private static string GetNameFromHandle(SafeGenericHandle handle)
{
uint length;
NativeMethods.NtQueryObject(
handle,
OBJECT_INFORMATION_CLASS.ObjectNameInformation,
IntPtr.Zero, 0, out length);
IntPtr ptr = IntPtr.Zero;
try
{
try { }
finally
{
ptr = Marshal.AllocHGlobal((int)length);
}
if (NativeMethods.NtQueryObject(
handle,
OBJECT_INFORMATION_CLASS.ObjectNameInformation,
ptr, length, out length) != NTSTATUS.STATUS_SUCCESS)
{
return(null);
}
var unicodeStringName = (UNICODE_STRING)Marshal.PtrToStructure(ptr, typeof(UNICODE_STRING));
return(unicodeStringName.ToString());
}
finally
{
Marshal.FreeHGlobal(ptr);
}
}
internal static extern bool DuplicateHandle(
[In] SafeGenericHandle sourceProcessHandle,
[In] IntPtr sourceHandle,
[In] SafeGenericHandle targetProcessHandle,
[Out] out SafeGenericHandle targetHandle,
[In] uint desiredAccess,
[In, MarshalAs(UnmanagedType.Bool)] bool inheritHandle,
[In] DUPLICATE_HANDLE_OPTIONS options);
public Handle(ulong processId, ulong handle, ushort rawType)
{
ProcessId = (uint)processId;
RawHandleValue = (uint)handle;
RawType = rawType;
using (var sourceProcessHandle =
NativeMethods.OpenProcess(PROCESS_ACCESS_RIGHTS.PROCESS_DUP_HANDLE, true,
ProcessId))
{
// To read info about a handle owned by another process we must duplicate it into ours
if (!NativeMethods.DuplicateHandle(sourceProcessHandle,
(IntPtr)RawHandleValue,
NativeMethods.GetCurrentProcess(),
out _inProcessSafeHandle,
0,
false,
DUPLICATE_HANDLE_OPTIONS.DUPLICATE_SAME_ACCESS))
{
_inProcessSafeHandle = null;
}
}
}
public Handle(ulong processId, ulong handle, ushort rawType)
{
ProcessId = (uint) processId;
RawHandleValue = (uint) handle;
RawType = rawType;
using (var sourceProcessHandle =
NativeMethods.OpenProcess(PROCESS_ACCESS_RIGHTS.PROCESS_DUP_HANDLE, true,
ProcessId))
{
// To read info about a handle owned by another process we must duplicate it into ours
if (!NativeMethods.DuplicateHandle(sourceProcessHandle,
(IntPtr)RawHandleValue,
NativeMethods.GetCurrentProcess(),
out _inProcessSafeHandle,
0,
false,
DUPLICATE_HANDLE_OPTIONS.DUPLICATE_SAME_ACCESS))
{
_inProcessSafeHandle = null;
}
}
}
private static string GetTypeFromHandle(SafeGenericHandle handle)
{
uint length;
NativeMethods.NtQueryObject(handle,
OBJECT_INFORMATION_CLASS.ObjectTypeInformation,
IntPtr.Zero,
0,
out length);
IntPtr ptr = IntPtr.Zero;
try
{
try
{
}
finally
{
ptr = Marshal.AllocHGlobal((int)length);
}
if (NativeMethods.NtQueryObject(handle,
OBJECT_INFORMATION_CLASS.ObjectTypeInformation,
ptr,
length,
out length) != NTSTATUS.STATUS_SUCCESS)
{
return null;
}
var typeInformation =
(PUBLIC_OBJECT_TYPE_INFORMATION)
Marshal.PtrToStructure(ptr, typeof(PUBLIC_OBJECT_TYPE_INFORMATION));
return typeInformation.TypeName.ToString();
}
finally
{
Marshal.FreeHGlobal(ptr);
}
}
internal static extern NTSTATUS NtQueryObject(
[In] SafeGenericHandle handle,
[In] OBJECT_INFORMATION_CLASS objectInformationClass,
[In] IntPtr objectInformation,
[In] uint objectInformationLength,
[Out] out uint returnLength);
