/// <summary>
/// Returns a collection of handles that are currently active within the system
/// </summary>
/// <returns>A collection of active handles</returns>
public static ICollection <HandleInfo> GetHandles()
{
byte[] buffer;
NtStatus status;
int size = 1024;
uint actualSize = 0;
do
{
buffer = new byte[size];
status = NtDll.NtQuerySystemInformation(SystemInformationType.HandleInformation, buffer,
Convert.ToUInt32(size), ref actualSize);
if (status != NtStatus.Success && status != NtStatus.BufferTooSmall &&
status != NtStatus.InfoLengthMismatch)
{
throw new Win32Exception("Could not retrieve system handle information");
}
size = Convert.ToInt32(actualSize);
} while (status != NtStatus.Success);
int count = Seriz.Parse <int>(buffer);
NtDll.SystemHandle[] systemHandles = Seriz.Parse <NtDll.SystemHandle>(buffer.Skip(4).ToArray(), count);
List <HandleInfo> results = new List <HandleInfo>();
foreach (var handle in systemHandles)
{
results.Add(new HandleInfo(Convert.ToInt32(handle.ProcessId), handle.Type,
new IntPtr(handle.Handle), handle.AccessMask));
}
return(results);
}
/// <summary>
/// Reads an array of structures or instances of a formatted class from given address in virtual memory of the process
/// </summary>
/// <typeparam name="T">The type of structure or formatted class to be read</typeparam>
/// <param name="address">The address to be read from</param>
/// <param name="count">The number of elements in the array to be read</param>
/// <returns>The array of structures or instances read from virtual memory of the process</returns>
/// <exception cref="ArgumentException">If count is equal to or less than zero</exception>
/// <exception cref="Win32Exception">On Windows API error</exception>
/// <exception cref="InvalidOperationException">If the call succeeds but too few bytes were read</exception>
public T[] Read <T>(IntPtr address, Int32 count)
{
if (count <= 0)
{
throw new ArgumentException("Count must be greater than zero");
}
int size = Marshal.SizeOf <T>();
int totalSize = size * count;
if (Buffer.Length < totalSize)
{
Buffer = new byte[totalSize];
}
Read(address, Buffer, totalSize);
return(Seriz.Parse <T>(Buffer, count));
}
/// <summary>
/// Writes an array of structures or instances of a formatted class to given address in virtual memory of the process
/// </summary>
/// <typeparam name="T">The type of the structure or formatted class to be written</typeparam>
/// <param name="address">The address to be written to</param>
/// <param name="values">The array of structures or instances of a formatted class to be written</param>
/// <exception cref="ArgumentException">If the given array is empty</exception>
/// <exception cref="Win32Exception">On Windows API error</exception>
/// <exception cref="InvalidOperationException">If the call succeeds but too few bytes were written</exception>
public void Write <T>(IntPtr address, T[] values)
{
if (values == null)
{
throw new ArgumentNullException(nameof(values));
}
if (values.Length == 0)
{
throw new ArgumentException("Cannot write an empty array");
}
int size = Marshal.SizeOf <T>();
int totalSize = size * values.Length;
if (Buffer.Length < totalSize)
{
Buffer = new byte[totalSize];
}
Seriz.Serialize(Buffer, values);
Write(address, Buffer, totalSize);
}
