public static void ShowHandleProperties(SystemHandleEntry handleInfo)
{
try
{
IntPtr handle = new IntPtr(handleInfo.Handle);
ProcessHandle phandle = new ProcessHandle(handleInfo.ProcessId, ProcessAccess.DupHandle);
GenericHandle dupHandle = null;
// Try to get a handle, since we need one for security editing.
try
{
dupHandle = new GenericHandle(phandle, handle, 0);
}
catch
{ }
PropSheetHeader64 header = new PropSheetHeader64
{
dwSize = (uint)PropSheetHeader64.SizeOf,
nPages = 2,
dwFlags = (uint)PropSheetFlags.PSH_DEFAULT,
pszCaption = "Handle Properties"
};
using (HandleDetails hw = new HandleDetails())
{
hw.ObjectHandle = handleInfo;
hw.HandlePropertiesCallback += (control, name, typeName) =>
{
switch (typeName.ToLowerInvariant())
{
// Objects with separate property windows:
case "file":
case "job":
case "key":
case "token":
case "process":
{
Button b = new Button
{
FlatStyle = FlatStyle.System,
Text = "Properties"
};
b.Click += (sender, e) =>
{
try
{
switch (typeName.ToLowerInvariant())
{
case "file":
{
FileUtils.ShowProperties(name);
}
break;
case "job":
{
dupHandle = new GenericHandle(phandle, handle, (int)JobObjectAccess.Query);
(new JobWindow(JobObjectHandle.FromHandle(dupHandle))).ShowDialog();
}
break;
case "key":
{
try
{
PhUtils.OpenKeyInRegedit(PhUtils.GetForegroundWindow(), name);
}
catch (Exception ex)
{
PhUtils.ShowException("Unable to open the Registry Editor", ex);
}
}
break;
case "token":
{
using (TokenWindow twindow = new TokenWindow(new RemoteTokenHandle(phandle, handle)))
{
twindow.ShowDialog();
}
}
break;
case "process":
{
dupHandle = new GenericHandle(phandle, handle, (int)OSVersion.MinProcessQueryInfoAccess);
int pid = ProcessHandle.FromHandle(dupHandle).ProcessId;
Program.GetProcessWindow(Program.ProcessProvider.Dictionary[pid], Program.FocusWindow);
}
break;
}
}
catch (Exception ex)
{
PhUtils.ShowException("Unable to show object properties", ex);
}
};
control.Controls.Add(b);
}
break;
case "event":
{
dupHandle = new GenericHandle(phandle, handle, (int)EventAccess.QueryState);
var eventProps = new EventProperties(EventHandle.FromHandle(dupHandle));
control.Controls.Add(eventProps);
}
break;
case "eventpair":
{
dupHandle = new GenericHandle(phandle, handle, (int)EventPairAccess.All);
var eventPairProps = new EventPairProperties(EventPairHandle.FromHandle(dupHandle));
control.Controls.Add(eventPairProps);
}
break;
case "mutant":
{
dupHandle = new GenericHandle(phandle, handle, (int)MutantAccess.QueryState);
var mutantProps = new MutantProperties(MutantHandle.FromHandle(dupHandle));
control.Controls.Add(mutantProps);
}
break;
case "section":
{
dupHandle = new GenericHandle(phandle, handle, (int)SectionAccess.Query);
var sectionProps = new SectionProperties(SectionHandle.FromHandle(dupHandle));
control.Controls.Add(sectionProps);
}
break;
case "semaphore":
{
dupHandle = new GenericHandle(phandle, handle, (int)SemaphoreAccess.QueryState);
var semaphoreProps = new SemaphoreProperties(SemaphoreHandle.FromHandle(dupHandle));
control.Controls.Add(semaphoreProps);
