public ObjectHandle(Win32Api.SYSTEM_HANDLE_TABLE_ENTRY_INFO_EX info)
{
this.handleInfo = info;
}
public static IObjectHandle GetHandle(int processId, string objectName, bool exactMatch)
{
int infoLength = 0x10000;
int length = 0;
IntPtr _info = Marshal.AllocHGlobal(infoLength);
IntPtr _handle = IntPtr.Zero;
long handleCount = 0;
try
{
while ((Win32Api.NtQuerySystemInformation(CNST_SYSTEM_EXTENDED_HANDLE_INFORMATION, _info, infoLength, ref length)) == STATUS_INFO_LENGTH_MISMATCH)
{
infoLength = length;
Marshal.FreeHGlobal(_info);
_info = Marshal.AllocHGlobal(infoLength);
}
if (IS_64)
{
handleCount = Marshal.ReadInt64(_info);
_handle = new IntPtr(_info.ToInt64() + 16);
}
else
{
handleCount = Marshal.ReadInt32(_info);
_handle = new IntPtr(_info.ToInt32() + 8);
}
Win32Api.SYSTEM_HANDLE_TABLE_ENTRY_INFO_EX handleInfo;
List<Win32Api.SYSTEM_HANDLE_TABLE_ENTRY_INFO_EX> handles = new List<Win32Api.SYSTEM_HANDLE_TABLE_ENTRY_INFO_EX>();
handleInfo = new Win32Api.SYSTEM_HANDLE_TABLE_ENTRY_INFO_EX();
int infoSize = Marshal.SizeOf(handleInfo);
Type infoType = handleInfo.GetType();
for (long i = 0; i < handleCount; i++)
{
if (IS_64)
{
handleInfo = (Win32Api.SYSTEM_HANDLE_TABLE_ENTRY_INFO_EX)Marshal.PtrToStructure(_handle, infoType);
_handle = new IntPtr(_handle.ToInt64() + infoSize);
}
else
{
handleInfo = (Win32Api.SYSTEM_HANDLE_TABLE_ENTRY_INFO_EX)Marshal.PtrToStructure(_handle, infoType);
_handle = new IntPtr(_handle.ToInt32() + infoSize);
}
if (processId > 0 && handleInfo.UniqueProcessId.ToUInt32() != processId)
continue;
string name = GetObjectName(handleInfo);
if (name == null)
continue;
if (exactMatch)
{
if (!name.Equals(objectName))
continue;
}
else if (!name.Contains(objectName))
continue;
return new ObjectHandle(handleInfo);
}
}
finally
{
Marshal.FreeHGlobal(_info);
}
return null;
}
public static string GetObjectName(Win32Api.SYSTEM_HANDLE_TABLE_ENTRY_INFO_EX handle)
{
IntPtr _processHandle = Win32Api.OpenProcess(Win32Api.ProcessAccessFlags.All, false, handle.UniqueProcessId);
IntPtr _handle = IntPtr.Zero;
try
{
if (!Win32Api.DuplicateHandle(_processHandle, handle.HandleValue, Win32Api.GetCurrentProcess(), out _handle, 0, false, Win32Api.DUPLICATE_SAME_ACCESS))
{
return(null);
}
IntPtr _basic = IntPtr.Zero;
int nameLength = 0;
try
{
Win32Api.OBJECT_BASIC_INFORMATION basicInfo = new Win32Api.OBJECT_BASIC_INFORMATION();
_basic = Marshal.AllocHGlobal(Marshal.SizeOf(basicInfo));
Win32Api.NtQueryObject(_handle, (int)Win32Api.ObjectInformationClass.ObjectBasicInformation, _basic, Marshal.SizeOf(basicInfo), ref nameLength);
basicInfo = (Win32Api.OBJECT_BASIC_INFORMATION)Marshal.PtrToStructure(_basic, basicInfo.GetType());
nameLength = basicInfo.NameInformationLength;
}
finally
{
