public static IEnumerator <FileHandleInfo> GetOpenFileHandleEnumerator(int processId, SmartPtr systemHandleInformationPointer, int handleCount) { //using (SmartPtr sptr = SystemInformation.GetSystemHandleInformation()) //{ //var information = (SystemHandlesInformation)Marshal.PtrToStructure(sptr.Pointer, typeof(SystemHandlesInformation)); //int handleCount = information.Count; //int handleCount = Marshal.ReadInt32(sptr.Pointer); int offset = FirstHandleOffset; for (int i = 0; i < handleCount; i++, offset += SystemHandleEntrySize) { //var entry = (SystemHandleEntry)Marshal.PtrToStructure((IntPtr) ((long) sptr.Pointer + offset), typeof (SystemHandleEntry)); var entry = (SystemHandleEntry)Marshal.PtrToStructure((IntPtr)(systemHandleInformationPointer.Pointer + offset), typeof(SystemHandleEntry)); IntPtr handle = (IntPtr)entry.HandleValue; SystemHandleType handleType; string devicePath; if (entry.OwnerPid != processId) { continue; } if (!HandleInformation.GetHandleType(handle, processId, out handleType)) { continue; } if (handleType != SystemHandleType.File) { continue; } devicePath = null; if (!GetFileNameFromHandle(handle, processId, out devicePath)) { continue; } FileSystemInfo info = GetFileSystemInfo(devicePath); if (info != null) { yield return(new FileHandleInfo(handle, info)); ; } } //} }
internal static extern bool SetHandleInformation(IntPtr hObject, HandleInformation dwMask, HandleInformation dwFlags);
public static List <HandleInformation> GetHandlesByType(string strHandleType = "Directory") { uint nStatus; var nHandleInfoSize = 0x10000; var ipHandlePointer = Marshal.AllocHGlobal(nHandleInfoSize); var nLength = 0; var ipHandle = IntPtr.Zero; while ((nStatus = Native.NtQuerySystemInformation(CNST_SYSTEM_HANDLE_INFORMATION, ipHandlePointer, nHandleInfoSize, ref nLength)) == STATUS_INFO_LENGTH_MISMATCH) { nHandleInfoSize = nLength; Marshal.FreeHGlobal(ipHandlePointer); ipHandlePointer = Marshal.AllocHGlobal(nLength); } var baTemp = new byte[nLength]; Marshal.Copy(ipHandlePointer, baTemp, 0, nLength); long lHandleCount = 0; if (Is64Bits()) { lHandleCount = Marshal.ReadInt64(ipHandlePointer); ipHandle = new IntPtr(ipHandlePointer.ToInt64() + 8); } else { lHandleCount = Marshal.ReadInt32(ipHandlePointer); ipHandle = new IntPtr(ipHandlePointer.ToInt32() + 4); } List <HandleInformation> toReturn = new List <HandleInformation>(); for (long lIndex = 0; lIndex < lHandleCount; lIndex++) { var shHandle = new SYSTEM_HANDLE_INFORMATION(); var realInfo = new HandleInformation(); if (Is64Bits()) { shHandle = (SYSTEM_HANDLE_INFORMATION)Marshal.PtrToStructure(ipHandle, shHandle.GetType()); ipHandle = new IntPtr(ipHandle.ToInt64() + Marshal.SizeOf(shHandle) + 8); } else { ipHandle = new IntPtr(ipHandle.ToInt64() + Marshal.SizeOf(shHandle)); shHandle = (SYSTEM_HANDLE_INFORMATION)Marshal.PtrToStructure(ipHandle, shHandle.GetType()); } if (MiniMem.AttachedProcess.ProcessObject != null) { if (shHandle.ProcessID != MiniMem.AttachedProcess.ProcessObject.Id) { continue; } } if (strHandleType != null) { var strObjectTypeName = getObjectTypeName(shHandle, Process.GetProcessById(shHandle.ProcessID)); if (strObjectTypeName != strHandleType) { continue; } } realInfo.HandleName = getObjectName(shHandle, Process.GetProcessById(shHandle.ProcessID)); realInfo.Advanced = shHandle; if (realInfo.HandleName == null) { continue; } toReturn.Add(realInfo); } return(toReturn); }