private ulong FdGetProcessListSize()
{
IntPtr operationPointer = MarshalUtility.AllocEmptyStruct <KERNEL_PROCESS_LIST_REQUEST>();
int operationSize = Marshal.SizeOf <KERNEL_PROCESS_LIST_REQUEST>();
if (DeviceIoControl(hDriver, IO_PROCESS_LIST_REQUEST, operationPointer, operationSize, operationPointer, operationSize, IntPtr.Zero, IntPtr.Zero))
{
KERNEL_PROCESS_LIST_REQUEST operation = MarshalUtility.GetStructFromMemory <KERNEL_PROCESS_LIST_REQUEST>(operationPointer);
return(operation.ProcessListSize);
}
return(0);
}
public bool FdGetProcessList(out ProcessListItem[] result)
{
result = Array.Empty <ProcessListItem>();
ulong processListSize = FdGetProcessListSize();
if (processListSize <= 0)
{
return(false);
}
IntPtr processListPtr = MarshalUtility.AllocZeroFilled((int)processListSize);
KERNEL_PROCESS_LIST_REQUEST kplr = new KERNEL_PROCESS_LIST_REQUEST
{
ProcessListPtr = (ulong)processListPtr.ToInt64(),
ProcessListSize = processListSize
};
IntPtr kplrPointer = MarshalUtility.CopyStructToMemory(kplr);
int klprSize = Marshal.SizeOf <KERNEL_PROCESS_LIST_REQUEST>();
if (DeviceIoControl(hDriver, IO_PROCESS_LIST_REQUEST, kplrPointer, klprSize, kplrPointer, klprSize, IntPtr.Zero, IntPtr.Zero))
{
kplr = MarshalUtility.GetStructFromMemory <KERNEL_PROCESS_LIST_REQUEST>(kplrPointer);
if (kplr.ProcessListCount > 0)
{
byte[] managedBuffer = new byte[processListSize];
Marshal.Copy(processListPtr, managedBuffer, 0, (int)processListSize);
Marshal.FreeHGlobal(processListPtr);
result = new ProcessListItem[kplr.ProcessListCount];
using (BinaryReader reader = new BinaryReader(new MemoryStream(managedBuffer)))
{
for (int i = 0; i < result.Length; i++)
{
result[i] = ProcessListItem.FromByteStream(reader);
}
}
return(true);
}
}
return(false);
}