/// <summary>
/// 获得的hfile的值内容是进程中文件handle的下标
/// 绕一圈取真正的handle
/// </summary>
/// <param name="p_hfile"></param>
/// <returns></returns>
private unsafe int QueryFileHandle(IntPtr p_hfile)
{
try
{
byte[] _hfile = new byte[PtrSize];
int readedbtyes = 0;
bool result = false;
result = WinApi.ReadProcessMemory(processHandle.ToInt32(), p_hfile.ToInt32(), _hfile, PtrSize, ref readedbtyes);
int idx_file = WinApi.ToInt32(_hfile);
#region dllimport 各种outofmemory stackoverflow 还有 无法封送处理“parameter #2”: 内部限制: 结构太复杂或太大。
//SYSTEM_HANDLE_INFORMATION handleInfos = new SYSTEM_HANDLE_INFORMATION();
//uint size = Convert.ToUInt32(Marshal.SizeOf(handleInfos));
//uint len = 0;
//int success = WinApi.ZwQuerySystemInformation(WinEnum.SYSTEMHANDLEINFORMATION, ref handleInfos, size, ref len);
//List<SYSTEM_HANDLE> handles = handleInfos.SystemHandles.Where(e => e.dwProcessId == _process.Id).ToList();
#endregion
#region com 未知原因,就是用不了
//SYSTEM_HANDLE_INFORMATION handleInfos2 = new SYSTEM_HANDLE_INFORMATION();
//var ComReader = new Reader();
//int pHandleInfos2 = 0;
//ComReader.QueryProcessHandleInfo((uint)_process.Id, ref pHandleInfos2);
//IntPtr p2 = new IntPtr(pHandleInfos2);
//Marshal.PtrToStructure(p2, handleInfos2);
#endregion
#region cli
var CliReader = new WinApiReader.WinApiReader();
var handleInfo = new SystemHandleInfo();
var ret = CliReader.QueryProcessHandleInfo(_process.Id, out handleInfo);
#endregion
//foreach (var handle_type in handleInfo.SystemHandles.Select(e => e.ObjectType).Distinct())
//{
// var handle = handleInfo.SystemHandles.Where(e => e.ObjectType == handle_type).First();
// ReadFileInfo(new IntPtr(handle.Value));
//}
//ObjectType28 是file object
var hfile = handleInfo.SystemHandles.Where(e => e.ObjectType == 28).ToList()[idx_file];
ReadFileInfo(new IntPtr(hfile.Value));
}
catch (Exception ex)
{
Console.Out.WriteLine(ex);
}
return(0);
}
public HandleViewModel(SystemHandleInfo info)
{
Info = info;
}
