private static string GetHandleName(Win32Api.SystemHandleInformation sYSTEM_HANDLE_INFORMATION)
{
IntPtr ipHandle = IntPtr.Zero;
Win32Api.ObjectBasicInformation objBasic = new Win32Api.ObjectBasicInformation();
IntPtr ipBasic = IntPtr.Zero;
Win32Api.ObjectTypeInformation objObjectType = new Win32Api.ObjectTypeInformation();
IntPtr ipObjectType = IntPtr.Zero;
Win32Api.ObjectNameInformation objObjectName = new Win32Api.ObjectNameInformation();
IntPtr ipObjectName = IntPtr.Zero;
string strObjectTypeName = "";
string strObjectName = "";
int nLength = 0;
//int nReturn = 0;
IntPtr ipTemp = IntPtr.Zero;
//OpenProcessForHandle(sYSTEM_HANDLE_INFORMATION.ProcessID);
if (!Win32Api.DuplicateHandle(processHwnd, sYSTEM_HANDLE_INFORMATION.Handle, Win32Api.GetCurrentProcess(), out ipHandle, 0, false, Win32Api.DuplicateSameAccess)) return null;
ipBasic = Marshal.AllocHGlobal(Marshal.SizeOf(objBasic));
Win32Api.NtQueryObject(ipHandle, (int)Win32Api.ObjectInformationClass.ObjectBasicInformation, ipBasic, Marshal.SizeOf(objBasic), ref nLength);
objBasic = (Win32Api.ObjectBasicInformation)Marshal.PtrToStructure(ipBasic, objBasic.GetType());
Marshal.FreeHGlobal(ipBasic);
ipObjectType = Marshal.AllocHGlobal(objBasic.TypeInformationLength);
nLength = objBasic.TypeInformationLength;
while ((uint)(/*nReturn = */Win32Api.NtQueryObject(ipHandle, (int)Win32Api.ObjectInformationClass.ObjectTypeInformation, ipObjectType, nLength, ref nLength)) == Win32Api.StatusInfoLengthMismatch)
{
Marshal.FreeHGlobal(ipObjectType);
ipObjectType = Marshal.AllocHGlobal(nLength);
}
objObjectType = (Win32Api.ObjectTypeInformation)Marshal.PtrToStructure(ipObjectType, objObjectType.GetType());
if (Is64Bits())
{
ipTemp = new IntPtr(Convert.ToInt64(objObjectType.Name.Buffer.ToString(), 10) >> 32);
}
else
{
ipTemp = objObjectType.Name.Buffer;
}
strObjectTypeName = Marshal.PtrToStringUni(ipTemp, objObjectType.Name.Length >> 1);
Marshal.FreeHGlobal(ipObjectType);
//if (strObjectTypeName != "File") return null;
if (strObjectTypeName != "Mutant")
{
Win32Api.CloseHandle(ipHandle);
return null;
}
nLength = objBasic.NameInformationLength;
ipObjectName = Marshal.AllocHGlobal(nLength);
while ((uint)(/*nReturn = */Win32Api.NtQueryObject(ipHandle, (int)Win32Api.ObjectInformationClass.ObjectNameInformation, ipObjectName, nLength, ref nLength)) == Win32Api.StatusInfoLengthMismatch)
{
Marshal.FreeHGlobal(ipObjectName);
ipObjectName = Marshal.AllocHGlobal(nLength);
}
objObjectName = (Win32Api.ObjectNameInformation)Marshal.PtrToStructure(ipObjectName, objObjectName.GetType());
if (Is64Bits())
{
ipTemp = new IntPtr(Convert.ToInt64(objObjectName.Name.Buffer.ToString(), 10) >> 32);
}
else
{
ipTemp = objObjectName.Name.Buffer;
}
//byte[] baTemp = new byte[nLength];
//Win32Api.CopyMemory(baTemp, ipTemp, (uint)nLength);
if (Is64Bits())
{
strObjectName = Marshal.PtrToStringUni(new IntPtr(ipTemp.ToInt64()));
}
else
{
strObjectName = Marshal.PtrToStringUni(new IntPtr(ipTemp.ToInt32()));
}
Marshal.FreeHGlobal(ipObjectName);
Win32Api.CloseHandle(ipHandle);
return strObjectName;
}
