Help Get handles of process
-
i have function
void CShowHandlesOfProc::AddHandlesToList(CListCtrl *m_list,DWORD pid) { int nItem=0; NTSTATUS status; PSYSTEM_HANDLE_INFORMATION handleInfo=new SYSTEM_HANDLE_INFORMATION; ULONG handleInfoSize ; HANDLE processHandle; ULONG i; _NtQuerySystemInformation NtQuerySystemInformation = (_NtQuerySystemInformation)GetLibraryProcAddress("ntdll.dll", "NtQuerySystemInformation"); _NtDuplicateObject NtDuplicateObject = (_NtDuplicateObject)GetLibraryProcAddress("ntdll.dll", "NtDuplicateObject"); _NtQueryObject NtQueryObject = (_NtQueryObject)GetLibraryProcAddress("ntdll.dll", "NtQueryObject"); if(!(processHandle = OpenProcess(PROCESS_DUP_HANDLE|PROCESS_QUERY_INFORMATION|PROCESS_VM_READ,FALSE,pid))) return; // handleInfo = (PSYSTEM_HANDLE_INFORMATION)malloc(handleInfoSize); //while((status = NtQuerySystemInformation(SystemHandleInformation,handleInfo,handleInfoSize,NULL)) == STATUS_INFO_LENGTH_MISMATCH) //handleInfo = (PSYSTEM_HANDLE_INFORMATION)realloc(handleInfo, handleInfoSize *= 2); DWORD size=sizeof(SYSTEM_HANDLE_INFORMATION); DWORD needed=0; status = NtQuerySystemInformation(SystemHandleInformation,handleInfo,size,&needed); if(!NT_SUCCESS(status)) { if(needed==0) return ; delete handleInfo; size = needed + 1024; handleInfo= (PSYSTEM_HANDLE_INFORMATION)new BYTE[size]; status = NtQuerySystemInformation(SystemHandleInformation,handleInfo,size,&needed); if(status==STATUS_INFO_LENGTH_MISMATCH) MessageBox(L"Khong du Length cho NtQuerySystem"); if(!NT_SUCCESS(status)) { delete handleInfo; return; } } for(i = 0; i < handleInfo->HandleCount; i++) { SYSTEM_HANDLE handle = handleInfo->Handles[i]; HANDLE dupHandle = NULL; POBJECT_TYPE_INFORMATION objectTypeInfo=new OBJECT_TYPE_INFORMATION; DWORD sizeType=0; PVOID objectNameInfo; UNICODE_STRING objectName; ULONG returnLength; if(handle.ProcessId != pid) continue; status=NtDuplicateObject( processHandle, (HANDLE)handle.Handle, GetCurrentProcess(), &dupHandle, 0, 0, 0 ); /* if (status=STATUS_ACCESS_DENIED) { MessageBox(L"deny access handle"); continue; -
i have function
void CShowHandlesOfProc::AddHandlesToList(CListCtrl *m_list,DWORD pid) { int nItem=0; NTSTATUS status; PSYSTEM_HANDLE_INFORMATION handleInfo=new SYSTEM_HANDLE_INFORMATION; ULONG handleInfoSize ; HANDLE processHandle; ULONG i; _NtQuerySystemInformation NtQuerySystemInformation = (_NtQuerySystemInformation)GetLibraryProcAddress("ntdll.dll", "NtQuerySystemInformation"); _NtDuplicateObject NtDuplicateObject = (_NtDuplicateObject)GetLibraryProcAddress("ntdll.dll", "NtDuplicateObject"); _NtQueryObject NtQueryObject = (_NtQueryObject)GetLibraryProcAddress("ntdll.dll", "NtQueryObject"); if(!(processHandle = OpenProcess(PROCESS_DUP_HANDLE|PROCESS_QUERY_INFORMATION|PROCESS_VM_READ,FALSE,pid))) return; // handleInfo = (PSYSTEM_HANDLE_INFORMATION)malloc(handleInfoSize); //while((status = NtQuerySystemInformation(SystemHandleInformation,handleInfo,handleInfoSize,NULL)) == STATUS_INFO_LENGTH_MISMATCH) //handleInfo = (PSYSTEM_HANDLE_INFORMATION)realloc(handleInfo, handleInfoSize *= 2); DWORD size=sizeof(SYSTEM_HANDLE_INFORMATION); DWORD needed=0; status = NtQuerySystemInformation(SystemHandleInformation,handleInfo,size,&needed); if(!NT_SUCCESS(status)) { if(needed==0) return ; delete handleInfo; size = needed + 1024; handleInfo= (PSYSTEM_HANDLE_INFORMATION)new BYTE[size]; status = NtQuerySystemInformation(SystemHandleInformation,handleInfo,size,&needed); if(status==STATUS_INFO_LENGTH_MISMATCH) MessageBox(L"Khong du Length cho NtQuerySystem"); if(!NT_SUCCESS(status)) { delete handleInfo; return; } } for(i = 0; i < handleInfo->HandleCount; i++) { SYSTEM_HANDLE handle = handleInfo->Handles[i]; HANDLE dupHandle = NULL; POBJECT_TYPE_INFORMATION objectTypeInfo=new OBJECT_TYPE_INFORMATION; DWORD sizeType=0; PVOID objectNameInfo; UNICODE_STRING objectName; ULONG returnLength; if(handle.ProcessId != pid) continue; status=NtDuplicateObject( processHandle, (HANDLE)handle.Handle, GetCurrentProcess(), &dupHandle, 0, 0, 0 ); /* if (status=STATUS_ACCESS_DENIED) { MessageBox(L"deny access handle"); continue;After this statement
status = NtQuerySystemInformation(SystemHandleInformation,handleInfo,size,&needed);the count is
handleInfo->HandleCount=39337
Your code then goes on to examine each of the handles to check if it belongs to the PID. After finding 26 handles, your code crashes in malloc with
ENOMEM. As far as I can tell, up until then the bufferobjectTypeInfo->Name.Buffercontains valid strings. So the good news is, your code seems to be working. Maybe you could search for the specific APIs you're using, and check if you're calling them correctly? It looks like you're not freeing some memory buffer.Best wishes, Hans
-
After this statement
status = NtQuerySystemInformation(SystemHandleInformation,handleInfo,size,&needed);the count is
handleInfo->HandleCount=39337
Your code then goes on to examine each of the handles to check if it belongs to the PID. After finding 26 handles, your code crashes in malloc with
ENOMEM. As far as I can tell, up until then the bufferobjectTypeInfo->Name.Buffercontains valid strings. So the good news is, your code seems to be working. Maybe you could search for the specific APIs you're using, and check if you're calling them correctly? It looks like you're not freeing some memory buffer.Best wishes, Hans
i try free objectTypeInfo but still stack over flow.. can you help me?.. so hard to use this Undocument Api.... :sigh:
-
i try free objectTypeInfo but still stack over flow.. can you help me?.. so hard to use this Undocument Api.... :sigh:
Send me your email address and I will email some code. Please send to hdietrich@gmail.com
Best wishes, Hans
-
Send me your email address and I will email some code. Please send to hdietrich@gmail.com
Best wishes, Hans
i sent code for you...plz help me :) thanks so much