public static List <SystemHandleInformation> GetHandles(Process process)
{
var nHandleInfoSize = 0x10000;
var ipHandlePointer = Marshal.AllocHGlobal(nHandleInfoSize);
var nLength = 0;
IntPtr ipHandle;
while ((NtQuerySystemInformation(CnstSystemHandleInformation, ipHandlePointer, nHandleInfoSize, ref nLength)) == StatusInfoLengthMismatch)
{
nHandleInfoSize = nLength;
Marshal.FreeHGlobal(ipHandlePointer);
ipHandlePointer = Marshal.AllocHGlobal(nLength);
}
byte[] baTemp = new byte[nLength];
CopyMemory(baTemp, ipHandlePointer, (uint)nLength);
long lHandleCount;
if (Is64Bits())
{
lHandleCount = Marshal.ReadInt64(ipHandlePointer);
ipHandle = new IntPtr(ipHandlePointer.ToInt64() + 8);
}
else
{
lHandleCount = Marshal.ReadInt32(ipHandlePointer);
ipHandle = new IntPtr(ipHandlePointer.ToInt32() + 4);
}
SystemHandleInformation shHandle;
List <SystemHandleInformation> lstHandles = new List <SystemHandleInformation>();
for (long lIndex = 0; lIndex < lHandleCount; lIndex++)
{
shHandle = new SystemHandleInformation();
if (Is64Bits())
{
shHandle = (SystemHandleInformation)Marshal.PtrToStructure(ipHandle, shHandle.GetType());
ipHandle = new IntPtr(ipHandle.ToInt64() + Marshal.SizeOf(shHandle) + 8);
}
else
{
ipHandle = new IntPtr(ipHandle.ToInt64() + Marshal.SizeOf(shHandle));
shHandle = (SystemHandleInformation)Marshal.PtrToStructure(ipHandle, shHandle.GetType());
}
if (shHandle.ProcessID != process.Id)
{
continue;
}
lstHandles.Add(shHandle);
}
return(lstHandles);
}
public HandleViewModel(SystemHandleInformation info)
{
Info = info;
ObjectType = SystemInformation.GetKernelObjectTypeByIndex(info.ObjectTypeIndex);
}
