public static ObjectBasicInformation GetBasicInfo(this SystemHandleEntry thisHandle) { using (ProcessHandle process = new ProcessHandle(thisHandle.ProcessId, ProcessAccess.DupHandle)) { return(thisHandle.GetBasicInfo(process)); } }
public static ObjectInformation GetHandleInfo(this SystemHandleEntry thisHandle, bool getName) { using (ProcessHandle process = new ProcessHandle(thisHandle.ProcessId, ProcessAccess.DupHandle)) { return(thisHandle.GetHandleInfo(process, getName)); } }
/// <summary> /// Enumerates the handles opened by every running process. /// </summary> /// <returns>An array containing information about the handles.</returns> public static SystemHandleEntry[] GetHandles() { int retLength = 0; int handleCount = 0; SystemHandleEntry[] returnHandles; if (_handlesBuffer == null) { _handlesBuffer = new MemoryAlloc(0x1000); } MemoryAlloc data = _handlesBuffer; NtStatus status; // This is needed because NtQuerySystemInformation with SystemHandleInformation doesn't // actually give a real return length when called with an insufficient buffer. This code // tries repeatedly to call the function, doubling the buffer size each time it fails. while ((status = Win32.NtQuerySystemInformation( SystemInformationClass.SystemHandleInformation, data, data.Size, out retLength) ) == NtStatus.InfoLengthMismatch) { data.ResizeNew(data.Size * 2); // Fail if we've resized it to over 16MB - protect from infinite resizing if (data.Size > 16 * 1024 * 1024) { throw new OutOfMemoryException(); } } if (status >= NtStatus.Error) { Win32.Throw(status); } // The structure of the buffer is the handle count plus an array of SYSTEM_HANDLE_INFORMATION // structures. handleCount = data.ReadStruct <SystemHandleInformation>().NumberOfHandles; returnHandles = new SystemHandleEntry[handleCount]; // Unsafe code for speed. unsafe { SystemHandleEntry *handlesPtr = (SystemHandleEntry *)((byte *)data.Memory + SystemHandleInformation.HandlesOffset); for (int i = 0; i < handleCount; i++) { //returnHandles[i] = data.ReadStruct<SystemHandleEntry>(SystemHandleInformation.HandlesOffset, i); returnHandles[i] = handlesPtr[i]; } } return(returnHandles); }
public static ObjectInformation GetHandleInfo(this SystemHandleEntry thisHandle, bool getName) { using (ProcessHandle process = new ProcessHandle(thisHandle.ProcessId, KProcessHacker.Instance != null ? OSVersion.MinProcessQueryInfoAccess : ProcessAccess.DupHandle)) { return(thisHandle.GetHandleInfo(process, getName)); } }
private void CallHandleMatchListView(SystemHandleEntry handle, ObjectInformation info) { ListViewItem item = new ListViewItem(); item.Name = handle.ProcessId.ToString() + " " + handle.Handle.ToString(); item.Text = Program.ProcessProvider.Dictionary[handle.ProcessId].Name + " (" + handle.ProcessId.ToString() + ")"; item.Tag = handle; item.SubItems.Add(new ListViewItem.ListViewSubItem(item, info.TypeName)); item.SubItems.Add(new ListViewItem.ListViewSubItem(item, info.BestName)); item.SubItems.Add(new ListViewItem.ListViewSubItem(item, "0x" + handle.Handle.ToString("x"))); OnMatchListView(item); }
public static SystemHandleEntry[] GetSystemHandles() { // Attempt to retrieve the handle information int length = 0x10000; IntPtr ptr = IntPtr.Zero; try { while (true) { ptr = Marshal.AllocHGlobal(length); int wantedLength; NT_STATUS result = NtQuerySystemInformation(SYSTEM_INFORMATION_CLASS.SystemHandleInformation, ptr, length, out wantedLength); if (result == NT_STATUS.STATUS_INFO_LENGTH_MISMATCH) { length = Math.Max(length, wantedLength); Marshal.FreeHGlobal(ptr); ptr = IntPtr.Zero; } else if (result == NT_STATUS.STATUS_SUCCESS) { break; } else { throw new Exception("Failed to retrieve system handle information.", new System.ComponentModel.Win32Exception()); } } int handleCount = IntPtr.Size == 4 ? Marshal.ReadInt32(ptr) : (int)Marshal.ReadInt64(ptr); int offset = IntPtr.Size; int size = Marshal.SizeOf(typeof(SystemHandleEntry)); SystemHandleEntry[] systemHandleEntries = new SystemHandleEntry[handleCount]; for (int i = 0; i < handleCount; i++) { SystemHandleEntry struc = (SystemHandleEntry)Marshal.PtrToStructure((IntPtr)((long)ptr + offset), typeof(SystemHandleEntry)); systemHandleEntries[i] = struc; offset += size; } return(systemHandleEntries); } finally { if (ptr != IntPtr.Zero) { Marshal.FreeHGlobal(ptr); } } }
public static ObjectBasicInformation GetBasicInfo(this SystemHandleEntry thisHandle, ProcessHandle process) { NtStatus status = NtStatus.Success; IntPtr handle = new IntPtr(thisHandle.Handle); IntPtr objectHandleI; GenericHandle objectHandle = null; int retLength; int baseAddress; if (KProcessHacker.Instance == null) { if ((status = Win32.NtDuplicateObject( process, handle, ProcessHandle.Current, out objectHandleI, 0, 0, 0)) >= NtStatus.Error) { Win32.Throw(); } objectHandle = new GenericHandle(objectHandleI); } try { using (var data = new MemoryAlloc(Marshal.SizeOf(typeof(ObjectBasicInformation)))) { if (KProcessHacker.Instance != null) { KProcessHacker.Instance.ZwQueryObject(process, handle, ObjectInformationClass.ObjectBasicInformation, data, data.Size, out retLength, out baseAddress); } else { status = Win32.NtQueryObject(objectHandle, ObjectInformationClass.ObjectBasicInformation, data, data.Size, out retLength); } if (status >= NtStatus.Error) { Win32.Throw(status); } return(data.ReadStruct <ObjectBasicInformation>()); } } finally { if (objectHandle != null) { objectHandle.Dispose(); } } }
public HandlePropertiesWindow(SystemHandleEntry handle) { InitializeComponent(); this.KeyPreview = true; this.KeyDown += (sender, e) => { if (e.KeyCode == Keys.Escape) { this.Close(); e.Handled = true; } }; this.handleDetails1.ObjectHandle = handle; }
