private static IEnumerable <string> EnumNameList(SafeKernelObjectHandle handle) { int size = 522; for (int i = 0; i < 10; ++i) { using (var buffer = new SafeHGlobalBuffer(size)) { NtStatus status = NtSystemCalls.NtUserBuildNameList(handle, buffer.Length, buffer, out size); if (!status.IsSuccess()) { if (status == NtStatus.STATUS_BUFFER_TOO_SMALL) { continue; } status.ToNtException(); } int total_count = buffer.Read <int>(4); int offset = 8; while (total_count > 0) { string name = buffer.ReadNulTerminatedUnicodeString((ulong)offset); yield return(name); offset += (name.Length + 1) * 2; total_count--; } yield break; } } throw new NtException(NtStatus.STATUS_NO_MEMORY); }
/// <summary> /// Get a list of handles /// </summary> /// <param name="pid">A process ID to filter on. If -1 will get all handles</param> /// <param name="allow_query">True to allow the handles returned to query for certain properties</param> /// <returns>The list of handles</returns> public static IEnumerable <NtHandle> GetHandles(int pid, bool allow_query) { using (SafeHGlobalBuffer handle_info = new SafeHGlobalBuffer(0x10000)) { AllocateSafeBuffer(handle_info, SystemInformationClass.SystemHandleInformation); int handle_count = handle_info.Read <Int32>(0); SystemHandleTableInfoEntry[] handles = new SystemHandleTableInfoEntry[handle_count]; handle_info.ReadArray((ulong)IntPtr.Size, handles, 0, handle_count); return(handles.Where(h => pid == -1 || h.UniqueProcessId == pid).Select(h => new NtHandle(h, allow_query))); } }