private static string GetHandleTypeToken(IntPtr handle)
{
int length;
NativeMethods.NtQueryObject(handle, OBJECT_INFORMATION_CLASS.ObjectTypeInformation, IntPtr.Zero, 0, out length);
IntPtr ptr = IntPtr.Zero;
RuntimeHelpers.PrepareConstrainedRegions();
try
{
RuntimeHelpers.PrepareConstrainedRegions();
try { }
finally
{
ptr = Marshal.AllocHGlobal(length);
}
if (NativeMethods.NtQueryObject(handle, OBJECT_INFORMATION_CLASS.ObjectTypeInformation, ptr, length, out length) == NT_STATUS.STATUS_SUCCESS)
{
OBJECT_TYPE_INFORMATION objTypeInfo = (OBJECT_TYPE_INFORMATION)Marshal.PtrToStructure(ptr, typeof(OBJECT_TYPE_INFORMATION));
return(objTypeInfo.TypeName.Buffer);
}
}
finally
{
Marshal.FreeHGlobal(ptr);
}
return(string.Empty);
}
public static string GetObjectTypeName(SYSTEM_HANDLE_INFORMATION shHandle, Process process)
{
IntPtr m_ipProcessHwnd = OpenProcess(ProcessAccessFlags.All, false, process.Id);
var objBasic = new OBJECT_BASIC_INFORMATION();
var objObjectType = new OBJECT_TYPE_INFORMATION();
int nLength = 0;
if (!DuplicateHandle(m_ipProcessHwnd, shHandle.Handle,
GetCurrentProcess(), out IntPtr ipHandle,
0, false, 0x2))
{
return(null);
}
IntPtr ipBasic = Marshal.AllocHGlobal(Marshal.SizeOf(objBasic));
NtQueryObject(ipHandle, (int)ObjectInformationClass.ObjectBasicInformation,
ipBasic, Marshal.SizeOf(objBasic), ref nLength);
objBasic = (OBJECT_BASIC_INFORMATION)Marshal.PtrToStructure(ipBasic, objBasic.GetType());
Marshal.FreeHGlobal(ipBasic);
IntPtr ipObjectType = Marshal.AllocHGlobal(objBasic.TypeInformationLength);
nLength = objBasic.TypeInformationLength;
while ((uint)(_ = NtQueryObject(
ipHandle, (int)ObjectInformationClass.ObjectTypeInformation, ipObjectType,
nLength, ref nLength)) ==
0xC0000004)
{
Marshal.FreeHGlobal(ipObjectType);
ipObjectType = Marshal.AllocHGlobal(nLength);
}
objObjectType = (OBJECT_TYPE_INFORMATION)Marshal.PtrToStructure(ipObjectType, objObjectType.GetType());
IntPtr ipTemp;
if (Is64Bits())
{
ipTemp = new IntPtr(Convert.ToInt64(objObjectType.Name.Buffer.ToString(), 10) >> 32);
}
else
{
ipTemp = objObjectType.Name.Buffer;
}
string strObjectTypeName = Marshal.PtrToStringUni(ipTemp, objObjectType.Name.Length >> 1);
Marshal.FreeHGlobal(ipObjectType);
return(strObjectTypeName);
}
public static string getObjectTypeName(SYSTEM_HANDLE_INFORMATION shHandle, Process process)
{
var m_ipProcessHwnd = Native.OpenProcess((int)ProcessAccessFlags.All, false, process.Id);
var ipHandle = IntPtr.Zero;
var objBasic = new OBJECT_BASIC_INFORMATION();
var ipBasic = IntPtr.Zero;
var objObjectType = new OBJECT_TYPE_INFORMATION();
var ipObjectType = IntPtr.Zero;
var ipObjectName = IntPtr.Zero;
var strObjectTypeName = "";
var nLength = 0;
var nReturn = 0;
var ipTemp = IntPtr.Zero;
if (!Native.DuplicateHandle(m_ipProcessHwnd, shHandle.Handle,
Native.GetCurrentProcess(), out ipHandle,
0, false, DUPLICATE_SAME_ACCESS))
{
return(null);
}
ipBasic = Marshal.AllocHGlobal(Marshal.SizeOf(objBasic));