public HandlePropertiesWindow(SystemHandleEntry handle) { InitializeComponent(); this.KeyPreview = true; this.KeyDown += (sender, e) => { if (e.KeyCode == Keys.Escape) { this.Close(); e.Handled = true; } }; var handleInfo = handle.GetHandleInfo(); textName.Text = _name = handleInfo.BestName; if (textName.Text == "") { textName.Text = "(unnamed object)"; } textType.Text = _typeName = handleInfo.TypeName; textAddress.Text = "0x" + handle.Object.ToString("x"); textGrantedAccess.Text = "0x" + handle.GrantedAccess.ToString("x"); if (handle.GrantedAccess != 0) { try { Type accessEnumType = NativeTypeFactory.GetAccessType(handleInfo.TypeName); textGrantedAccess.Text += " (" + NativeTypeFactory.GetAccessString(accessEnumType, handle.GrantedAccess) + ")"; } catch (NotSupportedException) { } } var basicInfo = handle.GetBasicInfo(); labelReferences.Text = "References: " + (basicInfo.PointerCount - 1).ToString(); labelHandles.Text = "Handles: " + basicInfo.HandleCount.ToString(); labelPaged.Text = "Paged: " + basicInfo.PagedPoolUsage.ToString(); labelNonPaged.Text = "Non-Paged: " + basicInfo.NonPagedPoolUsage.ToString(); }
public HandlePropertiesWindow(SystemHandleEntry handle) { InitializeComponent(); this.KeyPreview = true; this.KeyDown += (sender, e) => { if (e.KeyCode == Keys.Escape) { this.Close(); e.Handled = true; } }; var handleInfo = handle.GetHandleInfo(); textName.Text = _name = handleInfo.BestName; if (textName.Text == "") textName.Text = "(unnamed object)"; textType.Text = _typeName = handleInfo.TypeName; textAddress.Text = "0x" + handle.Object.ToString("x"); textGrantedAccess.Text = "0x" + handle.GrantedAccess.ToString("x"); if (handle.GrantedAccess != 0) { try { Type accessEnumType = NativeTypeFactory.GetAccessType(handleInfo.TypeName); textGrantedAccess.Text += " (" + NativeTypeFactory.GetAccessString(accessEnumType, handle.GrantedAccess) + ")"; } catch (NotSupportedException) { } } var basicInfo = handle.GetBasicInfo(); labelReferences.Text = "References: " + (basicInfo.PointerCount - 1).ToString(); labelHandles.Text = "Handles: " + basicInfo.HandleCount.ToString(); labelPaged.Text = "Paged: " + basicInfo.PagedPoolUsage.ToString(); labelNonPaged.Text = "Non-Paged: " + basicInfo.NonPagedPoolUsage.ToString(); }
public static ObjectBasicInformation GetBasicInfo(this SystemHandleEntry thisHandle, ProcessHandle process) { IntPtr handle = new IntPtr(thisHandle.Handle); IntPtr objectHandleI; GenericHandle objectHandle = null; int retLength; Win32.NtDuplicateObject( process, handle, ProcessHandle.Current, out objectHandleI, 0, 0, 0 ).ThrowIf(); try { objectHandle = new GenericHandle(objectHandleI); using (MemoryAlloc data = new MemoryAlloc(ObjectBasicInformation.SizeOf)) { Win32.NtQueryObject( objectHandle, ObjectInformationClass.ObjectBasicInformation, data, data.Size, out retLength ).ThrowIf(); return(data.ReadStruct <ObjectBasicInformation>()); } } finally { if (objectHandle != null) { objectHandle.Dispose(); } } }
private void CompareHandleBestNameWithFilter( Dictionary <int, ProcessHandle> processHandles, SystemHandleEntry currhandle) { try { // Don't get handles from processes in other session // if we don't have KPH to reduce freezes. if (KProcessHacker.Instance == null) { try { if (isCurrentSessionIdCache.ContainsKey(currhandle.ProcessId)) { if (!isCurrentSessionIdCache[currhandle.ProcessId]) { return; } } else { bool isCurrentSessionId = Win32.GetProcessSessionId(currhandle.ProcessId) == Program.CurrentSessionId; isCurrentSessionIdCache.Add(currhandle.ProcessId, isCurrentSessionId); if (!isCurrentSessionId) { return; } } } catch { return; } } if (!processHandles.ContainsKey(currhandle.ProcessId)) { processHandles.Add(currhandle.ProcessId, new ProcessHandle(currhandle.ProcessId, Program.MinProcessGetHandleInformationRights)); } var info = currhandle.GetHandleInfo(processHandles[currhandle.ProcessId]); if (intPtrFilter == IntPtr.Zero && string.IsNullOrEmpty(info.BestName)) { return; } if ( (info.BestName != null && info.BestName.ToLowerInvariant().Contains(strFilterLower)) || (intPtrFilter != IntPtr.Zero && currhandle.Object == intPtrFilter) ) { CallHandleMatchListView(currhandle, info); } } catch { return; } }
private void CompareHandleBestNameWithFilterString( Dictionary<int, ProcessHandle> processHandles, SystemHandleEntry currhandle, string lowerFilter) { try { // Don't get handles from processes in other session // if we don't have KPH to reduce freezes. Note that // on Windows 7 the hanging bug appears to have been // fixed, so there is an exception for that. if ( KProcessHacker.Instance == null && !OSVersion.IsAboveOrEqual(WindowsVersion.Seven) ) { try { if (isCurrentSessionIdCache.ContainsKey(currhandle.ProcessId)) { if (!isCurrentSessionIdCache[currhandle.ProcessId]) return; } else { bool isCurrentSessionId = Win32.GetProcessSessionId(currhandle.ProcessId) == Program.CurrentSessionId; isCurrentSessionIdCache.Add(currhandle.ProcessId, isCurrentSessionId); if (!isCurrentSessionId) return; } } catch { return; } } if (!processHandles.ContainsKey(currhandle.ProcessId)) processHandles.Add(currhandle.ProcessId, new ProcessHandle(currhandle.ProcessId, Program.MinProcessGetHandleInformationRights)); var info = currhandle.GetHandleInfo(processHandles[currhandle.ProcessId]); if (string.IsNullOrEmpty(info.BestName)) return; if (!info.BestName.ToLower().Contains(lowerFilter)) return; CallHandleMatchListView(currhandle, info); } catch { return; } }