}
break;
case "timer":
{
dupHandle = new GenericHandle(phandle, handle, (int)TimerAccess.QueryState);
var timerProps = new TimerProperties(TimerHandle.FromHandle(dupHandle));
control.Controls.Add(timerProps);
}
break;
case "tmrm":
{
dupHandle = new GenericHandle(phandle, handle, (int)ResourceManagerAccess.QueryInformation);
var tmRmProps = new TmRmProperties(ResourceManagerHandle.FromHandle(dupHandle));
control.Controls.Add(tmRmProps);
}
break;
case "tmtm":
{
dupHandle = new GenericHandle(phandle, handle, (int)TmAccess.QueryInformation);
var tmTmProps = new TmTmProperties(TmHandle.FromHandle(dupHandle));
control.Controls.Add(tmTmProps);
}
break;
}
};
hw.Init();
IntPtr[] pages = new IntPtr[2];
pages[0] = hw.CreatePageHandle();
pages[1] = CreateSecurityPage(SecurityEditor.EditSecurity2(
null,
SecurityEditor.GetSecurableWrapper(dupHandle),
hw._name,
NativeTypeFactory.GetAccessEntries(NativeTypeFactory.GetObjectType(hw._typeName))
));
GCHandle gch = GCHandle.Alloc(pages, GCHandleType.Pinned);
header.phpage = gch.AddrOfPinnedObject();
PropertySheetW(ref header);
if (dupHandle != null)
{
dupHandle.Dispose();
}
}
}
catch (Exception ex)
{
PhUtils.ShowException("Unable to show handle properties", ex);
}
}
public static void ShowHandleProperties(SystemHandleEntry handleInfo)
{
try
{
HandlePropertiesWindow window = new HandlePropertiesWindow(handleInfo);
IntPtr handle = new IntPtr(handleInfo.Handle);
ProcessHandle phandle = new ProcessHandle(handleInfo.ProcessId, ProcessAccess.DupHandle);
GenericHandle dupHandle = null;
window.HandlePropertiesCallback += (control, name, typeName) =>
{
switch (typeName.ToLower())
{
case "file":
case "job":
case "key":
case "token":
case "process":
{
Button b = new Button();
b.FlatStyle = FlatStyle.System;
b.Text = "Properties...";
b.Click += (sender, e) =>
{
try
{
switch (typeName.ToLower())
{
case "file":
{
FileUtils.ShowProperties(name);
}
break;
case "job":
{
dupHandle =
new GenericHandle(
phandle, handle,
(int)JobObjectAccess.Query);
(new JobWindow(JobObjectHandle.FromHandle(dupHandle))).ShowDialog();
}
break;
case "key":
{
try
{
PhUtils.OpenKeyInRegedit(Form.ActiveForm, name);
}
catch (Exception ex)
{
PhUtils.ShowException("Unable to open the Registry Editor", ex);
}
}
break;
case "token":
{
(new TokenWindow(new RemoteTokenHandle(phandle,
handle))).ShowDialog();
}
break;
case "process":
{
int pid;
if (KProcessHacker.Instance != null)
{
pid = KProcessHacker.Instance.KphGetProcessId(phandle, handle);
}
else
{
dupHandle =
new GenericHandle(
phandle, handle,
(int)OSVersion.MinProcessQueryInfoAccess);
pid = ProcessHandle.FromHandle(dupHandle).GetProcessId();
}
Program.GetProcessWindow(Program.ProcessProvider.Dictionary[pid],
(f) => Program.FocusWindow(f));
}
break;
}
}
catch (Exception ex)
{
PhUtils.ShowException("Unable to show object properties", ex);
}
};
control.Controls.Add(b);
}
break;
case "event":
{
dupHandle = new GenericHandle(phandle, handle, (int)EventAccess.QueryState);
var eventProps = new EventProperties(EventHandle.FromHandle(dupHandle));