Native.NtQueryObject(ipHandle, (int)ObjectInformationClass.ObjectBasicInformation,
ipBasic, Marshal.SizeOf(objBasic), ref nLength);
objBasic = (OBJECT_BASIC_INFORMATION)Marshal.PtrToStructure(ipBasic, objBasic.GetType());
Marshal.FreeHGlobal(ipBasic);
ipObjectType = Marshal.AllocHGlobal(objBasic.TypeInformationLength);
nLength = objBasic.TypeInformationLength;
while ((uint)(nReturn = Native.NtQueryObject(
ipHandle, (int)ObjectInformationClass.ObjectTypeInformation, ipObjectType,
nLength, ref nLength)) ==
STATUS_INFO_LENGTH_MISMATCH)
{
Marshal.FreeHGlobal(ipObjectType);
ipObjectType = Marshal.AllocHGlobal(nLength);
}
objObjectType = (OBJECT_TYPE_INFORMATION)Marshal.PtrToStructure(ipObjectType, objObjectType.GetType());
ipTemp = Is64Bits() ? new IntPtr(Convert.ToInt64(objObjectType.Name.Buffer.ToString(), 10) >> 32) : objObjectType.Name.Buffer;
strObjectTypeName = Marshal.PtrToStringUni(ipTemp, objObjectType.Name.Length >> 1);
Marshal.FreeHGlobal(ipObjectType);
return(strObjectTypeName);
}
public OBJECT_TYPE_INFORMATION GetHandleTypeInfo(int pid, UInt16 handle, OBJECT_BASIC_INFORMATION obi)
{
IntPtr src_proc_handle = OpenProcess(PROCESS_DUP_HANDLE, 0, pid);
if (IntPtr.Zero == src_proc_handle)
{
return(default(OBJECT_TYPE_INFORMATION));
}
IntPtr target_handle = IntPtr.Zero;
if (STATUS_SUCCESS != NtDuplicateObject(
src_proc_handle, (IntPtr)handle,
GetCurrentProcess(), ref target_handle,
0, 0, DUPLICATE_SAME_ACCESS))
{
CloseHandle(src_proc_handle);
return(default(OBJECT_TYPE_INFORMATION));
}
int ret_obj_len = 0;
int obj_len = obi.TypeInformationLength + 2; // sizeof(EOF) = sizeof('\0\0') = 2
byte[] bytes_obj_info = new byte[obj_len];
uint ret = NtQueryObject(target_handle, ObjectTypeInformation, bytes_obj_info, obj_len, ref ret_obj_len);
if (STATUS_SUCCESS != ret)
{
CloseHandle(target_handle);
CloseHandle(src_proc_handle);
return(default(OBJECT_TYPE_INFORMATION));
}
GCHandle gch = GCHandle.Alloc(bytes_obj_info, GCHandleType.Pinned);
OBJECT_TYPE_INFORMATION oti = (OBJECT_TYPE_INFORMATION)Marshal.PtrToStructure(gch.AddrOfPinnedObject(), typeof(OBJECT_TYPE_INFORMATION));
gch.Free();
CloseHandle(target_handle);
CloseHandle(src_proc_handle);
return(oti);
}
private string GetHandleType(IntPtr handle)
{
int guessSize = 1024;
NT_STATUS ret;
IntPtr ptr = Marshal.AllocHGlobal(guessSize);
try
{
while (true)
{
ret = NativeMethods.NtQueryObject(handle,
OBJECT_INFORMATION_CLASS.ObjectTypeInformation, ptr, guessSize, out int requiredSize);
if (ret == NT_STATUS.STATUS_INFO_LENGTH_MISMATCH)
{
Marshal.FreeHGlobal(ptr);
guessSize = requiredSize;
ptr = Marshal.AllocHGlobal(guessSize);
continue;
}
if (ret == NT_STATUS.STATUS_SUCCESS)
{
OBJECT_TYPE_INFORMATION oti = (OBJECT_TYPE_INFORMATION)Marshal.PtrToStructure(ptr, typeof(OBJECT_TYPE_INFORMATION));
return(oti.Name.GetText());
}
break;
}
}
finally
{
if (ptr != IntPtr.Zero)
{
Marshal.FreeHGlobal(ptr);
}
}
return("(unknown)");
}