public static void ShowHandleProperties(SystemHandleEntry handleInfo) { try { IntPtr handle = new IntPtr(handleInfo.Handle); ProcessHandle phandle = new ProcessHandle(handleInfo.ProcessId, ProcessAccess.DupHandle); GenericHandle dupHandle = null; // Try to get a handle, since we need one for security editing. try { dupHandle = new GenericHandle(phandle, handle, 0); } catch { } PropSheetHeader64 header = new PropSheetHeader64 { dwSize = (uint)PropSheetHeader64.SizeOf, nPages = 2, dwFlags = (uint)PropSheetFlags.PSH_DEFAULT, pszCaption = "Handle Properties" }; using (HandleDetails hw = new HandleDetails()) { hw.ObjectHandle = handleInfo; hw.HandlePropertiesCallback += (control, name, typeName) => { switch (typeName.ToLowerInvariant()) { // Objects with separate property windows: case "file": case "job": case "key": case "token": case "process": { Button b = new Button { FlatStyle = FlatStyle.System, Text = "Properties" }; b.Click += (sender, e) => { try { switch (typeName.ToLowerInvariant()) { case "file": { FileUtils.ShowProperties(name); } break; case "job": { dupHandle = new GenericHandle(phandle, handle, (int)JobObjectAccess.Query); (new JobWindow(JobObjectHandle.FromHandle(dupHandle))).ShowDialog(); } break; case "key": { try { PhUtils.OpenKeyInRegedit(PhUtils.GetForegroundWindow(), name); } catch (Exception ex) { PhUtils.ShowException("Unable to open the Registry Editor", ex); } } break; case "token": { using (TokenWindow twindow = new TokenWindow(new RemoteTokenHandle(phandle, handle))) { twindow.ShowDialog(); } } break; case "process": { dupHandle = new GenericHandle(phandle, handle, (int)OSVersion.MinProcessQueryInfoAccess); int pid = ProcessHandle.FromHandle(dupHandle).ProcessId; Program.GetProcessWindow(Program.ProcessProvider.Dictionary[pid], Program.FocusWindow); } break; } } catch (Exception ex) { PhUtils.ShowException("Unable to show object properties", ex); } }; control.Controls.Add(b); } break; case "event": { dupHandle = new GenericHandle(phandle, handle, (int)EventAccess.QueryState); var eventProps = new EventProperties(EventHandle.FromHandle(dupHandle)); control.Controls.Add(eventProps); } break; case "eventpair": { dupHandle = new GenericHandle(phandle, handle, (int)EventPairAccess.All); var eventPairProps = new EventPairProperties(EventPairHandle.FromHandle(dupHandle)); control.Controls.Add(eventPairProps); } break; case "mutant": { dupHandle = new GenericHandle(phandle, handle, (int)MutantAccess.QueryState); var mutantProps = new MutantProperties(MutantHandle.FromHandle(dupHandle)); control.Controls.Add(mutantProps); } break; case "section": { dupHandle = new GenericHandle(phandle, handle, (int)SectionAccess.Query); var sectionProps = new SectionProperties(SectionHandle.FromHandle(dupHandle)); control.Controls.Add(sectionProps); } break; case "semaphore": { dupHandle = new GenericHandle(phandle, handle, (int)SemaphoreAccess.QueryState); var semaphoreProps = new SemaphoreProperties(SemaphoreHandle.FromHandle(dupHandle)); control.Controls.Add(semaphoreProps); } break; case "timer": { dupHandle = new GenericHandle(phandle, handle, (int)TimerAccess.QueryState); var timerProps = new TimerProperties(TimerHandle.FromHandle(dupHandle)); control.Controls.Add(timerProps); } break; case "tmrm": { dupHandle = new GenericHandle(phandle, handle, (int)ResourceManagerAccess.QueryInformation); var tmRmProps = new TmRmProperties(ResourceManagerHandle.FromHandle(dupHandle)); control.Controls.Add(tmRmProps); } break; case "tmtm": { dupHandle = new GenericHandle(phandle, handle, (int)TmAccess.QueryInformation); var tmTmProps = new TmTmProperties(TmHandle.FromHandle(dupHandle)); control.Controls.Add(tmTmProps); } break; } }; hw.Init(); IntPtr[] pages = new IntPtr[2]; pages[0] = hw.CreatePageHandle(); pages[1] = CreateSecurityPage(SecurityEditor.EditSecurity2( null, SecurityEditor.GetSecurableWrapper(dupHandle), hw._name, NativeTypeFactory.GetAccessEntries(NativeTypeFactory.GetObjectType(hw._typeName)) )); GCHandle gch = GCHandle.Alloc(pages, GCHandleType.Pinned); header.phpage = gch.AddrOfPinnedObject(); PropertySheetW(ref header); if (dupHandle != null) { dupHandle.Dispose(); } } } catch (Exception ex) { PhUtils.ShowException("Unable to show handle properties", ex); } }
public static void ShowHandleProperties(SystemHandleEntry handleInfo) { try { HandlePropertiesWindow window = new HandlePropertiesWindow(handleInfo); IntPtr handle = new IntPtr(handleInfo.Handle); ProcessHandle phandle = new ProcessHandle(handleInfo.ProcessId, ProcessAccess.DupHandle); GenericHandle dupHandle = null; window.HandlePropertiesCallback += (control, name, typeName) => { switch (typeName.ToLowerInvariant()) { // Objects with separate property windows: case "file": case "job": case "key": case "token": case "process": { Button b = new Button(); b.FlatStyle = FlatStyle.System; b.Text = "Properties"; b.Click += (sender, e) => { try { switch (typeName.ToLowerInvariant()) { case "file": { FileUtils.ShowProperties(name); } break; case "job": { dupHandle = new GenericHandle( phandle, handle, (int)JobObjectAccess.Query); (new JobWindow(JobObjectHandle.FromHandle(dupHandle))).ShowDialog(); } break; case "key": { try { PhUtils.OpenKeyInRegedit(PhUtils.GetForegroundWindow(), name); } catch (Exception ex) { PhUtils.ShowException("Unable to open the Registry Editor", ex); } } break; case "token": { (new TokenWindow(new RemoteTokenHandle(phandle, handle))).ShowDialog(); } break; case "process": { int pid; if (KProcessHacker.Instance != null) { pid = KProcessHacker.Instance.KphGetProcessId(phandle, handle); } else { dupHandle = new GenericHandle( phandle, handle, (int)OSVersion.MinProcessQueryInfoAccess); pid = ProcessHandle.FromHandle(dupHandle).GetProcessId(); } Program.GetProcessWindow(Program.ProcessProvider.Dictionary[pid], (f) => Program.FocusWindow(f)); } break; } } catch (Exception ex) { PhUtils.ShowException("Unable to show object properties", ex); } }; control.Controls.Add(b); } break; case "event": { dupHandle = new GenericHandle(phandle, handle, (int)EventAccess.QueryState); var eventProps = new EventProperties(EventHandle.FromHandle(dupHandle)); control.Controls.Add(eventProps); } break; case "eventpair": { dupHandle = new GenericHandle(phandle, handle, (int)EventPairAccess.All); var eventPairProps = new EventPairProperties(EventPairHandle.FromHandle(dupHandle)); control.Controls.Add(eventPairProps); } break; case "mutant": { dupHandle = new