control.Controls.Add(eventProps);
}
break;
case "eventpair":
{
dupHandle = new GenericHandle(phandle, handle, (int)EventPairAccess.All);
var eventPairProps = new EventPairProperties(EventPairHandle.FromHandle(dupHandle));
control.Controls.Add(eventPairProps);
}
break;
case "mutant":
{
dupHandle = new GenericHandle(phandle, handle, (int)MutantAccess.QueryState);
var mutantProps = new MutantProperties(MutantHandle.FromHandle(dupHandle));
control.Controls.Add(mutantProps);
}
break;
case "section":
{
dupHandle = new GenericHandle(phandle, handle, (int)SectionAccess.Query);
var sectionProps = new SectionProperties(SectionHandle.FromHandle(dupHandle));
control.Controls.Add(sectionProps);
}
break;
case "semaphore":
{
dupHandle = new GenericHandle(phandle, handle, (int)SemaphoreAccess.QueryState);
var semaphoreProps = new SemaphoreProperties(SemaphoreHandle.FromHandle(dupHandle));
control.Controls.Add(semaphoreProps);
}
break;
case "timer":
{
dupHandle = new GenericHandle(phandle, handle, (int)TimerAccess.QueryState);
var timerProps = new TimerProperties(TimerHandle.FromHandle(dupHandle));
control.Controls.Add(timerProps);
}
break;
case "tmrm":
{
dupHandle = new GenericHandle(phandle, handle, (int)ResourceManagerAccess.QueryInformation);
var tmRmProps = new TmRmProperties(ResourceManagerHandle.FromHandle(dupHandle));
control.Controls.Add(tmRmProps);
}
break;
case "tmtm":
{
dupHandle = new GenericHandle(phandle, handle, (int)TmAccess.QueryInformation);
var tmTmProps = new TmTmProperties(TmHandle.FromHandle(dupHandle));
control.Controls.Add(tmTmProps);
}
break;
}
};
if (dupHandle == null)
{
try { dupHandle = new GenericHandle(phandle, handle, 0); }
catch { }
}
window.ObjectHandle = dupHandle;
window.ShowDialog();
if (dupHandle != null)
dupHandle.Dispose();
}
catch (Exception ex)
{
PhUtils.ShowException("Unable to show handle properties", ex);
}
}
public static void ShowHandleProperties(SystemHandleEntry handleInfo)
{
try
{
HandlePropertiesWindow window = new HandlePropertiesWindow(handleInfo);
IntPtr handle = new IntPtr(handleInfo.Handle);
ProcessHandle phandle = new ProcessHandle(handleInfo.ProcessId, ProcessAccess.DupHandle);
GenericHandle dupHandle = null;
window.HandlePropertiesCallback += (control, name, typeName) =>
{
switch (typeName.ToLowerInvariant())
{
// Objects with separate property windows:
case "file":
case "job":
case "key":
case "token":
case "process":
{
Button b = new Button();
b.FlatStyle = FlatStyle.System;
b.Text = "Properties";
b.Click += (sender, e) =>
{
try
{
switch (typeName.ToLowerInvariant())
{
case "file":
{
FileUtils.ShowProperties(name);
}
break;
case "job":
{
dupHandle =
new GenericHandle(
phandle, handle,
(int)JobObjectAccess.Query);
(new JobWindow(JobObjectHandle.FromHandle(dupHandle))).ShowDialog();
}
break;
case "key":
{
try
{
PhUtils.OpenKeyInRegedit(PhUtils.GetForegroundWindow(), name);
}
catch (Exception ex)
{
PhUtils.ShowException("Unable to open the Registry Editor", ex);
}
}
break;
case "token":
{
