public static string GetObjectTypeName(SystemHandleInformation systemHandle, Process process) { var processHandle = Win32Api.OpenProcess(ProcessAccessFlags.All, false, process.Id); IntPtr pointerHandle; var basicInformation = new ObjectBasicInformation(); var objObjectType = new ObjectTypeInformation(); var informationLength = 0; if (!Win32Api.DuplicateHandle( processHandle, systemHandle.Handle, Win32Api.GetCurrentProcess(), out pointerHandle, 0, false, Win32Constants.DuplicateSameAccess)) { return(null); } var basicInformationPointer = Marshal.AllocHGlobal(Marshal.SizeOf(basicInformation)); Win32Api.NtQueryObject(pointerHandle, (int)ObjectInformationClassType.ObjectBasicInformation, basicInformationPointer, Marshal.SizeOf(basicInformation), ref informationLength); basicInformation = (ObjectBasicInformation)Marshal.PtrToStructure(basicInformationPointer, basicInformation.GetType()); Marshal.FreeHGlobal(basicInformationPointer); var basicInformationTypeInformationPointer = Marshal.AllocHGlobal(basicInformation.TypeInformationLength); informationLength = basicInformation.TypeInformationLength; while ((uint)Win32Api.NtQueryObject(pointerHandle, (int)ObjectInformationClassType.ObjectTypeInformation, basicInformationTypeInformationPointer, informationLength, ref informationLength) == Win32Constants.StatusInfoLengthMismatch) { Marshal.FreeHGlobal(basicInformationTypeInformationPointer); basicInformationTypeInformationPointer = Marshal.AllocHGlobal(informationLength); } objObjectType = (ObjectTypeInformation)Marshal.PtrToStructure(basicInformationTypeInformationPointer, objObjectType.GetType()); var objectNameBuffer = Is64Bits() ? new IntPtr(Convert.ToInt64(objObjectType.Name.Buffer.ToString(), 10) >> 32) : objObjectType.Name.Buffer; var strObjectTypeName = Marshal.PtrToStringUni(objectNameBuffer, objObjectType.Name.Length >> 1); Marshal.FreeHGlobal(basicInformationTypeInformationPointer); return(strObjectTypeName); }
public static string GetObjectName(SystemHandleInformation systemHandle, Process process) { var processHandlePointer = Win32Api.OpenProcess(ProcessAccessFlags.All, false, process.Id); IntPtr objectBasicInformationPointer; var objBasic = new ObjectBasicInformation(); var objObjectName = new ObjectNameInformation(); var nameInformationLength = 0; if (!Win32Api.DuplicateHandle( processHandlePointer, systemHandle.Handle, Win32Api.GetCurrentProcess(), out objectBasicInformationPointer, 0, false, Win32Constants.DuplicateSameAccess)) { return(null); } var basicObjectPointer = Marshal.AllocHGlobal(Marshal.SizeOf(objBasic)); Win32Api.NtQueryObject(objectBasicInformationPointer, (int)ObjectInformationClassType.ObjectBasicInformation, basicObjectPointer, Marshal.SizeOf(objBasic), ref nameInformationLength); objBasic = (ObjectBasicInformation)Marshal.PtrToStructure(basicObjectPointer, objBasic.GetType()); Marshal.FreeHGlobal(basicObjectPointer); nameInformationLength = objBasic.NameInformationLength; var nameInformationLengthPointer = Marshal.AllocHGlobal(nameInformationLength); while ((uint)Win32Api.NtQueryObject(objectBasicInformationPointer, (int)ObjectInformationClassType.ObjectNameInformation, nameInformationLengthPointer, nameInformationLength, ref nameInformationLength) == Win32Constants.StatusInfoLengthMismatch) { Marshal.FreeHGlobal(nameInformationLengthPointer); nameInformationLengthPointer = Marshal.AllocHGlobal(nameInformationLength); } objObjectName = (ObjectNameInformation)Marshal.PtrToStructure(nameInformationLengthPointer, objObjectName.GetType()); var objectNameBufferPointer = Is64Bits() ? new IntPtr(Convert.ToInt64(objObjectName.Name.Buffer.ToString(), 10) >> 32) : objObjectName.Name.Buffer; if (objectNameBufferPointer == IntPtr.Zero) { return(null); } var objectNameBuffer = new byte[nameInformationLength]; try { Marshal.Copy(objectNameBufferPointer, objectNameBuffer, 0, nameInformationLength); string strObjectName = Marshal.PtrToStringUni(Is64Bits() ? new IntPtr(objectNameBufferPointer.ToInt64()) : new IntPtr(objectNameBufferPointer.ToInt32())); return(strObjectName); } catch (AccessViolationException) { return(null); } finally { Marshal.FreeHGlobal(nameInformationLengthPointer); Win32Api.CloseHandle(objectBasicInformationPointer); } }