GenericHandle(phandle, handle, (int)MutantAccess.QueryState); var mutantProps = new MutantProperties(MutantHandle.FromHandle(dupHandle)); control.Controls.Add(mutantProps); } break; case "section": { dupHandle = new GenericHandle(phandle, handle, (int)SectionAccess.Query); var sectionProps = new SectionProperties(SectionHandle.FromHandle(dupHandle)); control.Controls.Add(sectionProps); } break; case "semaphore": { dupHandle = new GenericHandle(phandle, handle, (int)SemaphoreAccess.QueryState); var semaphoreProps = new SemaphoreProperties(SemaphoreHandle.FromHandle(dupHandle)); control.Controls.Add(semaphoreProps); } break; case "timer": { dupHandle = new GenericHandle(phandle, handle, (int)TimerAccess.QueryState); var timerProps = new TimerProperties(TimerHandle.FromHandle(dupHandle)); control.Controls.Add(timerProps); } break; case "tmrm": { dupHandle = new GenericHandle(phandle, handle, (int)ResourceManagerAccess.QueryInformation); var tmRmProps = new TmRmProperties(ResourceManagerHandle.FromHandle(dupHandle)); control.Controls.Add(tmRmProps); } break; case "tmtm": { dupHandle = new GenericHandle(phandle, handle, (int)TmAccess.QueryInformation); var tmTmProps = new TmTmProperties(TmHandle.FromHandle(dupHandle)); control.Controls.Add(tmTmProps); } break; } }; if (dupHandle == null) { // Try to get a handle, since we need one for security editing. try { dupHandle = new GenericHandle(phandle, handle, 0); } catch { } } window.ObjectHandle = dupHandle; window.ShowDialog(); if (dupHandle != null) { dupHandle.Dispose(); } } catch (Exception ex) { PhUtils.ShowException("Unable to show handle properties", ex); } }
/// <summary> /// Enumerates the handles opened by every running process. /// </summary> /// <returns>An array containing information about the handles.</returns> public static SystemHandleEntry[] GetHandles() { int retLength; int handleCount; SystemHandleEntry[] returnHandles; if (_handlesBuffer == null) _handlesBuffer = new MemoryAlloc(0x1000); MemoryAlloc data = _handlesBuffer; NtStatus status; // This is needed because NtQuerySystemInformation with SystemHandleInformation doesn't // actually give a real return length when called with an insufficient buffer. This code // tries repeatedly to call the function, doubling the buffer size each time it fails. while ((status = Win32.NtQuerySystemInformation( SystemInformationClass.SystemHandleInformation, data, data.Size, out retLength) ) == NtStatus.InfoLengthMismatch) { data.ResizeNew(data.Size * 2); // Fail if we've resized it to over 16MB - protect from infinite resizing if (data.Size > 16 * 1024 * 1024) throw new OutOfMemoryException(); } status.ThrowIf(); // The structure of the buffer is the handle count plus an array of SYSTEM_HANDLE_INFORMATION // structures. handleCount = data.ReadStruct<SystemHandleInformation>().NumberOfHandles; returnHandles = new SystemHandleEntry[handleCount]; // Unsafe code for speed. unsafe { SystemHandleEntry* handlesPtr = (SystemHandleEntry*)((byte*)data.Memory + SystemHandleInformation.HandlesOffset); for (int i = 0; i < handleCount; i++) { //returnHandles[i] = data.ReadStruct<SystemHandleEntry>(SystemHandleInformation.HandlesOffset, i); returnHandles[i] = handlesPtr[i]; } } return returnHandles; }
private void CompareHandleBestNameWithFilter(Dictionary<int, ProcessHandle> processHandles, SystemHandleEntry currhandle) { try { // Don't get handles from processes in other session // if we don't have KPH to reduce freezes. try { if (isCurrentSessionIdCache.ContainsKey(currhandle.ProcessId)) { if (!isCurrentSessionIdCache[currhandle.ProcessId]) return; } else { bool isCurrentSessionId = Win32.GetProcessSessionId(currhandle.ProcessId) == Program.CurrentSessionId; isCurrentSessionIdCache.Add(currhandle.ProcessId, isCurrentSessionId); if (!isCurrentSessionId) return; } } catch { return; } if (!processHandles.ContainsKey(currhandle.ProcessId)) processHandles.Add(currhandle.ProcessId, new ProcessHandle(currhandle.ProcessId, Program.MinProcessGetHandleInformationRights)); var info = currhandle.GetHandleInfo(processHandles[currhandle.ProcessId]); if (intPtrFilter == IntPtr.Zero && string.IsNullOrEmpty(info.BestName)) return; if ( (!string.IsNullOrEmpty(info.BestName) && info.BestName.Contains(strFilterLower, StringComparison.OrdinalIgnoreCase)) || (intPtrFilter != IntPtr.Zero && currhandle.Object == intPtrFilter) ) { CallHandleMatchListView(currhandle, info); } } catch { return; } }
private void CompareHandleBestNameWithFilterString( Dictionary<int, ProcessHandle> processHandles, SystemHandleEntry currhandle, string lowerFilter) { try { if ( KProcessHacker.Instance == null && !OSVersion.IsAboveOrEqual(WindowsVersion.Seven) ) { try { if (isCurrentSessionIdCache.ContainsKey(currhandle.ProcessId)) { if (!isCurrentSessionIdCache[currhandle.ProcessId]) return; } else { bool isCurrentSessionId = Win32.GetProcessSessionId(currhandle.ProcessId) == Program.CurrentSessionId; isCurrentSessionIdCache.Add(currhandle.ProcessId, isCurrentSessionId); if (!isCurrentSessionId) return; } } catch { return; } } if (!processHandles.ContainsKey(currhandle.ProcessId)) processHandles.Add(currhandle.ProcessId, new ProcessHandle(currhandle.ProcessId, Program.MinProcessGetHandleInformationRights)); var info = currhandle.GetHandleInfo(processHandles[currhandle.ProcessId]); if (string.IsNullOrEmpty(info.BestName)) return; if (!info.BestName.ToLower().Contains(lowerFilter)) return; CallHandleMatchListView(currhandle, info); } catch { return; } }