(new TokenWindow(new RemoteTokenHandle(phandle,
handle))).ShowDialog();
}
break;
case "process":
{
int pid;
if (KProcessHacker.Instance != null)
{
pid = KProcessHacker.Instance.KphGetProcessId(phandle, handle);
}
else
{
dupHandle =
new GenericHandle(
phandle, handle,
(int)OSVersion.MinProcessQueryInfoAccess);
pid = ProcessHandle.FromHandle(dupHandle).GetProcessId();
}
Program.GetProcessWindow(Program.ProcessProvider.Dictionary[pid],
(f) => Program.FocusWindow(f));
}
break;
}
}
catch (Exception ex)
{
PhUtils.ShowException("Unable to show object properties", ex);
}
};
control.Controls.Add(b);
}
break;
case "event":
{
dupHandle = new GenericHandle(phandle, handle, (int)EventAccess.QueryState);
var eventProps = new EventProperties(EventHandle.FromHandle(dupHandle));
control.Controls.Add(eventProps);
}
break;
case "eventpair":
{
dupHandle = new GenericHandle(phandle, handle, (int)EventPairAccess.All);
var eventPairProps = new EventPairProperties(EventPairHandle.FromHandle(dupHandle));
control.Controls.Add(eventPairProps);
}
break;
case "mutant":
{
dupHandle = new GenericHandle(phandle, handle, (int)MutantAccess.QueryState);
var mutantProps = new MutantProperties(MutantHandle.FromHandle(dupHandle));
control.Controls.Add(mutantProps);
}
break;
case "section":
{
dupHandle = new GenericHandle(phandle, handle, (int)SectionAccess.Query);
var sectionProps = new SectionProperties(SectionHandle.FromHandle(dupHandle));
control.Controls.Add(sectionProps);
}
break;
case "semaphore":
{
dupHandle = new GenericHandle(phandle, handle, (int)SemaphoreAccess.QueryState);
var semaphoreProps = new SemaphoreProperties(SemaphoreHandle.FromHandle(dupHandle));
control.Controls.Add(semaphoreProps);
}
break;
case "timer":
{
dupHandle = new GenericHandle(phandle, handle, (int)TimerAccess.QueryState);
var timerProps = new TimerProperties(TimerHandle.FromHandle(dupHandle));
control.Controls.Add(timerProps);
}
break;
case "tmrm":
{
dupHandle = new GenericHandle(phandle, handle, (int)ResourceManagerAccess.QueryInformation);
var tmRmProps = new TmRmProperties(ResourceManagerHandle.FromHandle(dupHandle));
control.Controls.Add(tmRmProps);
}
break;
case "tmtm":
{
dupHandle = new GenericHandle(phandle, handle, (int)TmAccess.QueryInformation);
var tmTmProps = new TmTmProperties(TmHandle.FromHandle(dupHandle));
control.Controls.Add(tmTmProps);
}
break;
}
};
if (dupHandle == null)
{
// Try to get a handle, since we need one for security editing.
try { dupHandle = new GenericHandle(phandle, handle, 0); }
catch { }
}
window.ObjectHandle = dupHandle;
window.ShowDialog();
if (dupHandle != null)
{
dupHandle.Dispose();
}
}
catch (Exception ex)
{
PhUtils.ShowException("Unable to show handle properties", ex);
}
}
public static void ShowHandleProperties(SystemHandleEntry handleInfo)
{
try
{
IntPtr handle = new IntPtr(handleInfo.Handle);
ProcessHandle phandle = new ProcessHandle(handleInfo.ProcessId, ProcessAccess.DupHandle);
GenericHandle dupHandle = null;
// Try to get a handle, since we need one for security editing.
