private static string GetNameFromHandle(SafeGenericHandle handle) { uint length; NativeMethods.NtQueryObject( handle, OBJECT_INFORMATION_CLASS.ObjectNameInformation, IntPtr.Zero, 0, out length); IntPtr ptr = IntPtr.Zero; try { try { } finally { ptr = Marshal.AllocHGlobal((int)length); } if (NativeMethods.NtQueryObject( handle, OBJECT_INFORMATION_CLASS.ObjectNameInformation, ptr, length, out length) != NTSTATUS.STATUS_SUCCESS) { return(null); } var unicodeStringName = (UNICODE_STRING)Marshal.PtrToStructure(ptr, typeof(UNICODE_STRING)); return(unicodeStringName.ToString()); } finally { Marshal.FreeHGlobal(ptr); } }
internal static extern bool DuplicateHandle( [In] SafeGenericHandle sourceProcessHandle, [In] IntPtr sourceHandle, [In] SafeGenericHandle targetProcessHandle, [Out] out SafeGenericHandle targetHandle, [In] uint desiredAccess, [In, MarshalAs(UnmanagedType.Bool)] bool inheritHandle, [In] DUPLICATE_HANDLE_OPTIONS options);
public Handle(ulong processId, ulong handle, ushort rawType) { ProcessId = (uint)processId; RawHandleValue = (uint)handle; RawType = rawType; using (var sourceProcessHandle = NativeMethods.OpenProcess(PROCESS_ACCESS_RIGHTS.PROCESS_DUP_HANDLE, true, ProcessId)) { // To read info about a handle owned by another process we must duplicate it into ours if (!NativeMethods.DuplicateHandle(sourceProcessHandle, (IntPtr)RawHandleValue, NativeMethods.GetCurrentProcess(), out _inProcessSafeHandle, 0, false, DUPLICATE_HANDLE_OPTIONS.DUPLICATE_SAME_ACCESS)) { _inProcessSafeHandle = null; } } }
public Handle(ulong processId, ulong handle, ushort rawType) { ProcessId = (uint) processId; RawHandleValue = (uint) handle; RawType = rawType; using (var sourceProcessHandle = NativeMethods.OpenProcess(PROCESS_ACCESS_RIGHTS.PROCESS_DUP_HANDLE, true, ProcessId)) { // To read info about a handle owned by another process we must duplicate it into ours if (!NativeMethods.DuplicateHandle(sourceProcessHandle, (IntPtr)RawHandleValue, NativeMethods.GetCurrentProcess(), out _inProcessSafeHandle, 0, false, DUPLICATE_HANDLE_OPTIONS.DUPLICATE_SAME_ACCESS)) { _inProcessSafeHandle = null; } } }
private static string GetTypeFromHandle(SafeGenericHandle handle) { uint length; NativeMethods.NtQueryObject(handle, OBJECT_INFORMATION_CLASS.ObjectTypeInformation, IntPtr.Zero, 0, out length); IntPtr ptr = IntPtr.Zero; try { try { } finally { ptr = Marshal.AllocHGlobal((int)length); } if (NativeMethods.NtQueryObject(handle, OBJECT_INFORMATION_CLASS.ObjectTypeInformation, ptr, length, out length) != NTSTATUS.STATUS_SUCCESS) { return null; } var typeInformation = (PUBLIC_OBJECT_TYPE_INFORMATION) Marshal.PtrToStructure(ptr, typeof(PUBLIC_OBJECT_TYPE_INFORMATION)); return typeInformation.TypeName.ToString(); } finally { Marshal.FreeHGlobal(ptr); } }
internal static extern NTSTATUS NtQueryObject( [In] SafeGenericHandle handle, [In] OBJECT_INFORMATION_CLASS objectInformationClass, [In] IntPtr objectInformation, [In] uint objectInformationLength, [Out] out uint returnLength);