Beispiel #1
0
        public static string GetObjectName(Win32Api.SYSTEM_HANDLE_TABLE_ENTRY_INFO_EX handle)
        {
            IntPtr _processHandle = Win32Api.OpenProcess(Win32Api.ProcessAccessFlags.All, false, handle.UniqueProcessId);
            IntPtr _handle = IntPtr.Zero;

            try
            {
                if (!Win32Api.DuplicateHandle(_processHandle, handle.HandleValue, Win32Api.GetCurrentProcess(), out _handle, 0, false, Win32Api.DUPLICATE_SAME_ACCESS))
                    return null;

                IntPtr _basic = IntPtr.Zero;
                int nameLength = 0;

                try
                {
                    Win32Api.OBJECT_BASIC_INFORMATION basicInfo = new Win32Api.OBJECT_BASIC_INFORMATION();
                    _basic = Marshal.AllocHGlobal(Marshal.SizeOf(basicInfo));

                    Win32Api.NtQueryObject(_handle, (int)Win32Api.ObjectInformationClass.ObjectBasicInformation, _basic, Marshal.SizeOf(basicInfo), ref nameLength);
                    basicInfo = (Win32Api.OBJECT_BASIC_INFORMATION)Marshal.PtrToStructure(_basic, basicInfo.GetType());
                    nameLength = basicInfo.NameInformationLength;
                }
                finally
                {
                    if (_basic != IntPtr.Zero)
                        Marshal.FreeHGlobal(_basic);
                }

                if (nameLength ==0)
                {
                    return null;
                }

                Win32Api.OBJECT_NAME_INFORMATION nameInfo = new Win32Api.OBJECT_NAME_INFORMATION();
                IntPtr _objectName = Marshal.AllocHGlobal(nameLength);

                try
                {
                    while ((uint)(Win32Api.NtQueryObject(_handle, (int)Win32Api.ObjectInformationClass.ObjectNameInformation, _objectName, nameLength, ref nameLength)) == Win32Api.STATUS_INFO_LENGTH_MISMATCH)
                    {
                        Marshal.FreeHGlobal(_objectName);
                        _objectName = Marshal.AllocHGlobal(nameLength);
                    }
                    nameInfo = (Win32Api.OBJECT_NAME_INFORMATION)Marshal.PtrToStructure(_objectName, nameInfo.GetType());
                }
                finally
                {
                    Marshal.FreeHGlobal(_objectName);
                    Win32Api.CloseHandle(_handle);
                }

                try
                {
                    return Marshal.PtrToStringUni(nameInfo.Name.Buffer, nameInfo.Name.Length >> 1);
                }
                catch
                {

                }

                return null;
            }
            finally
            {
                if (_processHandle != IntPtr.Zero)
                    Win32Api.CloseHandle(_processHandle);
            }
        }
Beispiel #2
0
        public static string GetObjectName(Win32Api.SYSTEM_HANDLE_TABLE_ENTRY_INFO_EX handle)
        {
            IntPtr _processHandle = Win32Api.OpenProcess(Win32Api.ProcessAccessFlags.All, false, handle.UniqueProcessId);
            IntPtr _handle        = IntPtr.Zero;

            try
            {
                if (!Win32Api.DuplicateHandle(_processHandle, handle.HandleValue, Win32Api.GetCurrentProcess(), out _handle, 0, false, Win32Api.DUPLICATE_SAME_ACCESS))
                {
                    return(null);
                }

                IntPtr _basic     = IntPtr.Zero;
                int    nameLength = 0;

                try
                {
                    Win32Api.OBJECT_BASIC_INFORMATION basicInfo = new Win32Api.OBJECT_BASIC_INFORMATION();
                    _basic = Marshal.AllocHGlobal(Marshal.SizeOf(basicInfo));

                    Win32Api.NtQueryObject(_handle, (int)Win32Api.ObjectInformationClass.ObjectBasicInformation, _basic, Marshal.SizeOf(basicInfo), ref nameLength);
                    basicInfo  = (Win32Api.OBJECT_BASIC_INFORMATION)Marshal.PtrToStructure(_basic, basicInfo.GetType());
                    nameLength = basicInfo.NameInformationLength;
                }
                finally
                {
                    if (_basic != IntPtr.Zero)
                    {
                        Marshal.FreeHGlobal(_basic);
                    }
                }

                if (nameLength == 0)
                {
                    return(null);
                }

                Win32Api.OBJECT_NAME_INFORMATION nameInfo = new Win32Api.OBJECT_NAME_INFORMATION();
                IntPtr _objectName = Marshal.AllocHGlobal(nameLength);

                try
                {
                    while ((uint)(Win32Api.NtQueryObject(_handle, (int)Win32Api.ObjectInformationClass.ObjectNameInformation, _objectName, nameLength, ref nameLength)) == Win32Api.STATUS_INFO_LENGTH_MISMATCH)
                    {
                        Marshal.FreeHGlobal(_objectName);
                        _objectName = Marshal.AllocHGlobal(nameLength);
                    }
                    nameInfo = (Win32Api.OBJECT_NAME_INFORMATION)Marshal.PtrToStructure(_objectName, nameInfo.GetType());
                }
                finally
                {
                    Marshal.FreeHGlobal(_objectName);
                    Win32Api.CloseHandle(_handle);
                }

                try
                {
                    return(Marshal.PtrToStringUni(nameInfo.Name.Buffer, nameInfo.Name.Length >> 1));
                }
                catch
                {
                }

                return(null);
            }
            finally
            {
                if (_processHandle != IntPtr.Zero)
                {
                    Win32Api.CloseHandle(_processHandle);
                }
            }
        }