/// <summary>
/// Get the type name of the given object.
/// </summary>
public static string GetObjectType(SafeHandle handle)
{
using (HeapBuffer buffer = new HeapBuffer())
{
NTSTATUS status = NTSTATUS.STATUS_BUFFER_OVERFLOW;
// We'll initially give room for 50 characters for the type name
uint returnLength = (uint)Marshal.SizeOf <OBJECT_TYPE_INFORMATION>() + 50 * sizeof(char);
while (status == NTSTATUS.STATUS_BUFFER_OVERFLOW || status == NTSTATUS.STATUS_BUFFER_TOO_SMALL || status == NTSTATUS.STATUS_INFO_LENGTH_MISMATCH)
{
buffer.EnsureByteCapacity(returnLength);
status = Direct.NtQueryObject(
Handle: handle,
ObjectInformationClass: OBJECT_INFORMATION_CLASS.ObjectTypeInformation,
ObjectInformation: buffer.DangerousGetHandle(),
ObjectInformationLength: checked ((uint)buffer.ByteCapacity),
ReturnLength: out returnLength);
}
if (!ErrorMacros.NT_SUCCESS(status))
{
throw ErrorHelper.GetIoExceptionForNTStatus(status);
}
return(new CheckedReader(buffer).ReadStruct <OBJECT_TYPE_INFORMATION>().TypeName.ToString());
}
}
public static unsafe void ToUpperInvariant(ref UNICODE_STRING value)
{
NTSTATUS status = Imports.RtlUpcaseUnicodeString(
(UNICODE_STRING *)Structs.AddressOf(ref value), (UNICODE_STRING *)Structs.AddressOf(ref value), false);
if (!ErrorMacros.NT_SUCCESS(status))
{
ErrorMethods.GetIoExceptionForNTStatus(status);
}
}
/// <summary>
/// Get the name fot he given handle. This is typically the NT path of the object.
/// </summary>
public static string GetObjectName(SafeHandle handle)
{
// IoQueryFileDosDeviceName wraps this for file handles, but requires calling ExFreePool to free the allocated memory
// https://msdn.microsoft.com/en-us/library/windows/hardware/ff548474.aspx
//
// http://undocumented.ntinternals.net/index.html?page=UserMode%2FUndocumented%20Functions%2FNT%20Objects%2FType%20independed%2FOBJECT_NAME_INFORMATION.html
//
// typedef struct _OBJECT_NAME_INFORMATION
// {
// UNICODE_STRING Name;
// WCHAR NameBuffer[0];
// } OBJECT_NAME_INFORMATION, *POBJECT_NAME_INFORMATION;
//
// The above definition means the API expects a buffer where it can stick a UNICODE_STRING with the buffer immediately following.
using (HeapBuffer buffer = new HeapBuffer())
{
NTSTATUS status = NTSTATUS.STATUS_BUFFER_OVERFLOW;
uint returnLength = 260 * sizeof(char);
while (status == NTSTATUS.STATUS_BUFFER_OVERFLOW || status == NTSTATUS.STATUS_BUFFER_TOO_SMALL)
{
buffer.EnsureByteCapacity(returnLength);
status = Direct.NtQueryObject(
Handle: handle,
ObjectInformationClass: OBJECT_INFORMATION_CLASS.ObjectNameInformation,
ObjectInformation: buffer.DangerousGetHandle(),
ObjectInformationLength: checked ((uint)buffer.ByteCapacity),
ReturnLength: out returnLength);
}
if (!ErrorMacros.NT_SUCCESS(status))
{
throw ErrorHelper.GetIoExceptionForNTStatus(status);
}
return(new CheckedReader(buffer).ReadStruct <UNICODE_STRING>().ToString());
}
}