/// <summary>
/// Get a list of handles
/// </summary>
/// <param name="pid">A process ID to filter on. If -1 will get all handles</param>
/// <param name="allow_query">True to allow the handles returned to query for certain properties</param>
/// <returns>The list of handles</returns>
public static IEnumerable <NtHandle> GetHandles(int pid, bool allow_query)
{
using (var buffer = QueryBuffer <SystemHandleInformationEx>(SystemInformationClass.SystemExtendedHandleInformation))
{
var handle_info = buffer.Result;
int handle_count = handle_info.NumberOfHandles.ToInt32();
SystemHandleTableInfoEntryEx[] handles = new SystemHandleTableInfoEntryEx[handle_count];
buffer.Data.ReadArray(0, handles, 0, handle_count);
return(handles.Where(h => pid == -1 || h.UniqueProcessId.ToInt32() == pid).Select(h => new NtHandle(h, allow_query)));
}
}
internal NtHandle(SystemHandleTableInfoEntryEx entry, bool allow_query)
{
ProcessId = entry.UniqueProcessId.ToInt32();
NtType info = NtType.GetTypeByIndex(entry.ObjectTypeIndex);
if (info != null)
{
NtType = info;
}
Attributes = (AttributeFlags)entry.HandleAttributes;
Handle = entry.HandleValue.ToInt32();
Object = entry.Object.ToUInt64();
GrantedAccess = entry.GrantedAccess.ToGenericAccess();
_allow_query = allow_query;
}
internal NtHandle(SystemHandleTableInfoEntryEx entry, bool allow_query, bool force_file_query, string process_image_path)
{
ProcessId = entry.UniqueProcessId.ToInt32();
NtType info = NtType.GetTypeByIndex(entry.ObjectTypeIndex);
if (info != null)
{
NtType = info;
}
Attributes = (AttributeFlags)entry.HandleAttributes;
Handle = entry.HandleValue.ToInt32();
Object = entry.Object.ToUInt64();
GrantedAccess = entry.GrantedAccess;
_allow_query = allow_query;
_force_file_query = force_file_query;
ProcessImagePath = process_image_path;
}
