private static Dictionary <string, NtType> LoadTypes()
{
var type_factories = NtTypeFactory.GetAssemblyNtTypeFactories(Assembly.GetExecutingAssembly());
int type_size = GetTypeSize();
Dictionary <string, NtType> ret = new Dictionary <string, NtType>(StringComparer.OrdinalIgnoreCase);
using (var type_info = new SafeStructureInOutBuffer <ObjectAllTypesInformation>(type_size, true))
{
int alignment = IntPtr.Size - 1;
NtSystemCalls.NtQueryObject(SafeKernelObjectHandle.Null, ObjectInformationClass.ObjectTypesInformation,
type_info, type_info.Length, out int return_length).ToNtException();
ObjectAllTypesInformation result = type_info.Result;
IntPtr curr_typeinfo = type_info.DangerousGetHandle() + IntPtr.Size;
for (int count = 0; count < result.NumberOfTypes; ++count)
{
ObjectTypeInformation info = (ObjectTypeInformation)Marshal.PtrToStructure(curr_typeinfo, typeof(ObjectTypeInformation));
string name = info.Name.ToString();
NtTypeFactory factory = type_factories.ContainsKey(name) ? type_factories[name] : _generic_factory;
NtType ti = new NtType(count + 2, info, factory);
ret[ti.Name] = ti;
int offset = (info.Name.MaximumLength + alignment) & ~alignment;
curr_typeinfo = info.Name.Buffer + offset;
}
return(ret);
}
}
private static Dictionary <string, NtType> LoadTypes()
{
var type_factories = NtTypeFactory.GetAssemblyNtTypeFactories(Assembly.GetExecutingAssembly());
Dictionary <string, NtType> ret = new Dictionary <string, NtType>(StringComparer.OrdinalIgnoreCase);
int size = 0x8000;
NtStatus status = NtStatus.STATUS_INFO_LENGTH_MISMATCH;
// repeatly try to fill out ObjectTypes buffer by increasing it's size between each attempt
while (size < 0x1000000)
{
using (var type_info = new SafeStructureInOutBuffer <ObjectAllTypesInformation>(size, true))
{
status = NtSystemCalls.NtQueryObject(SafeKernelObjectHandle.Null, ObjectInformationClass.ObjectTypesInformation,
type_info, type_info.Length, out int return_length);
switch (status)
{
// if the input buffer is too small, double it's size and retry
case NtStatus.STATUS_INFO_LENGTH_MISMATCH:
size *= 2;
break;
// From this point, the return values of NtSystemCalls.NtQueryObject are considered correct
case NtStatus.STATUS_SUCCESS:
int alignment = IntPtr.Size - 1;
ObjectAllTypesInformation result = type_info.Result;
IntPtr curr_typeinfo = type_info.DangerousGetHandle() + IntPtr.Size;
for (int count = 0; count < result.NumberOfTypes; ++count)
{
ObjectTypeInformation info = (ObjectTypeInformation)Marshal.PtrToStructure(curr_typeinfo, typeof(ObjectTypeInformation));
string name = info.Name.ToString();
NtTypeFactory factory = type_factories.ContainsKey(name) ? type_factories[name] : _generic_factory;
NtType ti = new NtType(count + 2, info, factory);
ret[ti.Name] = ti;
int offset = (info.Name.MaximumLength + alignment) & ~alignment;
curr_typeinfo = info.Name.Buffer + offset;
}
return(ret);
default:
throw new NtException(status);
}
}
}
// raise exception if the candidate buffer is over a MB.
throw new NtException(NtStatus.STATUS_INSUFFICIENT_RESOURCES);
}
private static void LoadTypes()
{
if (_types == null)
{
SafeStructureInOutBuffer <ObjectAllTypesInformation> type_info = new SafeStructureInOutBuffer <ObjectAllTypesInformation>();
try
{
Dictionary <string, NtType> ret = new Dictionary <string, NtType>(StringComparer.OrdinalIgnoreCase);
int return_length;
NtStatus status = NtSystemCalls.NtQueryObject(SafeKernelObjectHandle.Null, ObjectInformationClass.ObjectAllInformation,
type_info.DangerousGetHandle(), type_info.Length, out return_length);
if (status != NtStatus.STATUS_INFO_LENGTH_MISMATCH)
{
status.ToNtException();
}
type_info.Close();
type_info = null;
type_info = new SafeStructureInOutBuffer <ObjectAllTypesInformation>(return_length, false);
int alignment = IntPtr.Size - 1;
NtSystemCalls.NtQueryObject(SafeKernelObjectHandle.Null, ObjectInformationClass.ObjectAllInformation,
type_info.DangerousGetHandle(), type_info.Length, out return_length).ToNtException();
ObjectAllTypesInformation result = type_info.Result;
IntPtr curr_typeinfo = type_info.DangerousGetHandle() + IntPtr.Size;
for (int count = 0; count < result.NumberOfTypes; ++count)
{
ObjectTypeInformation info = (ObjectTypeInformation)Marshal.PtrToStructure(curr_typeinfo, typeof(ObjectTypeInformation));
NtType ti = new NtType(count + 2, info);
ret[ti.Name] = ti;
int offset = (info.Name.MaximumLength + alignment) & ~alignment;
curr_typeinfo = info.Name.Buffer + offset;
}
_types = ret;
}
finally
{
if (type_info != null)
{
type_info.Close();
}
}
}
}
