Exemplo n.º 1
0
    private static string GetHandleTypeToken(IntPtr handle, int processId)
    {
        IntPtr            currentProcess = NativeMethods.GetCurrentProcess();
        bool              remote         = (processId != NativeMethods.GetProcessId(currentProcess));
        SafeProcessHandle processHandle  = null;
        SafeObjectHandle  objectHandle   = null;

        try
        {
            if (remote)
            {
                processHandle = NativeMethods.OpenProcess(ProcessAccessRights.PROCESS_DUP_HANDLE, true, processId);
                if (NativeMethods.DuplicateHandle(processHandle.DangerousGetHandle(), handle, currentProcess, out objectHandle, 0, false, DuplicateHandleOptions.DUPLICATE_SAME_ACCESS))
                {
                    handle = objectHandle.DangerousGetHandle();
                }
            }
            return(GetHandleTypeToken(handle));
        }
        finally
        {
            if (remote)
            {
                if (processHandle != null)
                {
                    processHandle.Close();
                }
                if (objectHandle != null)
                {
                    objectHandle.Close();
                }
            }
        }
    }
Exemplo n.º 2
0
        private static bool GetFileNameFromHandle(IntPtr handle, int processId, out string fileName)
        {
            IntPtr            currentProcess = GetCurrentProcess();
            bool              remote         = processId != GetProcessId(currentProcess);
            SafeProcessHandle processHandle  = null;
            SafeObjectHandle  objectHandle   = null;

            try
            {
                if (remote)
                {
                    processHandle = OpenProcess(ProcessAccessRights.PROCESS_DUP_HANDLE, true, processId);
                    if (DuplicateHandle(processHandle.DangerousGetHandle(), handle, currentProcess, out objectHandle, 0, false, DuplicateHandleOptions.DUPLICATE_SAME_ACCESS))
                    {
                        handle = objectHandle.DangerousGetHandle();
                    }
                }
                return(GetFileNameFromHandle(handle, out fileName, 200));
            }
            finally
            {
                if (remote)
                {
                    if (processHandle != null)
                    {
                        processHandle.Close();
                    }
                    if (objectHandle != null)
                    {
                        objectHandle.Close();
                    }
                }
            }
        }
Exemplo n.º 3
0
        private static bool ExtractFileNameFromHandle(SYSTEM_HANDLE_ENTRY handleEntry, SafeHandle processHandle, out string fileName)
        {
            var handle = (IntPtr)handleEntry.HandleValue;

            SafeObjectHandle duplicatedHandle = null;

            try
            {
                if (!DuplicateHandle(handle, processHandle, out duplicatedHandle))
                {
                    fileName = null;
                    return(false);
                }

                handle = duplicatedHandle.DangerousGetHandle();

                if (GetHandleType(handle, out var handleType) && handleType == SystemHandleType.OB_TYPE_FILE)
                {
                    if (GetFileNameFromHandle(handle, out var devicePath))
                    {
                        return(ConvertDevicePathToDosPath(devicePath, out fileName));
                    }
                }
            }
            finally
            {
                duplicatedHandle?.Close();
            }

            fileName = null;
            return(false);
        }
Exemplo n.º 4
0
        public static bool HandleAction(IntPtr handle, int processId, HandleDelegate handleDelegate,
                                        params object[] args)
        {
            Process currentProcess = Process.GetCurrentProcess();

            bool remote = (processId != currentProcess.Id);

            SafeProcessHandle processHandle = null;

            SafeObjectHandle objectHandle = null;

            try
            {
                if (remote)
                {
                    processHandle = NativeMethods.OpenProcess(ProcessAccessRights.DuplicateHandle, true, processId);

                    if (NativeMethods.DuplicateHandle(processHandle.DangerousGetHandle(), handle, currentProcess.Handle,
                                                      out objectHandle, 0, false,
                                                      DuplicateHandleOptions.SameAccess))
                    {
                        handle = objectHandle.DangerousGetHandle();
                    }
                }
                return(handleDelegate.Invoke(handle, args));
            }

            finally
            {
                if (remote)
                {
                    if (processHandle != null)
                    {
                        processHandle.Close();
                    }

                    if (objectHandle != null)
                    {
                        objectHandle.Close();
                    }
                }
            }
        }
Exemplo n.º 5
0
        public static bool GetFileNameFromHandle(IntPtr handle, int processId, out string fileName)
        {
            Process currentProcess = Process.GetCurrentProcess();

            bool remote = (processId != currentProcess.Id);

            SafeProcessHandle remoteProcessHandle = null;

            SafeObjectHandle objectHandle = null;

            try
            {
                if (remote)
                {
                    remoteProcessHandle = NativeMethods.OpenProcess(ProcessAccessRights.DuplicateHandle, true, processId);

                    if (NativeMethods.DuplicateHandle(remoteProcessHandle.DangerousGetHandle(), handle, currentProcess.Handle,
                                                      out objectHandle, 0, false,
                                                      DuplicateHandleOptions.SameAccess))
                    {
                        handle = objectHandle.DangerousGetHandle();
                    }
                }
                return(GetFileNameFromHandle(handle, out fileName));
            }

            finally
            {
                if (remote)
                {
                    if (remoteProcessHandle != null)
                    {
                        remoteProcessHandle.Close();
                    }

                    if (objectHandle != null)
                    {
                        objectHandle.Close();
                    }
                }
            }
        }