public static SmartPtr GetSystemHandleInformation()
{
int length = 0x10000;
while (true)
{
using (SmartPtr ptr = new SmartPtr())
{
ptr.Allocate(length);
int returnLength;
NtStatus ret = NativeMethods.NtQuerySystemInformation(
SystemInformationClass.
SystemHandleInformation,
ptr.Pointer, length, out returnLength
);
if (ret == NtStatus.InfoLengthMismatch)
{
length *= 2;
if (length > 1024 * 1024 * 1024)
{
throw new OutOfMemoryException("NtQuerySystemInformation fails");
}
}
else if (ret == NtStatus.Success)
{
return(ptr.Clone());
}
}
}
}
private static string GetHandleTypeToken(IntPtr handle)
{
int length;
NativeMethods.NtQueryObject(
handle, ObjectInformationClass.ObjectTypeInformation, IntPtr.Zero, 0,
out length
);
using (SmartPtr sptr = new SmartPtr())
{
sptr.Allocate(length);
if (NativeMethods.NtQueryObject(
handle, ObjectInformationClass.ObjectTypeInformation,
sptr.Pointer, length, out length
) == NtStatus.Success
)
{
ObjectTypeInformation oti =
(ObjectTypeInformation)Marshal.PtrToStructure(sptr.Pointer, typeof(ObjectTypeInformation));
UnicodeString unicodeType = oti.Name;
string typeName = unicodeType.GetValue();
return(typeName);
}
}
return(string.Empty);
}
public static bool GetFileNameFromHandle(IntPtr handle, out string fileName)
{
int[] length = { 0x2000 }; // 512 bytes
using (SmartPtr sptr = new SmartPtr())
{
sptr.Allocate(length[0]);
HandleFlag flag;
if (!NativeMethods.GetHandleInformation(handle, out flag))
{
fileName = null;
return(false);
}
if (flag != HandleFlag.None)
{
fileName = null;
return(false);
}
NtStatus ret = default(NtStatus);
ThreadStart threadStart = delegate
{
ret = NativeMethods.NtQueryObject(handle, ObjectInformationClass.ObjectNameInformation,
sptr.Pointer, length[0], out length[0]);
};
Thread thread = new Thread(threadStart);
thread.Start();
bool result = thread.Join(100);
if (!result)
{
fileName = null;
return(false);
}
if (ret == NtStatus.BufferOverflow)
{
sptr.ReAllocate(length[0]);
ret = NativeMethods.NtQueryObject(handle, ObjectInformationClass.ObjectNameInformation, sptr.Pointer,
length[0], out length[0]);
}
if (ret == NtStatus.Success)
{
ObjectNameInformation oti =
(ObjectNameInformation)Marshal.PtrToStructure(sptr.Pointer, typeof(ObjectNameInformation));
UnicodeString unicodeName = oti.Name;
fileName = unicodeName.GetValue();
return(fileName.Length != 0);
}
}
fileName = string.Empty;
return(false);
}