Windows API 错误“句柄无效”

首页课程实战体系课手记专栏慕课教程

Windows API 错误“句柄无效”

我正在尝试创建一个程序，利用MiniDumpWriteDumpWindows API 转储另一个进程的内存。但是，它不断返回错误并提示The handle is invalid。我对我的进程句柄非常有信心，因为我OpenProcess以前使用过 Windows API，所以我认为这就是我使用CreateFileW.

我在网上看过这样的例子，但我无法让任何东西发挥作用。

到目前为止，这是我的代码：

package main

import (

"fmt"

"os"

"strconv"

"syscall"

"unsafe"

)

var kernel32 = syscall.NewLazyDLL("kernel32.dll")

var procOpenProcess = kernel32.NewProc("OpenProcess")

var procCreateFileW = kernel32.NewProc("CreateFileW")

var procCloseHandle = kernel32.NewProc("CloseHandle")

var dbghelp = syscall.NewLazyDLL("Dbghelp.dll")

var procMiniDumpWriteDump = dbghelp.NewProc("MiniDumpWriteDump")

func main() {

fmt.Println("[ ] Starting Enum-DumpProcessMemory\n")

pid, _ := strconv.Atoi(os.Args[1])

fmt.Println("[-] PID :", pid)

processHandle, _, _ := procOpenProcess.Call(uintptr(0xFFFF), uintptr(1), uintptr(pid))

fmt.Println("[-] Process Handle :", processHandle)

path, _ := syscall.UTF16PtrFromString(os.Args[2])

fileHandle, _, _ := procCreateFileW.Call(uintptr(unsafe.Pointer(path)), syscall.GENERIC_READ, syscall.FILE_SHARE_READ|syscall.FILE_SHARE_WRITE, 0, syscall.OPEN_EXISTING, syscall.FILE_ATTRIBUTE_NORMAL, 0)

fmt.Println("[-] File Handle :", fileHandle)

ret, _, err := procMiniDumpWriteDump.Call(uintptr(processHandle), uintptr(pid), uintptr(fileHandle), 0x00061907, 0, 0, 0)

if ret != 0 {

fmt.Println("[+] Process memory dump successful")

} else {

fmt.Println("[x] Process memory dump not successful")

fmt.Println(err)

}

}

这是输出：

> .\Enum-DumpProcessMemory.exe 6892 C:\Users\user\Documents\dump.dmp

[ ] Starting Enum-DumpProcessMemory

[-] PID : 6892

[-] Process Handle : 236

[-] File Handle : 18446744073709551615

[x] Process memory dump not successful

The handle is invalid.

湖上湖

浏览 176回答 1

1回答

鸿蒙传说

问题是我试图为不存在的文件创建处理程序。这是我的工作代码：package mainimport (    "fmt"    "os"    "strconv"    "syscall"    "unsafe")var kernel32        = syscall.NewLazyDLL("kernel32.dll")var procOpenProcess = kernel32.NewProc("OpenProcess")var procCreateFileW = kernel32.NewProc("CreateFileW")var dbghelp               = syscall.NewLazyDLL("Dbghelp.dll")var procMiniDumpWriteDump = dbghelp.NewProc("MiniDumpWriteDump")func main() {    fmt.Println("[ ] Starting Enum-DumpProcessMemory\n")    pid, _ := strconv.Atoi(os.Args[1])    fmt.Println("[-] PID            :", pid)    processHandle, _, _ := procOpenProcess.Call(uintptr(0xFFFF), uintptr(1), uintptr(pid))    fmt.Println("[-] Process Handle :", processHandle)    if _, err := os.Stat(os.Args[2]); os.IsNotExist(err) {        os.Create(os.Args[2])    }    path, _ := syscall.UTF16PtrFromString(os.Args[2])    fileHandle, _, _ := procCreateFileW.Call(uintptr(unsafe.Pointer(path)), syscall.GENERIC_WRITE, syscall.FILE_SHARE_READ|syscall.FILE_SHARE_WRITE, 0, syscall.OPEN_EXISTING, syscall.FILE_ATTRIBUTE_NORMAL, 0)    fmt.Println("[-] File Handle    :", fileHandle)    ret, _, err := procMiniDumpWriteDump.Call(uintptr(processHandle), uintptr(pid), uintptr(fileHandle), 0x00061907, 0, 0, 0)    if ret != 0 {        fmt.Println("[+] Process memory dump successful")    } else {        fmt.Println("[x] Process memory dump not successful")        fmt.Println(err)    }}

0 0

随时随地看视频慕课网APP

相关分类

Go