public ObjectHandle(Win32Api.SYSTEM_HANDLE_TABLE_ENTRY_INFO_EX info) { this.handleInfo = info; }
public static IObjectHandle GetHandle(int processId, string objectName, bool exactMatch) { int infoLength = 0x10000; int length = 0; IntPtr _info = Marshal.AllocHGlobal(infoLength); IntPtr _handle = IntPtr.Zero; long handleCount = 0; try { while ((Win32Api.NtQuerySystemInformation(CNST_SYSTEM_EXTENDED_HANDLE_INFORMATION, _info, infoLength, ref length)) == STATUS_INFO_LENGTH_MISMATCH) { infoLength = length; Marshal.FreeHGlobal(_info); _info = Marshal.AllocHGlobal(infoLength); } if (IS_64) { handleCount = Marshal.ReadInt64(_info); _handle = new IntPtr(_info.ToInt64() + 16); } else { handleCount = Marshal.ReadInt32(_info); _handle = new IntPtr(_info.ToInt32() + 8); } Win32Api.SYSTEM_HANDLE_TABLE_ENTRY_INFO_EX handleInfo; List<Win32Api.SYSTEM_HANDLE_TABLE_ENTRY_INFO_EX> handles = new List<Win32Api.SYSTEM_HANDLE_TABLE_ENTRY_INFO_EX>(); handleInfo = new Win32Api.SYSTEM_HANDLE_TABLE_ENTRY_INFO_EX(); int infoSize = Marshal.SizeOf(handleInfo); Type infoType = handleInfo.GetType(); for (long i = 0; i < handleCount; i++) { if (IS_64) { handleInfo = (Win32Api.SYSTEM_HANDLE_TABLE_ENTRY_INFO_EX)Marshal.PtrToStructure(_handle, infoType); _handle = new IntPtr(_handle.ToInt64() + infoSize); } else { handleInfo = (Win32Api.SYSTEM_HANDLE_TABLE_ENTRY_INFO_EX)Marshal.PtrToStructure(_handle, infoType); _handle = new IntPtr(_handle.ToInt32() + infoSize); } if (processId > 0 && handleInfo.UniqueProcessId.ToUInt32() != processId) continue; string name = GetObjectName(handleInfo); if (name == null) continue; if (exactMatch) { if (!name.Equals(objectName)) continue; } else if (!name.Contains(objectName)) continue; return new ObjectHandle(handleInfo); } } finally { Marshal.FreeHGlobal(_info); } return null; }
public static string GetObjectName(Win32Api.SYSTEM_HANDLE_TABLE_ENTRY_INFO_EX handle) { IntPtr _processHandle = Win32Api.OpenProcess(Win32Api.ProcessAccessFlags.All, false, handle.UniqueProcessId); IntPtr _handle = IntPtr.Zero; try { if (!Win32Api.DuplicateHandle(_processHandle, handle.HandleValue, Win32Api.GetCurrentProcess(), out _handle, 0, false, Win32Api.DUPLICATE_SAME_ACCESS)) { return(null); } IntPtr _basic = IntPtr.Zero; int nameLength = 0; try { Win32Api.OBJECT_BASIC_INFORMATION basicInfo = new Win32Api.OBJECT_BASIC_INFORMATION(); _basic = Marshal.AllocHGlobal(Marshal.SizeOf(basicInfo)); Win32Api.NtQueryObject(_handle, (int)Win32Api.ObjectInformationClass.ObjectBasicInformation, _basic, Marshal.SizeOf(basicInfo), ref nameLength); basicInfo = (Win32Api.OBJECT_BASIC_INFORMATION)Marshal.PtrToStructure(_basic, basicInfo.GetType()); nameLength = basicInfo.NameInformationLength; } finally { if (_basic != IntPtr.Zero) { Marshal.FreeHGlobal(_basic); } } if (nameLength == 0) { return(null); } Win32Api.OBJECT_NAME_INFORMATION nameInfo = new Win32Api.OBJECT_NAME_INFORMATION(); IntPtr _objectName = Marshal.AllocHGlobal(nameLength); try { while ((uint)(Win32Api.NtQueryObject(_handle, (int)Win32Api.ObjectInformationClass.ObjectNameInformation, _objectName, nameLength, ref nameLength)) == Win32Api.STATUS_INFO_LENGTH_MISMATCH) { Marshal.FreeHGlobal(_objectName); _objectName = Marshal.AllocHGlobal(nameLength); } nameInfo = (Win32Api.OBJECT_NAME_INFORMATION)Marshal.PtrToStructure(_objectName, nameInfo.GetType()); } finally { Marshal.FreeHGlobal(_objectName); Win32Api.CloseHandle(_handle); } try { return(Marshal.PtrToStringUni(nameInfo.Name.Buffer, nameInfo.Name.Length >> 1)); } catch { } return(null); } finally { if (_processHandle != IntPtr.Zero) { Win32Api.CloseHandle(_processHandle); } } }
public static IObjectHandle GetHandle(int processId, string objectName, bool exactMatch) { int infoLength = 0x10000; int length = 0; IntPtr _info = Marshal.AllocHGlobal(infoLength); IntPtr _handle = IntPtr.Zero; long handleCount = 0; try { while ((Win32Api.NtQuerySystemInformation(CNST_SYSTEM_EXTENDED_HANDLE_INFORMATION, _info, infoLength, ref length)) == STATUS_INFO_LENGTH_MISMATCH) { infoLength = length; Marshal.FreeHGlobal(_info); _info = Marshal.AllocHGlobal(infoLength); } if (IS_64) { handleCount = Marshal.ReadInt64(_info); _handle = new IntPtr(_info.ToInt64() + 16); } else { handleCount = Marshal.ReadInt32(_info); _handle = new IntPtr(_info.ToInt32() + 8); } Win32Api.SYSTEM_HANDLE_TABLE_ENTRY_INFO_EX handleInfo; List <Win32Api.SYSTEM_HANDLE_TABLE_ENTRY_INFO_EX> handles = new List <Win32Api.SYSTEM_HANDLE_TABLE_ENTRY_INFO_EX>(); handleInfo = new Win32Api.SYSTEM_HANDLE_TABLE_ENTRY_INFO_EX(); int infoSize = Marshal.SizeOf(handleInfo); Type infoType = handleInfo.GetType(); for (long i = 0; i < handleCount; i++) { if (IS_64) { handleInfo = (Win32Api.SYSTEM_HANDLE_TABLE_ENTRY_INFO_EX)Marshal.PtrToStructure(_handle, infoType); _handle = new IntPtr(_handle.ToInt64() + infoSize); } else { handleInfo = (Win32Api.SYSTEM_HANDLE_TABLE_ENTRY_INFO_EX)Marshal.PtrToStructure(_handle, infoType); _handle = new IntPtr(_handle.ToInt32() + infoSize); } if (processId > 0 && handleInfo.UniqueProcessId.ToUInt32() != processId) { continue; } string name = GetObjectName(handleInfo); if (name == null) { continue; } if (exactMatch) { if (!name.Equals(objectName)) { continue; } } else if (!name.Contains(objectName)) { continue; } return(new ObjectHandle(handleInfo)); } } finally { Marshal.FreeHGlobal(_info); } return(null); }