/// <summary>
/// Returns a collection of handles that are currently active within the system
/// </summary>
/// <returns>A collection of active handles</returns>
public static ICollection <HandleInfo> GetHandles()
{
byte[] buffer;
NtStatus status;
int size = 1024;
uint actualSize = 0;
do
{
buffer = new byte[size];
status = NtDll.NtQuerySystemInformation(SystemInformationType.HandleInformation, buffer,
Convert.ToUInt32(size), ref actualSize);
if (status != NtStatus.Success && status != NtStatus.BufferTooSmall &&
status != NtStatus.InfoLengthMismatch)
{
throw new Win32Exception("Could not retrieve system handle information");
}
size = Convert.ToInt32(actualSize);
} while (status != NtStatus.Success);
int count = Seriz.Parse <int>(buffer);
NtDll.SystemHandle[] systemHandles = Seriz.Parse <NtDll.SystemHandle>(buffer.Skip(4).ToArray(), count);
List <HandleInfo> results = new List <HandleInfo>();
foreach (var handle in systemHandles)
{
results.Add(new HandleInfo(Convert.ToInt32(handle.ProcessId), handle.Type,
new IntPtr(handle.Handle), handle.AccessMask));
}
return(results);
}
public static unsafe void VisitProcesses(ResizeableBuffer resizeableBuffer, SystemProcInfoVisitor visit)
{
var size = 100 * 1024;
while (true)
{
var buffer = resizeableBuffer.Get(ref size, false);
fixed(byte *ptr = buffer)
{
var status = NtDll.NtQuerySystemInformation(
SYSTEM_INFORMATION_CLASS.SystemProcessInformation,
(IntPtr)ptr,
buffer.Length,
out size);
if (status == NtStatus.STATUS_INFO_LENGTH_MISMATCH)
{
continue;
}
if (!status.IsSuccessful())
{
throw new InvalidOperationException($"Can't query SystemProcessInformation. NtStatus: 0x{status:X}");
}
VisitProcesses(ptr, buffer, visit);
return;
}
}
}
public NhaamaHandle[] GetHandles()
{
var handles = new List <NhaamaHandle>();
var nHandleInfoSize = 0x10000;
var ipHandlePointer = Marshal.AllocHGlobal(nHandleInfoSize);
var nLength = 0;
IntPtr ipHandle;
while ((NtDll.NtQuerySystemInformation(SYSTEM_INFORMATION_CLASS.SystemHandleInformation, ipHandlePointer, nHandleInfoSize, ref nLength)) == NtStatus.InfoLengthMismatch)
{
nHandleInfoSize = nLength;
Marshal.FreeHGlobal(ipHandlePointer);
ipHandlePointer = Marshal.AllocHGlobal(nLength);
}
byte[] baTemp = new byte[nLength];
Marshal.Copy(ipHandlePointer, baTemp, 0, nLength);
long lHandleCount;
if (Is64BitProcess())
{
lHandleCount = Marshal.ReadInt64(ipHandlePointer);
ipHandle = new IntPtr(ipHandlePointer.ToInt64() + 8);
}
else
{
lHandleCount = Marshal.ReadInt32(ipHandlePointer);
ipHandle = new IntPtr(ipHandlePointer.ToInt32() + 4);
}
SYSTEM_HANDLE_INFORMATION shHandle;
List <SYSTEM_HANDLE_INFORMATION> test = new List <SYSTEM_HANDLE_INFORMATION>();
for (long lIndex = 0; lIndex < lHandleCount; lIndex++)
{
shHandle = new SYSTEM_HANDLE_INFORMATION();
if (Is64BitProcess())
{
shHandle = (SYSTEM_HANDLE_INFORMATION)Marshal.PtrToStructure(ipHandle, shHandle.GetType());
ipHandle = new IntPtr(ipHandle.ToInt64() + Marshal.SizeOf(shHandle) + 8);
}
else
{
ipHandle = new IntPtr(ipHandle.ToInt64() + Marshal.SizeOf(shHandle));
shHandle = (SYSTEM_HANDLE_INFORMATION)Marshal.PtrToStructure(ipHandle, shHandle.GetType());
}
if (shHandle.ProcessID != BaseProcess.Id)
{
continue;
}
try
{
test.Add(shHandle);
}
catch
{
// ignored
}
}
foreach (var systemHandleInformation in test)
{
try
{
handles.Add(new NhaamaHandle(new IntPtr(systemHandleInformation.Handle), this));
}
catch
{
//ignored
}
}
return(handles.ToArray());
}