if (_basic != IntPtr.Zero)
{
Marshal.FreeHGlobal(_basic);
}
}
if (nameLength == 0)
{
return(null);
}
Win32Api.OBJECT_NAME_INFORMATION nameInfo = new Win32Api.OBJECT_NAME_INFORMATION();
IntPtr _objectName = Marshal.AllocHGlobal(nameLength);
try
{
while ((uint)(Win32Api.NtQueryObject(_handle, (int)Win32Api.ObjectInformationClass.ObjectNameInformation, _objectName, nameLength, ref nameLength)) == Win32Api.STATUS_INFO_LENGTH_MISMATCH)
{
Marshal.FreeHGlobal(_objectName);
_objectName = Marshal.AllocHGlobal(nameLength);
}
nameInfo = (Win32Api.OBJECT_NAME_INFORMATION)Marshal.PtrToStructure(_objectName, nameInfo.GetType());
}
finally
{
Marshal.FreeHGlobal(_objectName);
Win32Api.CloseHandle(_handle);
}
try
{
return(Marshal.PtrToStringUni(nameInfo.Name.Buffer, nameInfo.Name.Length >> 1));
}
catch
{
}
return(null);
}
finally
{
if (_processHandle != IntPtr.Zero)
{
Win32Api.CloseHandle(_processHandle);
}
}
}
public static IObjectHandle GetHandle(int processId, string objectName, bool exactMatch)
{
int infoLength = 0x10000;
int length = 0;
IntPtr _info = Marshal.AllocHGlobal(infoLength);
IntPtr _handle = IntPtr.Zero;
long handleCount = 0;
try
{
while ((Win32Api.NtQuerySystemInformation(CNST_SYSTEM_EXTENDED_HANDLE_INFORMATION, _info, infoLength, ref length)) == STATUS_INFO_LENGTH_MISMATCH)
{
infoLength = length;
Marshal.FreeHGlobal(_info);
_info = Marshal.AllocHGlobal(infoLength);
}
if (IS_64)
{
handleCount = Marshal.ReadInt64(_info);
_handle = new IntPtr(_info.ToInt64() + 16);
}
else
{
handleCount = Marshal.ReadInt32(_info);
_handle = new IntPtr(_info.ToInt32() + 8);
}
Win32Api.SYSTEM_HANDLE_TABLE_ENTRY_INFO_EX handleInfo;
List <Win32Api.SYSTEM_HANDLE_TABLE_ENTRY_INFO_EX> handles = new List <Win32Api.SYSTEM_HANDLE_TABLE_ENTRY_INFO_EX>();
handleInfo = new Win32Api.SYSTEM_HANDLE_TABLE_ENTRY_INFO_EX();
int infoSize = Marshal.SizeOf(handleInfo);
Type infoType = handleInfo.GetType();
for (long i = 0; i < handleCount; i++)
{
if (IS_64)
{
handleInfo = (Win32Api.SYSTEM_HANDLE_TABLE_ENTRY_INFO_EX)Marshal.PtrToStructure(_handle, infoType);
_handle = new IntPtr(_handle.ToInt64() + infoSize);
}
else
{
handleInfo = (Win32Api.SYSTEM_HANDLE_TABLE_ENTRY_INFO_EX)Marshal.PtrToStructure(_handle, infoType);
_handle = new IntPtr(_handle.ToInt32() + infoSize);
}
if (processId > 0 && handleInfo.UniqueProcessId.ToUInt32() != processId)
{
continue;
}
string name = GetObjectName(handleInfo);
if (name == null)
{
continue;
}
if (exactMatch)
{
if (!name.Equals(objectName))
{
continue;
}
}
else if (!name.Contains(objectName))
{
continue;
}
return(new ObjectHandle(handleInfo));
}
}
finally
{
Marshal.FreeHGlobal(_info);
}
return(null);
}
public ObjectHandle(Win32Api.SYSTEM_HANDLE_TABLE_ENTRY_INFO_EX info)
{
this.handleInfo = info;
}
