private static IEnumerable <string> EnumNameList(SafeKernelObjectHandle handle)
{
int size = 522;
for (int i = 0; i < 10; ++i)
{
using (var buffer = new SafeHGlobalBuffer(size))
{
NtStatus status = NtSystemCalls.NtUserBuildNameList(handle, buffer.Length, buffer, out size);
if (!status.IsSuccess())
{
if (status == NtStatus.STATUS_BUFFER_TOO_SMALL)
{
continue;
}
status.ToNtException();
}
int total_count = buffer.Read <int>(4);
int offset = 8;
while (total_count > 0)
{
string name = buffer.ReadNulTerminatedUnicodeString((ulong)offset);
yield return(name);
offset += (name.Length + 1) * 2;
total_count--;
}
yield break;
}
}
throw new NtException(NtStatus.STATUS_NO_MEMORY);
}
/// <summary>
/// Get a list of handles
/// </summary>
/// <param name="pid">A process ID to filter on. If -1 will get all handles</param>
/// <param name="allow_query">True to allow the handles returned to query for certain properties</param>
/// <returns>The list of handles</returns>
public static IEnumerable <NtHandle> GetHandles(int pid, bool allow_query)
{
using (SafeHGlobalBuffer handle_info = new SafeHGlobalBuffer(0x10000))
{
AllocateSafeBuffer(handle_info, SystemInformationClass.SystemHandleInformation);
int handle_count = handle_info.Read <Int32>(0);
SystemHandleTableInfoEntry[] handles = new SystemHandleTableInfoEntry[handle_count];
handle_info.ReadArray((ulong)IntPtr.Size, handles, 0, handle_count);
return(handles.Where(h => pid == -1 || h.UniqueProcessId == pid).Select(h => new NtHandle(h, allow_query)));
}
}