/// <summary> /// 获得的hfile的值内容是进程中文件handle的下标 /// 绕一圈取真正的handle /// </summary> /// <param name="p_hfile"></param> /// <returns></returns> private unsafe int QueryFileHandle(IntPtr p_hfile) { try { byte[] _hfile = new byte[PtrSize]; int readedbtyes = 0; bool result = false; result = WinApi.ReadProcessMemory(processHandle.ToInt32(), p_hfile.ToInt32(), _hfile, PtrSize, ref readedbtyes); int idx_file = WinApi.ToInt32(_hfile); #region dllimport 各种outofmemory stackoverflow 还有 无法封送处理“parameter #2”: 内部限制: 结构太复杂或太大。 //SYSTEM_HANDLE_INFORMATION handleInfos = new SYSTEM_HANDLE_INFORMATION(); //uint size = Convert.ToUInt32(Marshal.SizeOf(handleInfos)); //uint len = 0; //int success = WinApi.ZwQuerySystemInformation(WinEnum.SYSTEMHANDLEINFORMATION, ref handleInfos, size, ref len); //List<SYSTEM_HANDLE> handles = handleInfos.SystemHandles.Where(e => e.dwProcessId == _process.Id).ToList(); #endregion #region com 未知原因,就是用不了 //SYSTEM_HANDLE_INFORMATION handleInfos2 = new SYSTEM_HANDLE_INFORMATION(); //var ComReader = new Reader(); //int pHandleInfos2 = 0; //ComReader.QueryProcessHandleInfo((uint)_process.Id, ref pHandleInfos2); //IntPtr p2 = new IntPtr(pHandleInfos2); //Marshal.PtrToStructure(p2, handleInfos2); #endregion #region cli var CliReader = new WinApiReader.WinApiReader(); var handleInfo = new SystemHandleInfo(); var ret = CliReader.QueryProcessHandleInfo(_process.Id, out handleInfo); #endregion //foreach (var handle_type in handleInfo.SystemHandles.Select(e => e.ObjectType).Distinct()) //{ // var handle = handleInfo.SystemHandles.Where(e => e.ObjectType == handle_type).First(); // ReadFileInfo(new IntPtr(handle.Value)); //} //ObjectType28 是file object var hfile = handleInfo.SystemHandles.Where(e => e.ObjectType == 28).ToList()[idx_file]; ReadFileInfo(new IntPtr(hfile.Value)); } catch (Exception ex) { Console.Out.WriteLine(ex); } return(0); }
public HandleViewModel(SystemHandleInfo info) { Info = info; }