thank you

28 Mar 2017, 05:53

Here is my first (not whole finished) attempt: GetProcessHandles
Maybe you need to start it as admin (runas admin function can be found in this forum too)

whynotregister · 28 Mar 2017, 06:12

jNizM wrote:Here is my first (not whole finished) attempt: GetProcessHandles
Maybe you need to start it as admin (runas admin function can be found in this forum too)

It does not seem to work.

Code: Select all

#include GetProcessHandles.ahk
winget,pid,pid,ahk_exe Chrome.exe
if pid > 0
msgbox % GetProcessHandles(pid)

Did I write the wrong code?
Tested with administrator privileges.

28 Mar 2017, 07:18

Code: Select all

for i, v in GetProcessHandles(PID)
    MsgBox % v

whynotregister · 28 Mar 2017, 07:56

jNizM wrote:
Code: Select all
for i, v in GetProcessHandles(PID)
    MsgBox % v

Thank you very much. Nice script.

Process handle search Topic is solved

Process handle search

Re: Process handle search

Re: Process handle search

Re: Process handle search

Re: Process handle search

Re: Process handle search

Re: Process handle search

Re: Process handle search

Re: Process handle search

Re: Process handle search

Re: Process handle search Topic is solved

Re: Process handle search

Re: Process handle search

Re: Process handle search

Who is online