try
{
dupHandle = new GenericHandle(phandle, handle, 0);
}
catch
{ }
PropSheetHeader64 header = new PropSheetHeader64
{
dwSize = (uint)PropSheetHeader64.SizeOf,
nPages = 2,
dwFlags = (uint)PropSheetFlags.PSH_DEFAULT,
pszCaption = "Handle Properties"
};
using (HandleDetails hw = new HandleDetails())
{
hw.ObjectHandle = handleInfo;
hw.HandlePropertiesCallback += (control, name, typeName) =>
{
switch (typeName.ToLowerInvariant())
{
// Objects with separate property windows:
case "file":
case "job":
case "key":
case "token":
case "process":
{
Button b = new Button
{
FlatStyle = FlatStyle.System,
Text = "Properties"
};
b.Click += (sender, e) =>
{
try
{
switch (typeName.ToLowerInvariant())
{
case "file":
{
FileUtils.ShowProperties(name);
}
break;
case "job":
{
dupHandle = new GenericHandle(phandle, handle, (int)JobObjectAccess.Query);
(new JobWindow(JobObjectHandle.FromHandle(dupHandle))).ShowDialog();
}
break;
case "key":
{
try
{
PhUtils.OpenKeyInRegedit(PhUtils.GetForegroundWindow(), name);
}
catch (Exception ex)
{
PhUtils.ShowException("Unable to open the Registry Editor", ex);
}
}
break;
case "token":
{
using (TokenWindow twindow = new TokenWindow(new RemoteTokenHandle(phandle, handle)))
{
twindow.ShowDialog();
}
}
break;
case "process":
{
dupHandle = new GenericHandle(phandle, handle, (int)OSVersion.MinProcessQueryInfoAccess);
int pid = ProcessHandle.FromHandle(dupHandle).ProcessId;
Program.GetProcessWindow(Program.ProcessProvider.Dictionary[pid], Program.FocusWindow);
}
break;
}
}
catch (Exception ex)
{
PhUtils.ShowException("Unable to show object properties", ex);
}
};
control.Controls.Add(b);
}
break;
case "event":
{
dupHandle = new GenericHandle(phandle, handle, (int)EventAccess.QueryState);
var eventProps = new EventProperties(EventHandle.FromHandle(dupHandle));
control.Controls.Add(eventProps);
}
break;
case "eventpair":
{
dupHandle = new GenericHandle(phandle, handle, (int)EventPairAccess.All);
var eventPairProps = new EventPairProperties(EventPairHandle.FromHandle(dupHandle));
control.Controls.Add(eventPairProps);
}
break;
case "mutant":
{
dupHandle = new GenericHandle(phandle, handle, (int)MutantAccess.QueryState);
var mutantProps = new MutantProperties(MutantHandle.FromHandle(dupHandle));
control.Controls.Add(mutantProps);
}
break;
case "section":
{
dupHandle = new GenericHandle(phandle, handle, (int)SectionAccess.Query);
var sectionProps = new SectionProperties(SectionHandle.FromHandle(dupHandle));
control.Controls.Add(sectionProps);
}
break;
case "semaphore":
{
dupHandle = new GenericHandle(phandle, handle, (int)SemaphoreAccess.QueryState);
var semaphoreProps = new SemaphoreProperties(SemaphoreHandle.FromHandle(dupHandle));
control.Controls.Add(semaphoreProps);
}
break;
case "timer":
{
dupHandle = new GenericHandle(phandle, handle, (int)TimerAccess.QueryState);
var timerProps = new TimerProperties(TimerHandle.FromHandle(dupHandle));
control.Controls.Add(timerProps);
}
break;
case "tmrm":
{
dupHandle = new GenericHandle(phandle, handle, (int)ResourceManagerAccess.QueryInformation);
var tmRmProps = new TmRmProperties(ResourceManagerHandle.FromHandle(dupHandle));
control.Controls.Add(tmRmProps);
}
break;
case "tmtm":
{
dupHandle = new GenericHandle(phandle, handle, (int)TmAccess.QueryInformation);
var tmTmProps = new TmTmProperties(TmHandle.FromHandle(dupHandle));
control.Controls.Add(tmTmProps);
}
break;
}
};
hw.Init();
IntPtr[] pages = new IntPtr[2];
pages[0] = hw.CreatePageHandle();
pages[1] = CreateSecurityPage(SecurityEditor.EditSecurity2(
null,
SecurityEditor.GetSecurableWrapper(dupHandle),
hw._name,
NativeTypeFactory.GetAccessEntries(NativeTypeFactory.GetObjectType(hw._typeName))
));
GCHandle gch = GCHandle.Alloc(pages, GCHandleType.Pinned);
header.phpage = gch.AddrOfPinnedObject();
PropertySheetW(ref header);
if (dupHandle != null)
dupHandle.Dispose();
}
}
catch (Exception ex)
{
PhUtils.ShowException("Unable to show handle properties", ex);
}
}