/// <summary> /// Returns a collection of handles that are currently active within the system /// </summary> /// <returns>A collection of active handles</returns> public static ICollection <HandleInfo> GetHandles() { byte[] buffer; NtStatus status; int size = 1024; uint actualSize = 0; do { buffer = new byte[size]; status = NtDll.NtQuerySystemInformation(SystemInformationType.HandleInformation, buffer, Convert.ToUInt32(size), ref actualSize); if (status != NtStatus.Success && status != NtStatus.BufferTooSmall && status != NtStatus.InfoLengthMismatch) { throw new Win32Exception("Could not retrieve system handle information"); } size = Convert.ToInt32(actualSize); } while (status != NtStatus.Success); int count = Seriz.Parse <int>(buffer); NtDll.SystemHandle[] systemHandles = Seriz.Parse <NtDll.SystemHandle>(buffer.Skip(4).ToArray(), count); List <HandleInfo> results = new List <HandleInfo>(); foreach (var handle in systemHandles) { results.Add(new HandleInfo(Convert.ToInt32(handle.ProcessId), handle.Type, new IntPtr(handle.Handle), handle.AccessMask)); } return(results); }
public static unsafe void VisitProcesses(ResizeableBuffer resizeableBuffer, SystemProcInfoVisitor visit) { var size = 100 * 1024; while (true) { var buffer = resizeableBuffer.Get(ref size, false); fixed(byte *ptr = buffer) { var status = NtDll.NtQuerySystemInformation( SYSTEM_INFORMATION_CLASS.SystemProcessInformation, (IntPtr)ptr, buffer.Length, out size); if (status == NtStatus.STATUS_INFO_LENGTH_MISMATCH) { continue; } if (!status.IsSuccessful()) { throw new InvalidOperationException($"Can't query SystemProcessInformation. NtStatus: 0x{status:X}"); } VisitProcesses(ptr, buffer, visit); return; } } }
public NhaamaHandle[] GetHandles() { var handles = new List <NhaamaHandle>(); var nHandleInfoSize = 0x10000; var ipHandlePointer = Marshal.AllocHGlobal(nHandleInfoSize); var nLength = 0; IntPtr ipHandle; while ((NtDll.NtQuerySystemInformation(SYSTEM_INFORMATION_CLASS.SystemHandleInformation, ipHandlePointer, nHandleInfoSize, ref nLength)) == NtStatus.InfoLengthMismatch) { nHandleInfoSize = nLength; Marshal.FreeHGlobal(ipHandlePointer); ipHandlePointer = Marshal.AllocHGlobal(nLength); } byte[] baTemp = new byte[nLength]; Marshal.Copy(ipHandlePointer, baTemp, 0, nLength); long lHandleCount; if (Is64BitProcess()) { lHandleCount = Marshal.ReadInt64(ipHandlePointer); ipHandle = new IntPtr(ipHandlePointer.ToInt64() + 8); } else { lHandleCount = Marshal.ReadInt32(ipHandlePointer); ipHandle = new IntPtr(ipHandlePointer.ToInt32() + 4); } SYSTEM_HANDLE_INFORMATION shHandle; List <SYSTEM_HANDLE_INFORMATION> test = new List <SYSTEM_HANDLE_INFORMATION>(); for (long lIndex = 0; lIndex < lHandleCount; lIndex++) { shHandle = new SYSTEM_HANDLE_INFORMATION(); if (Is64BitProcess()) { shHandle = (SYSTEM_HANDLE_INFORMATION)Marshal.PtrToStructure(ipHandle, shHandle.GetType()); ipHandle = new IntPtr(ipHandle.ToInt64() + Marshal.SizeOf(shHandle) + 8); } else { ipHandle = new IntPtr(ipHandle.ToInt64() + Marshal.SizeOf(shHandle)); shHandle = (SYSTEM_HANDLE_INFORMATION)Marshal.PtrToStructure(ipHandle, shHandle.GetType()); } if (shHandle.ProcessID != BaseProcess.Id) { continue; } try { test.Add(shHandle); } catch { // ignored } } foreach (var systemHandleInformation in test) { try { handles.Add(new NhaamaHandle(new IntPtr(systemHandleInformation.Handle), this)); } catch { //ignored } } return(handles.ToArray()); }