public static ObjectInformation GetHandleInfo(this SystemHandleEntry thisHandle, ProcessHandle process, bool getName) { IntPtr handle = new IntPtr(thisHandle.Handle); IntPtr objectHandleI; int retLength; GenericHandle objectHandle = null; if (thisHandle.Handle == 0 || thisHandle.Handle == -1 || thisHandle.Handle == -2) { throw new WindowsException(NtStatus.InvalidHandle); } // Duplicate the handle if we're not using KPH //if (KProcessHacker.Instance == null) { Win32.NtDuplicateObject( process, handle, ProcessHandle.Current, out objectHandleI, 0, 0, 0 ).ThrowIf(); objectHandle = new GenericHandle(objectHandleI); } ObjectInformation info = new ObjectInformation(); // If the cache contains the object type's name, use it. Otherwise, query the type // for its name. Windows.ObjectTypesLock.AcquireShared(); try { if (Windows.ObjectTypes.ContainsKey(thisHandle.ObjectTypeNumber)) { info.TypeName = Windows.ObjectTypes[thisHandle.ObjectTypeNumber]; } } finally { Windows.ObjectTypesLock.ReleaseShared(); } if (string.IsNullOrEmpty(info.TypeName)) { Win32.NtQueryObject( objectHandle, ObjectInformationClass.ObjectTypeInformation, IntPtr.Zero, 0, out retLength ); if (retLength > 0) { using (MemoryAlloc otiMem = new MemoryAlloc(retLength)) { Win32.NtQueryObject( objectHandle, ObjectInformationClass.ObjectTypeInformation, otiMem, otiMem.Size, out retLength ).ThrowIf(); ObjectTypeInformation oti = otiMem.ReadStruct <ObjectTypeInformation>(); UnicodeString str = oti.Name; //if (KProcessHacker.Instance != null) //str.Buffer = str.Buffer.Increment(otiMem.Memory.Decrement(baseAddress)); info.TypeName = str.Text; Windows.ObjectTypesLock.AcquireExclusive(); try { if (!Windows.ObjectTypes.ContainsKey(thisHandle.ObjectTypeNumber)) { Windows.ObjectTypes.Add(thisHandle.ObjectTypeNumber, info.TypeName); } } finally { Windows.ObjectTypesLock.ReleaseExclusive(); } } } } if (!getName) { return(info); } // Get the object's name. If the object is a file we must take special // precautions so that we don't hang. if (string.Equals(info.TypeName, "File", StringComparison.OrdinalIgnoreCase)) { //if (KProcessHacker.Instance != null) //{ // // Use KProcessHacker for files to avoid hangs. // info.OrigName = KProcessHacker.Instance.GetHandleObjectName(process, handle); //} //else { // 0: No hack, query the thing normally. // 1: No hack, use NProcessHacker. // 2: Hack. int hackLevel = 1; // If we already tried to use NPH but it wasn't present, // skip to level 2. if (NphNotAvailable) { hackLevel = 2; } // Can't use NPH because XP had a bug where a thread hanging // on NtQueryObject couldn't be terminated. if (OSVersion.IsBelowOrEqual(WindowsVersion.XP)) { hackLevel = 2; } // On Windows 7 and above the hanging bug appears to have // been fixed. Query the object normally. // UPDATE: Not so. It still happens. //if (OSVersion.IsAboveOrEqual(WindowsVersion.Seven)) // hackLevel = 0; if (hackLevel == 1) { try { // Use NProcessHacker. using (MemoryAlloc oniMem = new MemoryAlloc(0x4000)) { NProcessHacker.PhQueryNameFileObject( objectHandle, oniMem, oniMem.Size, out retLength ).ThrowIf(); var oni = oniMem.ReadStruct <ObjectNameInformation>(); info.OrigName = oni.Name.Text; } } catch (DllNotFoundException) { hackLevel = 2; NphNotAvailable = true; } } if (hackLevel == 0) { info.OrigName = GetObjectNameNt(process, handle, objectHandle); } else if (hackLevel == 2) { // KProcessHacker and NProcessHacker not available. Fall back to using hack // (i.e. not querying the name at all if the access is 0x0012019f). if (thisHandle.GrantedAccess != 0x0012019f) { info.OrigName = GetObjectNameNt(process, handle, objectHandle); } } } } else { // Not a file. Query the object normally. info.OrigName = GetObjectNameNt(process, handle, objectHandle); } // Get a better name for the handle. try { switch (info.TypeName) { case "File": // Resolves \Device\HarddiskVolume1 into C:, for example. if (!string.IsNullOrEmpty(info.OrigName)) { info.BestName = FileUtils.GetFileName(info.OrigName); } break; case "Key": info.BestName = NativeUtils.FormatNativeKeyName(info.OrigName); break; case "Process": { int processId; using (NativeHandle <ProcessAccess> processHandle = new NativeHandle <ProcessAccess>(process, handle, OSVersion.MinProcessQueryInfoAccess)) { if ((processId = Win32.GetProcessId(processHandle)) == 0) { Win32.Throw(); } } info.BestName = (new ClientId(processId, 0)).GetName(false); } break; case "Thread": { int processId; int threadId; using (var threadHandle = new NativeHandle <ThreadAccess>(process, handle, OSVersion.MinThreadQueryInfoAccess)) { var basicInfo = ThreadHandle.FromHandle(threadHandle).GetBasicInformation(); threadId = basicInfo.ClientId.ThreadId; processId = basicInfo.ClientId.ProcessId; } info.BestName = (new ClientId(processId, threadId)).GetName(true); } break; case "TmEn": { using (NativeHandle <EnlistmentAccess> enHandleDup = new NativeHandle <EnlistmentAccess>(process, handle, EnlistmentAccess.QueryInformation)) using (EnlistmentHandle enHandle = EnlistmentHandle.FromHandle(enHandleDup)) { info.BestName = enHandle.BasicInformation.EnlistmentId.ToString("B"); } } break; case "TmRm": { using (var rmHandleDup = new NativeHandle <ResourceManagerAccess>(process, handle, ResourceManagerAccess.QueryInformation)) { var rmHandle = ResourceManagerHandle.FromHandle(rmHandleDup); info.BestName = rmHandle.Description; if (string.IsNullOrEmpty(info.BestName)) { info.BestName = rmHandle.Guid.ToString("B"); } } } break; case "TmTm": { using (NativeHandle <TmAccess> tmHandleDup = new NativeHandle <TmAccess>(process, handle, TmAccess.QueryInformation)) using (TmHandle tmHandle = TmHandle.FromHandle(tmHandleDup)) { info.BestName = FileUtils.GetFileName(FileUtils.GetFileName(tmHandle.LogFileName)); if (string.IsNullOrEmpty(info.BestName)) { info.BestName = tmHandle.BasicInformation.TmIdentity.ToString("B"); } } } break; case "TmTx": { using (var transactionHandleDup = new NativeHandle <TransactionAccess>(process, handle, TransactionAccess.QueryInformation)) { TransactionHandle transactionHandle = TransactionHandle.FromHandle(transactionHandleDup); info.BestName = transactionHandle.Description; if (string.IsNullOrEmpty(info.BestName)) { info.BestName = transactionHandle.BasicInformation.TransactionId.ToString("B"); } } } break; case "Token": { using (var tokenHandleDup = new NativeHandle <TokenAccess>(process, handle, TokenAccess.Query)) using (TokenHandle tokenHandle = TokenHandle.FromHandle(tokenHandleDup)) using (tokenHandle.User) { info.BestName = tokenHandle.User.GetFullName(true) + ": 0x" + tokenHandle.Statistics.AuthenticationId; } } break; default: if (!string.IsNullOrEmpty(info.OrigName)) { info.BestName = info.OrigName; } else { info.BestName = null; } break; } } catch { if (!string.IsNullOrEmpty(info.OrigName)) { info.BestName = info.OrigName; } else { info.BestName = null; } } if (objectHandle != null) { objectHandle.Dispose(); } return(info); }
