public static string GetObjectTypeName(SystemHandleInformation systemHandle, Process process)
{
var processHandle = Win32Api.OpenProcess(ProcessAccessFlags.All, false, process.Id);
IntPtr pointerHandle;
var basicInformation = new ObjectBasicInformation();
var objObjectType = new ObjectTypeInformation();
var informationLength = 0;
if (!Win32Api.DuplicateHandle(
processHandle,
systemHandle.Handle,
Win32Api.GetCurrentProcess(),
out pointerHandle,
0,
false,
Win32Constants.DuplicateSameAccess))
{
return(null);
}
var basicInformationPointer = Marshal.AllocHGlobal(Marshal.SizeOf(basicInformation));
Win32Api.NtQueryObject(pointerHandle, (int)ObjectInformationClassType.ObjectBasicInformation, basicInformationPointer, Marshal.SizeOf(basicInformation), ref informationLength);
basicInformation = (ObjectBasicInformation)Marshal.PtrToStructure(basicInformationPointer, basicInformation.GetType());
Marshal.FreeHGlobal(basicInformationPointer);
var basicInformationTypeInformationPointer = Marshal.AllocHGlobal(basicInformation.TypeInformationLength);
informationLength = basicInformation.TypeInformationLength;
while ((uint)Win32Api.NtQueryObject(pointerHandle, (int)ObjectInformationClassType.ObjectTypeInformation, basicInformationTypeInformationPointer, informationLength, ref informationLength) == Win32Constants.StatusInfoLengthMismatch)
{
Marshal.FreeHGlobal(basicInformationTypeInformationPointer);
basicInformationTypeInformationPointer = Marshal.AllocHGlobal(informationLength);
}
objObjectType = (ObjectTypeInformation)Marshal.PtrToStructure(basicInformationTypeInformationPointer, objObjectType.GetType());
var objectNameBuffer = Is64Bits() ? new IntPtr(Convert.ToInt64(objObjectType.Name.Buffer.ToString(), 10) >> 32) : objObjectType.Name.Buffer;
var strObjectTypeName = Marshal.PtrToStringUni(objectNameBuffer, objObjectType.Name.Length >> 1);
Marshal.FreeHGlobal(basicInformationTypeInformationPointer);
return(strObjectTypeName);
}
public static string GetObjectName(SystemHandleInformation systemHandle, Process process)
{
var processHandlePointer = Win32Api.OpenProcess(ProcessAccessFlags.All, false, process.Id);
IntPtr objectBasicInformationPointer;
var objBasic = new ObjectBasicInformation();
var objObjectName = new ObjectNameInformation();
var nameInformationLength = 0;
if (!Win32Api.DuplicateHandle(
processHandlePointer,
systemHandle.Handle,
Win32Api.GetCurrentProcess(),
out objectBasicInformationPointer,
0,
false,
Win32Constants.DuplicateSameAccess))
{
return(null);
}
var basicObjectPointer = Marshal.AllocHGlobal(Marshal.SizeOf(objBasic));
Win32Api.NtQueryObject(objectBasicInformationPointer, (int)ObjectInformationClassType.ObjectBasicInformation, basicObjectPointer, Marshal.SizeOf(objBasic), ref nameInformationLength);
objBasic = (ObjectBasicInformation)Marshal.PtrToStructure(basicObjectPointer, objBasic.GetType());
Marshal.FreeHGlobal(basicObjectPointer);
nameInformationLength = objBasic.NameInformationLength;
var nameInformationLengthPointer = Marshal.AllocHGlobal(nameInformationLength);
while ((uint)Win32Api.NtQueryObject(objectBasicInformationPointer, (int)ObjectInformationClassType.ObjectNameInformation, nameInformationLengthPointer, nameInformationLength, ref nameInformationLength) == Win32Constants.StatusInfoLengthMismatch)
{
Marshal.FreeHGlobal(nameInformationLengthPointer);
nameInformationLengthPointer = Marshal.AllocHGlobal(nameInformationLength);
}
objObjectName = (ObjectNameInformation)Marshal.PtrToStructure(nameInformationLengthPointer, objObjectName.GetType());
var objectNameBufferPointer = Is64Bits() ? new IntPtr(Convert.ToInt64(objObjectName.Name.Buffer.ToString(), 10) >> 32) : objObjectName.Name.Buffer;
if (objectNameBufferPointer == IntPtr.Zero)
{
return(null);
}
var objectNameBuffer = new byte[nameInformationLength];
try
{
Marshal.Copy(objectNameBufferPointer, objectNameBuffer, 0, nameInformationLength);
string strObjectName = Marshal.PtrToStringUni(Is64Bits() ? new IntPtr(objectNameBufferPointer.ToInt64()) : new IntPtr(objectNameBufferPointer.ToInt32()));
return(strObjectName);
}
catch (AccessViolationException)
{
return(null);
}
finally
{
Marshal.FreeHGlobal(nameInformationLengthPointer);
Win32Api.CloseHandle(objectBasicInformationPointer);
}
}
