/// <summary> /// Get a list of handles /// </summary> /// <param name="pid">A process ID to filter on. If -1 will get all handles</param> /// <param name="allow_query">True to allow the handles returned to query for certain properties</param> /// <returns>The list of handles</returns> public static IEnumerable <NtHandle> GetHandles(int pid, bool allow_query) { using (var buffer = QueryBuffer <SystemHandleInformationEx>(SystemInformationClass.SystemExtendedHandleInformation)) { var handle_info = buffer.Result; int handle_count = handle_info.NumberOfHandles.ToInt32(); SystemHandleTableInfoEntryEx[] handles = new SystemHandleTableInfoEntryEx[handle_count]; buffer.Data.ReadArray(0, handles, 0, handle_count); return(handles.Where(h => pid == -1 || h.UniqueProcessId.ToInt32() == pid).Select(h => new NtHandle(h, allow_query))); } }
internal NtHandle(SystemHandleTableInfoEntryEx entry, bool allow_query) { ProcessId = entry.UniqueProcessId.ToInt32(); NtType info = NtType.GetTypeByIndex(entry.ObjectTypeIndex); if (info != null) { NtType = info; } Attributes = (AttributeFlags)entry.HandleAttributes; Handle = entry.HandleValue.ToInt32(); Object = entry.Object.ToUInt64(); GrantedAccess = entry.GrantedAccess.ToGenericAccess(); _allow_query = allow_query; }
internal NtHandle(SystemHandleTableInfoEntryEx entry, bool allow_query, bool force_file_query, string process_image_path) { ProcessId = entry.UniqueProcessId.ToInt32(); NtType info = NtType.GetTypeByIndex(entry.ObjectTypeIndex); if (info != null) { NtType = info; } Attributes = (AttributeFlags)entry.HandleAttributes; Handle = entry.HandleValue.ToInt32(); Object = entry.Object.ToUInt64(); GrantedAccess = entry.GrantedAccess; _allow_query = allow_query; _force_file_query = force_file_query; ProcessImagePath = process_image_path; }