public static ObjectInformation GetHandleInfo(this SystemHandleEntry thisHandle, ProcessHandle process, bool getName) { IntPtr handle = new IntPtr(thisHandle.Handle); IntPtr objectHandleI; int retLength = 0; GenericHandle objectHandle = null; if (thisHandle.Handle == 0 || thisHandle.Handle == -1 || thisHandle.Handle == -2) { throw new WindowsException(NtStatus.InvalidHandle); } // Duplicate the handle if we're not using KPH if (KProcessHacker.Instance == null) { NtStatus status; if ((status = Win32.NtDuplicateObject( process, handle, ProcessHandle.Current, out objectHandleI, 0, 0, 0)) >= NtStatus.Error) { Win32.ThrowLastError(status); } objectHandle = new GenericHandle(objectHandleI); } ObjectInformation info = new ObjectInformation(); // If the cache contains the object type's name, use it. Otherwise, query the type // for its name. lock (Windows.ObjectTypes) { if (Windows.ObjectTypes.ContainsKey(thisHandle.ObjectTypeNumber)) { info.TypeName = Windows.ObjectTypes[thisHandle.ObjectTypeNumber]; } else { int baseAddress = 0; if (KProcessHacker.Instance != null) { KProcessHacker.Instance.ZwQueryObject(process, handle, ObjectInformationClass.ObjectTypeInformation, IntPtr.Zero, 0, out retLength, out baseAddress); } else { Win32.NtQueryObject(objectHandle, ObjectInformationClass.ObjectTypeInformation, IntPtr.Zero, 0, out retLength); } if (retLength > 0) { using (MemoryAlloc otiMem = new MemoryAlloc(retLength)) { if (KProcessHacker.Instance != null) { if (KProcessHacker.Instance.ZwQueryObject(process, handle, ObjectInformationClass.ObjectTypeInformation, otiMem, otiMem.Size, out retLength, out baseAddress) >= NtStatus.Error) { throw new Exception("ZwQueryObject failed."); } } else { if (Win32.NtQueryObject(objectHandle, ObjectInformationClass.ObjectTypeInformation, otiMem, otiMem.Size, out retLength) >= NtStatus.Error) { throw new Exception("NtQueryObject failed."); } } var oti = otiMem.ReadStruct <ObjectTypeInformation>(); var str = oti.Name; if (KProcessHacker.Instance != null) { str.Buffer = str.Buffer.Increment(otiMem.Memory.Decrement(baseAddress)); } info.TypeName = str.Read(); Windows.ObjectTypes.Add(thisHandle.ObjectTypeNumber, info.TypeName); } } } } if (!getName) { return(info); } // Get the object's name. If the object is a file we must take special // precautions so that we don't hang. if (info.TypeName == "File") { if (KProcessHacker.Instance != null) { // Use KProcessHacker for files to avoid hangs. info.OrigName = KProcessHacker.Instance.GetHandleObjectName(process, handle); } else { // 0: No hack, query the thing normally. // 1: No hack, use NProcessHacker. // 2: Hack. int hackLevel = 1; // Can't use NPH because XP had a bug where a thread hanging // on NtQueryObject couldn't be terminated. if (OSVersion.IsBelowOrEqual(WindowsVersion.XP)) { hackLevel = 2; } // On Windows 7 and above the hanging bug appears to have // been fixed. Query the object normally. // UPDATE: Not so. It still happens. //if (OSVersion.IsAboveOrEqual(WindowsVersion.Seven)) // hackLevel = 0; if (hackLevel == 1) { try { // Use NProcessHacker. using (MemoryAlloc oniMem = new MemoryAlloc(0x4000)) { if (NProcessHacker.PhQueryNameFileObject( objectHandle, oniMem, oniMem.Size, out retLength) >= NtStatus.Error) { throw new Exception("PhQueryNameFileObject failed."); } var oni = oniMem.ReadStruct <ObjectNameInformation>(); info.OrigName = oni.Name.Read(); } } catch (DllNotFoundException) { hackLevel = 2; } } if (hackLevel == 0) { info.OrigName = GetObjectNameNt(process, handle, objectHandle); } else if (hackLevel == 2) { // KProcessHacker and NProcessHacker not available. Fall back to using hack // (i.e. not querying the name at all if the access is 0x0012019f). if ((int)thisHandle.GrantedAccess != 0x0012019f) { info.OrigName = GetObjectNameNt(process, handle, objectHandle); } } } } else { // Not a file. Query the object normally. info.OrigName = GetObjectNameNt(process, handle, objectHandle); } // Get a better name for the handle. try { switch (info.TypeName) { case "File": // Resolves \Device\Harddisk1 into C:, for example. if (!string.IsNullOrEmpty(info.OrigName)) { info.BestName = FileUtils.GetFileName(info.OrigName); } break; case "Key": info.BestName = NativeUtils.FormatNativeKeyName(info.OrigName); break; case "Process": { int processId; if (KProcessHacker.Instance != null) { processId = KProcessHacker.Instance.KphGetProcessId(process, handle); if (processId == 0) { throw new Exception("Invalid PID"); } } else { using (var processHandle = new NativeHandle <ProcessAccess>(process, handle, OSVersion.MinProcessQueryInfoAccess)) { if ((processId = Win32.GetProcessId(processHandle)) == 0) { Win32.ThrowLastError(); } } } info.BestName = (new ClientId(processId, 0)).GetName(false); } break; case "Thread": { int processId; int threadId; if (KProcessHacker.Instance != null) { threadId = KProcessHacker.Instance.KphGetThreadId(process, handle, out processId); if (threadId == 0 || processId == 0) { throw new Exception("Invalid TID or PID"); } } else { using (var threadHandle = new NativeHandle <ThreadAccess>(process, handle, OSVersion.MinThreadQueryInfoAccess)) { var basicInfo = ThreadHandle.FromHandle(threadHandle).GetBasicInformation(); threadId = basicInfo.ClientId.ThreadId; processId = basicInfo.ClientId.ProcessId; } } info.BestName = (new ClientId(processId, threadId)).GetName(true); } break; case "TmEn": { using (var enHandleDup = new NativeHandle <EnlistmentAccess>(process, handle, EnlistmentAccess.QueryInformation)) { var enHandle = EnlistmentHandle.FromHandle(enHandleDup); info.BestName = enHandle.GetBasicInformation().EnlistmentId.ToString("B"); } } break; case "TmRm": { using (var rmHandleDup = new NativeHandle <ResourceManagerAccess>(process, handle, ResourceManagerAccess.QueryInformation)) { var rmHandle = ResourceManagerHandle.FromHandle(rmHandleDup); info.BestName = rmHandle.GetDescription(); if (string.IsNullOrEmpty(info.BestName)) { info.BestName = rmHandle.GetGuid().ToString("B"); } } } break; case "TmTm": { using (var tmHandleDup = new NativeHandle <TmAccess>(process, handle, TmAccess.QueryInformation)) { var tmHandle = TmHandle.FromHandle(tmHandleDup); info.BestName = FileUtils.GetFileName(FileUtils.GetFileName(tmHandle.GetLogFileName())); if (string.IsNullOrEmpty(info.BestName)) { info.BestName = tmHandle.GetBasicInformation().TmIdentity.ToString("B"); } } } break; case "TmTx": { using (var transactionHandleDup = new NativeHandle <TransactionAccess>(process, handle, TransactionAccess.QueryInformation)) { var transactionHandle = TransactionHandle.FromHandle(transactionHandleDup); info.BestName = transactionHandle.GetDescription(); if (string.IsNullOrEmpty(info.BestName)) { info.BestName = transactionHandle.GetBasicInformation().TransactionId.ToString("B"); } } } break; case "Token": { using (var tokenHandleDup = new NativeHandle <TokenAccess>(process, handle, TokenAccess.Query)) { var tokenHandle = TokenHandle.FromHandle(tokenHandleDup); var sid = tokenHandle.GetUser(); using (sid) info.BestName = sid.GetFullName(true) + ": 0x" + tokenHandle.GetStatistics().AuthenticationId.ToString(); } } break; default: if (info.OrigName != null && info.OrigName != "") { info.BestName = info.OrigName; } else { info.BestName = null; } break; } } catch { if (info.OrigName != null && info.OrigName != "") { info.BestName = info.OrigName; } else { info.BestName = null; } } if (objectHandle != null) { objectHandle.Dispose(); } return(info); }
public static ObjectInformation GetHandleInfo(this SystemHandleEntry thisHandle, ProcessHandle process) { return(thisHandle.GetHandleInfo(process, true)); }
private void CompareHandleBestNameWithFilterString( Dictionary <int, ProcessHandle> processHandles, SystemHandleEntry currhandle, string lowerFilter) { try { // Don't get handles from processes in other session // if we don't have KPH to reduce freezes. Note that // on Windows 7 the hanging bug appears to have been // fixed, so there is an exception for that. if ( KProcessHacker.Instance == null && !OSVersion.IsAboveOrEqual(WindowsVersion.Seven) ) { try { if (isCurrentSessionIdCache.ContainsKey(currhandle.ProcessId)) { if (!isCurrentSessionIdCache[currhandle.ProcessId]) { return; } } else { bool isCurrentSessionId = Win32.GetProcessSessionId(currhandle.ProcessId) == Program.CurrentSessionId; isCurrentSessionIdCache.Add(currhandle.ProcessId, isCurrentSessionId); if (!isCurrentSessionId) { return; } } } catch { return; } } if (!processHandles.ContainsKey(currhandle.ProcessId)) { processHandles.Add(currhandle.ProcessId, new ProcessHandle(currhandle.ProcessId, Program.MinProcessGetHandleInformationRights)); } var info = currhandle.GetHandleInfo(processHandles[currhandle.ProcessId]); if (string.IsNullOrEmpty(info.BestName)) { return; } if (!info.BestName.ToLower().Contains(lowerFilter)) { return; } CallHandleMatchListView(currhandle, info); } catch { return; } }
public static ObjectInformation GetHandleInfo(this SystemHandleEntry thisHandle) { return(thisHandle.GetHandleInfo(true)); }
public static void ShowHandleProperties(SystemHandleEntry handleInfo) { try { IntPtr handle = new IntPtr(handleInfo.Handle); ProcessHandle phandle = new ProcessHandle(handleInfo.ProcessId, ProcessAccess.DupHandle); GenericHandle dupHandle = null; // Try to get a handle, since we need one for security editing. try { dupHandle = new GenericHandle(phandle, handle, 0); } catch { } PropSheetHeader64 header = new PropSheetHeader64 { dwSize = (uint)PropSheetHeader64.SizeOf, nPages = 2, dwFlags = (uint)PropSheetFlags.PSH_DEFAULT, pszCaption = "Handle Properties" }; using (HandleDetails hw = new HandleDetails()) { hw.ObjectHandle = handleInfo; hw.HandlePropertiesCallback += (control, name, typeName) => { switch (typeName.ToLowerInvariant()) { // Objects with separate property windows: case "file": case "job": case "key": case "token": case "process": { Button b = new Button { FlatStyle = FlatStyle.System, Text = "Properties" }; b.Click += (sender, e) => { try { switch (typeName.ToLowerInvariant()) { case "file": { FileUtils.ShowProperties(name); } break; case "job": { dupHandle = new GenericHandle(phandle, handle, (int)JobObjectAccess.Query); (new JobWindow(JobObjectHandle.FromHandle(dupHandle))).ShowDialog(); } break; case "key": { try { PhUtils.OpenKeyInRegedit(PhUtils.GetForegroundWindow(), name); } catch (Exception ex) { PhUtils.ShowException("Unable to open the Registry Editor", ex); } } break; case "token": { using (TokenWindow twindow = new TokenWindow(new RemoteTokenHandle(phandle, handle))) { twindow.ShowDialog(); } } break; case "process": { dupHandle = new GenericHandle(phandle, handle, (int)OSVersion.MinProcessQueryInfoAccess); int pid = ProcessHandle.FromHandle(dupHandle).ProcessId; Program.GetProcessWindow(Program.ProcessProvider.Dictionary[pid], Program.FocusWindow); } break; } } catch (Exception ex) { PhUtils.ShowException("Unable to show object properties", ex); } }; control.Controls.Add(b); } break; case "event": { dupHandle = new GenericHandle(phandle, handle, (int)EventAccess.QueryState); var eventProps = new