I am trying to enumerate over all system handles in Windows 64-bit with the following:
WinDef.ULONGByReference nBufferLength = new WinDef.ULONGByReference();
Memory pInfo = new Memory(4);
long ntStatus = -1;
while (ntStatus != 0 /* NT_SUCCESS */) {
ntStatus = NtDll.INSTANCE.NtQuerySystemInformation(
0x10, pInfo, (int) pInfo.size(), nBufferLength);
if (ntStatus == 0xC0000004 /*STATUS_INFO_LENGTH_MISMATCH*/) {
if (pInfo != Pointer.NULL) {
Native.free(Pointer.nativeValue(pInfo));
}
int bufferLength = nBufferLength.getValue().intValue();
pInfo = new Memory(bufferLength);
} else if (ntStatus != 0) {
throw new Win32Exception(Native.getLastError());
}
}
long handleCount = pInfo.getLong(0);
long handleAddress = Pointer.nativeValue(pInfo.share(8));
for (int i = 0; i < handleCount; i++) {
SYSTEM_HANDLE currentHandle = new SYSTEM_HANDLE(new Pointer(handleAddress));
System.out.println(handleAddress + "@" + currentHandle.ProcessId);
lpHandle += currentHandle.size();
}
But during the loop I always run into exit code -1073740940 (0xC0000374).
So, I saw the warning of the constructor Pointer(long peer)
, and I, not knowing what I'm doing, tried to switch the code to use share
instead of direct address manipulation. This is MASSIVELY slower and eventually stack overflows.
Here is my SYSTEM_HANDLE
structure:
public class SYSTEM_HANDLE extends Structure {
public WinDef.ULONG ProcessId;
public WinDef.BYTE ObjectTypeNumber;
public WinDef.BYTE Flags;
public WinDef.USHORT Handle;
public WinDef.PVOID Object;
public WinDef.DWORD GrantedAccess;
public SYSTEM_HANDLE(Pointer p) {
super(p);
read();
}
@Override
protected List<String> getFieldOrder() {
return Arrays.asList("ProcessId", "ObjectTypeNumber", "Flags",
"Handle", "Object", "GrantedAccess");
}
}
User contributions licensed under CC BY-SA 3.0