private int GetProcessListRequiredBufferSize()
{
IntPtr operationPointer = MarshalUtility.AllocEmptyStruct <KERNEL_PROCESS_LIST_OPERATION>();
int operationSize = Marshal.SizeOf <KERNEL_PROCESS_LIST_OPERATION>();
if (WinApi.DeviceIoControl(driverHandle, IO_GET_PROCESS_LIST, operationPointer, operationSize, operationPointer, operationSize, IntPtr.Zero, IntPtr.Zero))
{
KERNEL_PROCESS_LIST_OPERATION operation = MarshalUtility.GetStructFromMemory <KERNEL_PROCESS_LIST_OPERATION>(operationPointer);
if (operation.processCount == 0 && operation.bufferSize > 0)
{
return(operation.bufferSize);
}
}
return(0);
}
public bool GetProcessSummaryList(out ProcessSummary[] result)
{
result = new ProcessSummary[0];
if (driverHandle != WinApi.INVALID_HANDLE_VALUE)
{
int requiredBufferSize = GetProcessListRequiredBufferSize();
if (requiredBufferSize > 0)
{
IntPtr bufferPointer = MarshalUtility.AllocZeroFilled(requiredBufferSize);
KERNEL_PROCESS_LIST_OPERATION operation = new KERNEL_PROCESS_LIST_OPERATION
{
bufferAddress = (ulong)bufferPointer.ToInt64(),
bufferSize = requiredBufferSize
};
IntPtr operationPointer = MarshalUtility.CopyStructToMemory(operation);
int operationSize = Marshal.SizeOf <KERNEL_PROCESS_LIST_OPERATION>();
if (WinApi.DeviceIoControl(driverHandle, IO_GET_PROCESS_LIST, operationPointer, operationSize, operationPointer, operationSize, IntPtr.Zero, IntPtr.Zero))
{
operation = MarshalUtility.GetStructFromMemory <KERNEL_PROCESS_LIST_OPERATION>(operationPointer);
if (operation.processCount > 0)
{
byte[] managedBuffer = new byte[requiredBufferSize];
Marshal.Copy(bufferPointer, managedBuffer, 0, requiredBufferSize);
Marshal.FreeHGlobal(bufferPointer);
result = new ProcessSummary[operation.processCount];
using (BinaryReader reader = new BinaryReader(new MemoryStream(managedBuffer)))
{
for (int i = 0; i < result.Length; i++)
{
result[i] = ProcessSummary.FromStream(reader);
}
}
return(true);
}
}
}
}
return(false);
}