private static string GetHandleName(Win32Api.SystemHandleInformation sYSTEM_HANDLE_INFORMATION)
{
IntPtr ipHandle = IntPtr.Zero;
Win32Api.ObjectBasicInformation objBasic = new Win32Api.ObjectBasicInformation();
IntPtr ipBasic = IntPtr.Zero;
Win32Api.ObjectTypeInformation objObjectType = new Win32Api.ObjectTypeInformation();
IntPtr ipObjectType = IntPtr.Zero;
Win32Api.ObjectNameInformation objObjectName = new Win32Api.ObjectNameInformation();
IntPtr ipObjectName = IntPtr.Zero;
string strObjectTypeName = "";
string strObjectName = "";
int nLength = 0;
//int nReturn = 0;
IntPtr ipTemp = IntPtr.Zero;
//OpenProcessForHandle(sYSTEM_HANDLE_INFORMATION.ProcessID);
if (!Win32Api.DuplicateHandle(processHwnd, sYSTEM_HANDLE_INFORMATION.Handle, Win32Api.GetCurrentProcess(), out ipHandle, 0, false, Win32Api.DuplicateSameAccess))
{
return(null);
}
ipBasic = Marshal.AllocHGlobal(Marshal.SizeOf(objBasic));
Win32Api.NtQueryObject(ipHandle, (int)Win32Api.ObjectInformationClass.ObjectBasicInformation, ipBasic, Marshal.SizeOf(objBasic), ref nLength);
objBasic = (Win32Api.ObjectBasicInformation)Marshal.PtrToStructure(ipBasic, objBasic.GetType());
Marshal.FreeHGlobal(ipBasic);
ipObjectType = Marshal.AllocHGlobal(objBasic.TypeInformationLength);
nLength = objBasic.TypeInformationLength;
while ((uint)(/*nReturn = */ Win32Api.NtQueryObject(ipHandle, (int)Win32Api.ObjectInformationClass.ObjectTypeInformation, ipObjectType, nLength, ref nLength)) == Win32Api.StatusInfoLengthMismatch)
{
Marshal.FreeHGlobal(ipObjectType);
ipObjectType = Marshal.AllocHGlobal(nLength);
}
objObjectType = (Win32Api.ObjectTypeInformation)Marshal.PtrToStructure(ipObjectType, objObjectType.GetType());
if (Is64Bits())
{
ipTemp = new IntPtr(Convert.ToInt64(objObjectType.Name.Buffer.ToString(), 10) >> 32);
}
else
{
ipTemp = objObjectType.Name.Buffer;
}
strObjectTypeName = Marshal.PtrToStringUni(ipTemp, objObjectType.Name.Length >> 1);
Marshal.FreeHGlobal(ipObjectType);
//if (strObjectTypeName != "File") return null;
if (strObjectTypeName != "Mutant")
{
Win32Api.CloseHandle(ipHandle);
return(null);
}
nLength = objBasic.NameInformationLength;
ipObjectName = Marshal.AllocHGlobal(nLength);
while ((uint)(/*nReturn = */ Win32Api.NtQueryObject(ipHandle, (int)Win32Api.ObjectInformationClass.ObjectNameInformation, ipObjectName, nLength, ref nLength)) == Win32Api.StatusInfoLengthMismatch)
{
Marshal.FreeHGlobal(ipObjectName);
ipObjectName = Marshal.AllocHGlobal(nLength);
}
objObjectName = (Win32Api.ObjectNameInformation)Marshal.PtrToStructure(ipObjectName, objObjectName.GetType());
if (Is64Bits())
{
ipTemp = new IntPtr(Convert.ToInt64(objObjectName.Name.Buffer.ToString(), 10) >> 32);
}
else
{
ipTemp = objObjectName.Name.Buffer;
}
//byte[] baTemp = new byte[nLength];
//Win32Api.CopyMemory(baTemp, ipTemp, (uint)nLength);
if (Is64Bits())
{
strObjectName = Marshal.PtrToStringUni(new IntPtr(ipTemp.ToInt64()));
}
else
{
strObjectName = Marshal.PtrToStringUni(new IntPtr(ipTemp.ToInt32()));
}
Marshal.FreeHGlobal(ipObjectName);
Win32Api.CloseHandle(ipHandle);
return(strObjectName);
}