Exetools  

Go Back   Exetools > General > General Discussion
Reload this Page how do you get a list of open file handles?
Register Forum Rules FAQ Calendar Mark Forums Read

Notices

 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #2  
Old 12-31-2005, 18:10
JuneMouse
 
Posts: n/a
well i read some thing about some one asking the same question some where
it was also describing the difference between ms oh.exe and sysinternals handle

i think one is usermode completely and other uses r0 procedures aka uses a driver
though i cannot find that article now ( i think you have to browse throug holy_fathers forum i think thats where i read about it but i am not sure )

but you can use the undocumented NtQuerySystemInformation() with info class 16
here is a code that was posted on osronline by Prasad Dabak long time back
that you can try out i dont have link i only have this code and referance
but google should fetch you the original thread

Code:
Hello,

Use NtQuerySystemInformation with information class
16. It returns list of handles for all the processes
in the system. The data is returned in the following
structure format.

typedef struct HandleInfo{
        ULONG Pid;
        USHORT  ObjectType;
        USHORT  HandleValue;
        PVOID ObjectPointer;
        ULONG AccessMask;
} HANDLEINFO, *PHANDLEINFO;

typedef struct SystemHandleInfo {
        ULONG nHandleEntries;
        HANDLEINFO HandleInfo[1];
} SYSTEMHANDLEINFO, *PSYSTEMHANDLEINFO;

Example code..

char Buffer[100000];

void HandleInformation()
{
        PSYSTEMHANDLEINFO pSystemHandleInfo;
        NTSTATUS rc;
        ULONG i;

        memset(Buffer, 0, sizeof(Buffer));

        rc=NtQuerySystemInformation(16,
                                                        Buffer,
                                                        sizeof(Buffer),
                                                        NULL);

        if (rc!=STATUS_SUCCESS) {
                printf("NtQuerySystemInformation failed,  rc=%x\n",
rc);
                return;
        }

        pSystemHandleInfo=(PSYSTEMHANDLEINFO)Buffer;

        printf("Number of Handle Entries = %x\n",
pSystemHandleInfo->nHandleEntries);

        printf("Pid       ObjType   ObjHnd    ObjPtr   
AccessMask\n");

        for (i=0; inHandleEntries; i++) {
                printf("%-8x  %-8x  %-8x  %-8x  %-8x\n",
pSystemHandleInfo->HandleInfo[i].Pid,
                                                                
pSystemHandleInfo->HandleInfo[i].ObjectType,
                                                                
pSystemHandleInfo->HandleInfo[i].HandleValue,
                                                        
pSystemHandleInfo->HandleInfo[i].ObjectPointer,
                                                                
pSystemHandleInfo->HandleInfo[i].AccessMask);
        }

        printf("\n\n");
}

authour Prasad Dabak (an answer in osronline regarding file handle enumeration)
Reply With Quote
 

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Threaded Mode Threaded Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Issue with IDB file watch list crashing IDA Chuck954 General Discussion 1 01-17-2019 01:20
File: *.htz ? (how to open it) hosiminh General Discussion 2 12-21-2004 06:17
LINK : fatal error LNK1104: cannot open file 'libcid.lib' Nilrem General Discussion 6 04-04-2004 23:17


All times are GMT +8. The time now is 23:35.

Aaron's homepage - Top

Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( Since 1998 )