Example #1
0
 private void ReleaseProcessHandle(SafeProcessHandle handle)
 {
     if (handle == null)
     {
         return;
     }
     if (haveProcessHandle && handle == m_processHandle)
     {
         return;
     }
     handle.Close();
 }
Example #2
0
        private static ModuleInfo[] GetModuleInfos(int processId, bool firstModuleOnly)
        {
            if (processId == NtProcessManager.SystemProcessID || processId == 0)
            {
                throw new Win32Exception(-2147467259, "EnumProcessModuleFailed");
            }
            SafeProcessHandle safeProcessHandle = SafeProcessHandle.InvalidHandle;

            ModuleInfo[] result;
            try
            {
                safeProcessHandle = ProcessManager.OpenProcess(processId, 1040, true);
                IntPtr[] array    = new IntPtr[64];
                GCHandle gCHandle = default(GCHandle);
                int      num      = 0;
                while (true)
                {
                    bool flag = false;
                    try
                    {
                        gCHandle = GCHandle.Alloc(array, GCHandleType.Pinned);
                        flag     = NativeMethods.EnumProcessModules(safeProcessHandle, gCHandle.AddrOfPinnedObject(), array.Length * IntPtr.Size, ref num);
                        if (!flag)
                        {
                            bool flag2 = false;
                            bool flag3 = false;
                            if (true)
                            {
                                SafeProcessHandle safeProcessHandle2 = SafeProcessHandle.InvalidHandle;
                                try
                                {
                                    safeProcessHandle2 = ProcessManager.OpenProcess(NativeMethods.GetCurrentProcessId(), 1024, true);
                                    if (!SafeNativeMethods.IsWow64Process(safeProcessHandle2, ref flag2))
                                    {
                                        throw new Win32Exception();
                                    }
                                    if (!SafeNativeMethods.IsWow64Process(safeProcessHandle, ref flag3))
                                    {
                                        throw new Win32Exception();
                                    }
                                    if (flag2 && !flag3)
                                    {
                                        throw new Win32Exception(299, "EnumProcessModuleFailedDueToWow");
                                    }
                                }
                                finally
                                {
                                    if (safeProcessHandle2 != SafeProcessHandle.InvalidHandle)
                                    {
                                        safeProcessHandle2.Close();
                                    }
                                }
                            }
                            for (int i = 0; i < 50; i++)
                            {
                                flag = NativeMethods.EnumProcessModules(safeProcessHandle, gCHandle.AddrOfPinnedObject(), array.Length * IntPtr.Size, ref num);
                                if (flag)
                                {
                                    break;
                                }
                                Thread.Sleep(1);
                            }
                        }
                    }
                    finally
                    {
                        gCHandle.Free();
                    }
                    if (!flag)
                    {
                        break;
                    }
                    num /= IntPtr.Size;
                    if (num <= array.Length)
                    {
                        goto IL_157;
                    }
                    array = new IntPtr[array.Length * 2];
                }
                throw new Win32Exception();
IL_157:
                ArrayList arrayList = new ArrayList();
                for (int j = 0; j < num; j++)
                {
                    try
                    {
                        ModuleInfo moduleInfo = new ModuleInfo();
                        IntPtr     handle     = array[j];
                        NativeMethods.NtModuleInfo ntModuleInfo = new NativeMethods.NtModuleInfo();
                        if (!NativeMethods.GetModuleInformation(safeProcessHandle, new HandleRef(null, handle), ntModuleInfo, Marshal.SizeOf(ntModuleInfo)))
                        {
                            throw new Win32Exception();
                        }
                        moduleInfo.sizeOfImage = ntModuleInfo.SizeOfImage;
                        moduleInfo.entryPoint  = ntModuleInfo.EntryPoint;
                        moduleInfo.baseOfDll   = ntModuleInfo.BaseOfDll;
                        StringBuilder stringBuilder = new StringBuilder(1024);
                        if (NativeMethods.GetModuleBaseName(safeProcessHandle, new HandleRef(null, handle), stringBuilder, stringBuilder.Capacity * 2) == 0)
                        {
                            throw new Win32Exception();
                        }
                        moduleInfo.baseName = stringBuilder.ToString();
                        StringBuilder stringBuilder2 = new StringBuilder(1024);
                        if (NativeMethods.GetModuleFileNameEx(safeProcessHandle, new HandleRef(null, handle), stringBuilder2, stringBuilder2.Capacity * 2) == 0)
                        {
                            throw new Win32Exception();
                        }
                        moduleInfo.fileName = stringBuilder2.ToString();
                        if (string.Compare(moduleInfo.fileName, "\\SystemRoot\\System32\\smss.exe", StringComparison.OrdinalIgnoreCase) == 0)
                        {
                            moduleInfo.fileName = Path.Combine(Environment.SystemDirectory, "smss.exe");
                        }
                        if (moduleInfo.fileName != null && moduleInfo.fileName.Length >= 4 && moduleInfo.fileName.StartsWith("\\\\?\\", StringComparison.Ordinal))
                        {
                            moduleInfo.fileName = moduleInfo.fileName.Substring(4);
                        }
                        arrayList.Add(moduleInfo);
                    }
                    catch (Win32Exception ex)
                    {
                        if (ex.NativeErrorCode != 6 && ex.NativeErrorCode != 299)
                        {
                            throw;
                        }
                    }
                    if (firstModuleOnly)
                    {
                        break;
                    }
                }
                ModuleInfo[] array2 = new ModuleInfo[arrayList.Count];
                arrayList.CopyTo(array2, 0);
                result = array2;
            }
            finally
            {
                if (!safeProcessHandle.IsInvalid)
                {
                    safeProcessHandle.Close();
                }
            }
            return(result);
        }