Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- unsafe static IntPtr[] GetOpenedProcessHandles(Process targetProcess)
- {
- NtStatus status;
- IntPtr hProcess;
- var selfProc = Process.GetCurrentProcess();
- if (Kernel32.DuplicateHandle(Kernel32.CurrentProcess, Kernel32.CurrentProcess, Kernel32.CurrentProcess, out hProcess, 0, false, DuplicateOptions.DuplicateSameAccess)) {
- uint cb = 0x10000;
- do {
- byte[] buf;
- SystemHandleInformationEx* pshie;
- //union {
- // PVOID buf;
- // PSYSTEM_HANDLE_INFORMATION_EX pshie;
- //};
- buf = new byte[cb + 0x1000];
- fixed(byte* bufPtr = buf) {
- pshie = (SystemHandleInformationEx*)bufPtr;
- if (0 <= (status = NtDll.NtQuerySystemInformation(SystemInformationClass.SystemExtendedHandleInformation, bufPtr, cb, out cb))) {
- ulong NumberOfHandles = pshie->NumberOfHandles;
- if (NumberOfHandles != 0)
- {
- uint UniqueProcessId = (uint)selfProc.Id;
- SystemHandleInformationExEntry* Entry = pshie->Handles;
- do {
- if (Entry->HandleValue == (ulong)hProcess && Entry->UniqueProcessId == UniqueProcessId) {
- void* Object = Entry->Object;
- Entry = pshie->Handles;
- NumberOfHandles = pshie->NumberOfHandles;
- do {
- if (Object == Entry->Object && Entry->UniqueProcessId != UniqueProcessId) {
- Console.WriteLine(Entry->UniqueProcessId);
- }
- Entry++;
- } while ((--NumberOfHandles) != 0);
- break;
- }
- Entry++;
- } while ((--NumberOfHandles) != 0);
- }
- }
- }
- } while (status == NtStatus.INFO_LENGTH_MISMATCH);
- Kernel32.CloseHandle(hProcess);
- }
- return null;
- }
Advertisement
Add Comment
Please, Sign In to add comment
