Looking for example code (all info in thread)

01/30/2019 20:45 owadziak#1

Hello there everyone.

I hope there is someone who could help me a bit.
(Im not looking for full code , just for simple example how this could be done)
im working on a bot for Royal Quest.
I know a way to run multiple clients in one pc without VMWare etc
to do that i need to kill 2 "Event's" inside running process
I know how to do that manually using process exploler. But i would like to automate that , using build in script in to my bot. (
These two actually (Handle 0x120 and handle 0x108 )
[Only registered and activated users can see links. Click Here To Register...]
I tried to find any Tutorial or script example , but without success
Spend like 4 hours , trying to figure it out by my self
using _WINAPI_CloseHandle function but i failed

so any help from community is appreciated

01/31/2019 00:42 florian0#2

Sorry, I have no clue what that screenshot should tell me and what kind of events you are talking about. WinAPI sometimes references to Events as Threads so maybe you are talking about threads. But BaseNamedObjects can also refer to Mutexes or Semaphores or "Events" ... so ... ?

I guess these are the real WinAPI Events.

Useless side information

Events are managed in the kernel by reference counting. There is no certain way to "delete" an event. The kernel will release the event once the last reference to it has been closed. CloseHandle states that it will also "delete" events, but I'm unsure how the kernel will actually handle this.

Long story short: CloseHandle seems to be your only hope. There is only one trick to it: You need to call it inside the target process. An external process can not access the internal handles of another process. Therefore you need to inject a DLL or "simply" call CreateRemoteThread.

The question is now do you find the handles? Are they deterministic aka. can you guess them?

01/31/2019 01:35 owadziak#3

seems like this one never change, doesnt matter how many client i open even if i open that game in different pc.

Spoiler

Maybe this screen will help u figure out anything

02/02/2019 23:15 elmarcia#4

Code:

#include <WinAPI.au3>
#include <WinAPIProc.au3>
#include <ProcessConstants.au3>
#include <Array.au3>

#RequireAdmin


$PID = ProcessExists("Your process name here.exe")
$Data = _WinAPI_EnumProcessHandles($PID)
const $DUPLICATE_OPTION_CLOSE_SOURCE = 1
;Note that in windows, handle type Event is 12
Const $WINDOWS_HANDLE_TYPE_EVENT = 12
;Use
;_ArrayDisplay(Data) to find handle types for every OS


If IsArray($Data) Then
	$hSource = _WinAPI_OpenProcess($PROCESS_DUP_HANDLE, 0, $PID)
	If $hSource Then
		For $i = 1 To $Data[0][0]
			If $Data[$i][1] == $WINDOWS_HANDLE_TYPE_EVENT Then
				;Handle value
                                $value = Int ($Data[$i][0])
				If $value == 0x120 or $value == 0x108 Then
			$hObject = _WinAPI_DuplicateHandle($hSource, $Data[$i][0], 0, 0, 0, $DUPLICATE_OPTION_CLOSE_SOURCE)
			If Not @error Then
				_WinAPI_CloseHandle($hObject)
			EndIf
			EndIf
			EndIf
		Next
	EndIf
EndIf

edit:
Reference link: [Only registered and activated users can see links. Click Here To Register...]

02/05/2019 05:22 owadziak#5

Thanks alot, this one works perfectly