예제 #1
0
 public void Kill()
 {
     using (var p = Process.GetProcessById((int)handleInfo.UniqueProcessId.ToUInt32()))
     {
         IntPtr handle = IntPtr.Zero;
         try
         {
             if (!Win32Api.DuplicateHandle(p.Handle, handleInfo.HandleValue, Win32Api.GetCurrentProcess(), out handle, 0, false, Win32Api.DUPLICATE_CLOSE_SOURCE))
             {
                 throw new System.ComponentModel.Win32Exception(Marshal.GetLastWin32Error());
             }
         }
         finally
         {
             if (handle != IntPtr.Zero)
             {
                 Win32Api.CloseHandle(handle);
             }
         }
     }
 }
예제 #2
0
        public static string GetObjectName(Win32Api.SYSTEM_HANDLE_TABLE_ENTRY_INFO_EX handle)
        {
            IntPtr _processHandle = Win32Api.OpenProcess(Win32Api.ProcessAccessFlags.All, false, handle.UniqueProcessId);
            IntPtr _handle        = IntPtr.Zero;

            try
            {
                if (!Win32Api.DuplicateHandle(_processHandle, handle.HandleValue, Win32Api.GetCurrentProcess(), out _handle, 0, false, Win32Api.DUPLICATE_SAME_ACCESS))
                {
                    return(null);
                }

                IntPtr _basic     = IntPtr.Zero;
                int    nameLength = 0;

                try
                {
                    Win32Api.OBJECT_BASIC_INFORMATION basicInfo = new Win32Api.OBJECT_BASIC_INFORMATION();
                    _basic = Marshal.AllocHGlobal(Marshal.SizeOf(basicInfo));

                    Win32Api.NtQueryObject(_handle, (int)Win32Api.ObjectInformationClass.ObjectBasicInformation, _basic, Marshal.SizeOf(basicInfo), ref nameLength);
                    basicInfo  = (Win32Api.OBJECT_BASIC_INFORMATION)Marshal.PtrToStructure(_basic, basicInfo.GetType());
                    nameLength = basicInfo.NameInformationLength;
                }
                finally
                {
                    if (_basic != IntPtr.Zero)
                    {
                        Marshal.FreeHGlobal(_basic);
                    }
                }

                if (nameLength == 0)
                {
                    return(null);
                }

                Win32Api.OBJECT_NAME_INFORMATION nameInfo = new Win32Api.OBJECT_NAME_INFORMATION();
                IntPtr _objectName = Marshal.AllocHGlobal(nameLength);

                try
                {
                    while ((uint)(Win32Api.NtQueryObject(_handle, (int)Win32Api.ObjectInformationClass.ObjectNameInformation, _objectName, nameLength, ref nameLength)) == Win32Api.STATUS_INFO_LENGTH_MISMATCH)
                    {
                        Marshal.FreeHGlobal(_objectName);
                        _objectName = Marshal.AllocHGlobal(nameLength);
                    }
                    nameInfo = (Win32Api.OBJECT_NAME_INFORMATION)Marshal.PtrToStructure(_objectName, nameInfo.GetType());
                }
                finally
                {
                    Marshal.FreeHGlobal(_objectName);
                    Win32Api.CloseHandle(_handle);
                }

                try
                {
                    return(Marshal.PtrToStringUni(nameInfo.Name.Buffer, nameInfo.Name.Length >> 1));
                }
                catch
                {
                }

                return(null);
            }
            finally
            {
                if (_processHandle != IntPtr.Zero)
                {
                    Win32Api.CloseHandle(_processHandle);
                }
            }
        }