private static IEnumerable <ProcessWin32Information.SYSTEM_HANDLE_INFORMATION> GetHandles(Process process) { var nHandleInfoSize = 0x10000; var ipHandlePointer = Marshal.AllocHGlobal(nHandleInfoSize); var nLength = 0; IntPtr ipHandle; while (ProcessWin32Information.NtQuerySystemInformation(CNST_SYSTEM_HANDLE_INFORMATION, ipHandlePointer, nHandleInfoSize, ref nLength) == ProcessWin32Information.STATUS_INFO_LENGTH_MISMATCH) { nHandleInfoSize = nLength; Marshal.FreeHGlobal(ipHandlePointer); ipHandlePointer = Marshal.AllocHGlobal(nLength); } var baTemp = new byte[nLength]; Marshal.Copy(ipHandlePointer, baTemp, 0, nLength); long lHandleCount; if (Is64Bits()) { lHandleCount = Marshal.ReadInt64(ipHandlePointer); ipHandle = new IntPtr(ipHandlePointer.ToInt64() + 8); } else { lHandleCount = Marshal.ReadInt32(ipHandlePointer); ipHandle = new IntPtr(ipHandlePointer.ToInt32() + 4); } var lstHandles = new List <ProcessWin32Information.SYSTEM_HANDLE_INFORMATION>(); for (long lIndex = 0; lIndex < lHandleCount; lIndex++) { var shHandle = new ProcessWin32Information.SYSTEM_HANDLE_INFORMATION(); if (Is64Bits()) { shHandle = (ProcessWin32Information.SYSTEM_HANDLE_INFORMATION)Marshal.PtrToStructure(ipHandle, shHandle.GetType()); ipHandle = new IntPtr(ipHandle.ToInt64() + Marshal.SizeOf(shHandle) + 8); } else { ipHandle = new IntPtr(ipHandle.ToInt64() + Marshal.SizeOf(shHandle)); shHandle = (ProcessWin32Information.SYSTEM_HANDLE_INFORMATION)Marshal.PtrToStructure(ipHandle, shHandle.GetType()); } if (shHandle.ProcessID != process.Id) { continue; } lstHandles.Add(shHandle); } return(lstHandles); }
private static string GetFilePath(ProcessWin32Information.SYSTEM_HANDLE_INFORMATION systemHandleInformation, Process process) { var ipProcessHwnd = ProcessWin32Information.OpenProcess(ProcessWin32Information.ProcessAccessFlags.All, false, process.Id); var objBasic = new ProcessWin32Information.OBJECT_BASIC_INFORMATION(); var objObjectType = new ProcessWin32Information.OBJECT_TYPE_INFORMATION(); var objObjectName = new ProcessWin32Information.OBJECT_NAME_INFORMATION(); var strObjectName = ""; var nLength = 0; IntPtr ipTemp, ipHandle; if (!ProcessWin32Information.DuplicateHandle(ipProcessHwnd, systemHandleInformation.Handle, ProcessWin32Information.GetCurrentProcess(), out ipHandle, 0, false, ProcessWin32Information.DUPLICATE_SAME_ACCESS)) { return(null); } IntPtr ipBasic = Marshal.AllocHGlobal(Marshal.SizeOf(objBasic)); ProcessWin32Information.NtQueryObject(ipHandle, (int)ProcessWin32Information.ObjectInformationClass.ObjectBasicInformation, ipBasic, Marshal.SizeOf(objBasic), ref nLength); objBasic = (ProcessWin32Information.OBJECT_BASIC_INFORMATION)Marshal.PtrToStructure(ipBasic, objBasic.GetType()); Marshal.FreeHGlobal(ipBasic); IntPtr ipObjectType = Marshal.AllocHGlobal(objBasic.TypeInformationLength); nLength = objBasic.TypeInformationLength; // this one never locks... while ((uint)(ProcessWin32Information.NtQueryObject(ipHandle, (int)ProcessWin32Information.ObjectInformationClass.ObjectTypeInformation, ipObjectType, nLength, ref nLength)) == ProcessWin32Information.STATUS_INFO_LENGTH_MISMATCH) { if (nLength == 0) { return(null); } Marshal.FreeHGlobal(ipObjectType); ipObjectType = Marshal.AllocHGlobal(nLength); } objObjectType = (ProcessWin32Information.OBJECT_TYPE_INFORMATION)Marshal.PtrToStructure(ipObjectType, objObjectType.GetType()); if (Is64Bits()) { ipTemp = new IntPtr(Convert.ToInt64(objObjectType.Name.Buffer.ToString(), 10) >> 32); } else { ipTemp = objObjectType.Name.Buffer; } var strObjectTypeName = Marshal.PtrToStringUni(ipTemp, objObjectType.Name.Length >> 1); Marshal.FreeHGlobal(ipObjectType); if (strObjectTypeName != "File") { return(null); } nLength = objBasic.NameInformationLength; var ipObjectName = Marshal.AllocHGlobal(nLength); // ...this call sometimes hangs. Is a Windows error. while ((uint)(ProcessWin32Information.NtQueryObject(ipHandle, (int)ProcessWin32Information.ObjectInformationClass.ObjectNameInformation, ipObjectName, nLength, ref nLength)) == ProcessWin32Information.STATUS_INFO_LENGTH_MISMATCH) { Marshal.FreeHGlobal(ipObjectName); if (nLength == 0) { return(null); } ipObjectName = Marshal.AllocHGlobal(nLength); } objObjectName = (ProcessWin32Information.OBJECT_NAME_INFORMATION)Marshal.PtrToStructure(ipObjectName, objObjectName.GetType()); if (Is64Bits()) { ipTemp = new IntPtr(Convert.ToInt64(objObjectName.Name.Buffer.ToString(), 10) >> 32); } else { ipTemp = objObjectName.Name.Buffer; } if (ipTemp != IntPtr.Zero) { var baTemp = new byte[nLength]; try { Marshal.Copy(ipTemp, baTemp, 0, nLength); strObjectName = Marshal.PtrToStringUni(Is64Bits() ? new IntPtr(ipTemp.ToInt64()) : new IntPtr(ipTemp.ToInt32())); } catch (AccessViolationException) { return(null); } finally { Marshal.FreeHGlobal(ipObjectName); ProcessWin32Information.CloseHandle(ipHandle); } } string path = GetRegularFileNameFromDevice(strObjectName); try { return(path); } catch { return(null); } }