{"id":19119038,"url":"https://github.com/alsch092/detectopenhandles","last_synced_at":"2025-05-05T14:40:45.884Z","repository":{"id":259611207,"uuid":"805065262","full_name":"AlSch092/DetectOpenHandles","owner":"AlSch092","description":"Code example of detecting open process handles to our process (C/C++, Windows)","archived":false,"fork":false,"pushed_at":"2024-10-26T20:15:03.000Z","size":15,"stargazers_count":6,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2024-10-26T22:17:57.913Z","etag":null,"topics":["anti-malware-effort","anticheat","game-hacking","sysinternals"],"latest_commit_sha":null,"homepage":"","language":"C++","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/AlSch092.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-05-23T20:16:38.000Z","updated_at":"2024-10-26T20:15:06.000Z","dependencies_parsed_at":"2024-10-26T22:18:12.023Z","dependency_job_id":"871420cd-04e4-42f4-bbb3-3b42d02bd61d","html_url":"https://github.com/AlSch092/DetectOpenHandles","commit_stats":null,"previous_names":["alsch092/detectopenhandles"],"tags_count":1,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/AlSch092%2FDetectOpenHandles","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/AlSch092%2FDetectOpenHandles/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/AlSch092%2FDetectOpenHandles/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/AlSch092%2FDetectOpenHandles/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/AlSch092","download_url":"https://codeload.github.com/AlSch092/DetectOpenHandles/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":223786779,"owners_count":17202603,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["anti-malware-effort","anticheat","game-hacking","sysinternals"],"created_at":"2024-11-09T05:08:22.527Z","updated_at":"2024-11-09T05:08:22.986Z","avatar_url":"https://github.com/AlSch092.png","language":"C++","readme":"# Detect Open Handles\nCode example of detecting open process handles to our process (C/C++, Windows usermode)\n\n![image](https://github.com/AlSch092/DetectOpenHandles/assets/94417808/39a23769-f9b2-4371-a57e-2cec3989f9e5)\n\n## How it works:\n- All handles on the system are retrieved via `NtQuerySystemInformation`\n- Handles are then filtered based on not being from of the current process (all handles except our current process handles are looked at)\n- `DuplicateHandle` is used after `OpenProcess(PROCESS_DUP_HANDLE, FALSE, handle.ProcessId)` to obtain a handle context\n- `GetProcessId` on the duplicated handle is then compared to the current process ID, and a match tells us this handle is an open process handle to our process\n\n## Benefits:\n- Calls to `OpenProcess` from external applications to our application can be detected\n\n## Drawbacks \u0026 Limitations\n- Expensive CPU-wise to constantly fetch all handles on the system \n- SERVICE or SYSTEM processes cannot have their handles queried from usermode\n\nThanks for reading, happy coding!\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Falsch092%2Fdetectopenhandles","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Falsch092%2Fdetectopenhandles","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Falsch092%2Fdetectopenhandles/lists"}