EventProperties(EventHandle.FromHandle(dupHandle)); control.Controls.Add(eventProps); } break; case "eventpair": { dupHandle = new GenericHandle(phandle, handle, (int)EventPairAccess.All); var eventPairProps = new EventPairProperties(EventPairHandle.FromHandle(dupHandle)); control.Controls.Add(eventPairProps); } break; case "mutant": { dupHandle = new GenericHandle(phandle, handle, (int)MutantAccess.QueryState); var mutantProps = new MutantProperties(MutantHandle.FromHandle(dupHandle)); control.Controls.Add(mutantProps); } break; case "section": { dupHandle = new GenericHandle(phandle, handle, (int)SectionAccess.Query); var sectionProps = new SectionProperties(SectionHandle.FromHandle(dupHandle)); control.Controls.Add(sectionProps); } break; case "semaphore": { dupHandle = new GenericHandle(phandle, handle, (int)SemaphoreAccess.QueryState); var semaphoreProps = new SemaphoreProperties(SemaphoreHandle.FromHandle(dupHandle)); control.Controls.Add(semaphoreProps); } break; case "timer": { dupHandle = new GenericHandle(phandle, handle, (int)TimerAccess.QueryState); var timerProps = new TimerProperties(TimerHandle.FromHandle(dupHandle)); control.Controls.Add(timerProps); } break; case "tmrm": { dupHandle = new GenericHandle(phandle, handle, (int)ResourceManagerAccess.QueryInformation); var tmRmProps = new TmRmProperties(ResourceManagerHandle.FromHandle(dupHandle)); control.Controls.Add(tmRmProps); } break; case "tmtm": { dupHandle = new GenericHandle(phandle, handle, (int)TmAccess.QueryInformation); var tmTmProps = new TmTmProperties(TmHandle.FromHandle(dupHandle)); control.Controls.Add(tmTmProps); } break; } }; hw.Init(); IntPtr[] pages = new IntPtr[2]; pages[0] = hw.CreatePageHandle(); pages[1] = CreateSecurityPage(SecurityEditor.EditSecurity2( null, SecurityEditor.GetSecurableWrapper(dupHandle), hw._name, NativeTypeFactory.GetAccessEntries(NativeTypeFactory.GetObjectType(hw._typeName)) )); GCHandle gch = GCHandle.Alloc(pages, GCHandleType.Pinned); header.phpage = gch.AddrOfPinnedObject(); PropertySheetW(ref header); if (dupHandle != null) dupHandle.Dispose(); } } catch (Exception ex) { PhUtils.ShowException("Unable to show handle properties", ex); } }
public static void ShowHandleProperties(SystemHandleEntry handleInfo) { try { HandlePropertiesWindow window = new HandlePropertiesWindow(handleInfo); IntPtr handle = new IntPtr(handleInfo.Handle); ProcessHandle phandle = new ProcessHandle(handleInfo.ProcessId, ProcessAccess.DupHandle); GenericHandle dupHandle = null; window.HandlePropertiesCallback += (control, name, typeName) => { switch (typeName.ToLower()) { case "file": case "job": case "key": case "token": case "process": { Button b = new Button(); b.FlatStyle = FlatStyle.System; b.Text = "Properties..."; b.Click += (sender, e) => { try { switch (typeName.ToLower()) { case "file": { FileUtils.ShowProperties(name); } break; case "job": { dupHandle = new GenericHandle( phandle, handle, (int)JobObjectAccess.Query); (new JobWindow(JobObjectHandle.FromHandle(dupHandle))).ShowDialog(); } break; case "key": { try { PhUtils.OpenKeyInRegedit(Form.ActiveForm, name); } catch (Exception ex) { PhUtils.ShowException("Unable to open the Registry Editor", ex); } } break; case "token": { (new TokenWindow(new RemoteTokenHandle(phandle, handle))).ShowDialog(); } break; case "process": { int pid; if (KProcessHacker.Instance != null) { pid = KProcessHacker.Instance.KphGetProcessId(phandle, handle); } else { dupHandle = new GenericHandle( phandle, handle, (int)OSVersion.MinProcessQueryInfoAccess); pid = ProcessHandle.FromHandle(dupHandle).GetProcessId(); } Program.GetProcessWindow(Program.ProcessProvider.Dictionary[pid], (f) => Program.FocusWindow(f)); } break; } } catch (Exception ex) { PhUtils.ShowException("Unable to show object properties", ex); } }; control.Controls.Add(b); } break; case "event": { dupHandle = new GenericHandle(phandle, handle, (int)EventAccess.QueryState); var eventProps = new EventProperties(EventHandle.FromHandle(dupHandle)); control.Controls.Add(eventProps); } break; case "eventpair": { dupHandle = new GenericHandle(phandle, handle, (int)EventPairAccess.All); var eventPairProps = new EventPairProperties(EventPairHandle.FromHandle(dupHandle)); control.Controls.Add(eventPairProps); } break; case "mutant": { dupHandle = new GenericHandle(phandle, handle, (int)MutantAccess.QueryState); var mutantProps = new MutantProperties(MutantHandle.FromHandle(dupHandle)); control.Controls.Add(mutantProps); } break; case "section": { dupHandle = new GenericHandle(phandle, handle, (int)SectionAccess.Query); var sectionProps = new SectionProperties(SectionHandle.FromHandle(dupHandle)); control.Controls.Add(sectionProps); } break; case "semaphore": { dupHandle = new GenericHandle(phandle, handle, (int)SemaphoreAccess.QueryState); var semaphoreProps = new SemaphoreProperties(SemaphoreHandle.FromHandle(dupHandle)); control.Controls.Add(semaphoreProps); } break; case "timer": { dupHandle = new GenericHandle(phandle, handle, (int)TimerAccess.QueryState); var timerProps = new TimerProperties(TimerHandle.FromHandle(dupHandle)); control.Controls.Add(timerProps); } break; case "tmrm": { dupHandle = new GenericHandle(phandle, handle, (int)ResourceManagerAccess.QueryInformation); var tmRmProps = new TmRmProperties(ResourceManagerHandle.FromHandle(dupHandle)); control.Controls.Add(tmRmProps); } break; case "tmtm": { dupHandle = new GenericHandle(phandle, handle, (int)TmAccess.QueryInformation); var tmTmProps = new TmTmProperties(TmHandle.FromHandle(dupHandle)); control.Controls.Add(tmTmProps); } break; } }; if (dupHandle == null) { try { dupHandle = new GenericHandle(phandle, handle, 0); } catch { } } window.ObjectHandle = dupHandle; window.ShowDialog(); if (dupHandle != null) dupHandle.Dispose(); } catch (Exception ex) { PhUtils.ShowException("Unable to show handle properties", ex); } }