Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Enumerating handles in processes (C++) like procxp does

378 views
Skip to first unread message

Schirp Dikkers

unread,
Jun 20, 2008, 5:11:38 AM6/20/08
to
Hi,

I need to be able to scan all processes to find specific handles (by
name). More specifically, I'm searching for which application is using
which serial port or virtual serial port.

Process Explorer can do it, show the handles (with name) of a process,
there I can find "Serialx" or "VCPx". But our clients do not have
Process explorer (and we are not allowed to give it to them).

Can someone help me with this? (C++)

I found the function EnumProcesses to enumerate all running processes.
I also found on several places that I need to use the
ZwQuerySystemInformation function with parameter
SystemHandleInformation. I DO find this function on MSDN, but I can't
seem to find a header file or something alike that declares this function.

I did install the Windows DDK but there, I can't find anything.

It should certainly work on 2K & XP & possibly Vista.

Can anyone help me with this?
Thanks in advance.

Cheers,
Dirk.

Christian ASTOR

unread,
Jun 20, 2008, 5:29:21 AM6/20/08
to
On 20 juin, 11:11, Schirp Dikkers <schirp.dikk...@wortels.nl> wrote:
> Hi,
>
> I need to be able to scan all processes to find specific handles (by
> name). More specifically, I'm searching for which application is using
> which serial port or virtual serial port.
>
> Process Explorer can do it, show the handles (with name) of a process,
> there I can find "Serialx" or "VCPx". But our clients do not have
> Process explorer (and we are not allowed to give it to them).
>
> Can someone help me with this? (C++)
>
> I found the function EnumProcesses to enumerate all running processes.
> I also found on several places that I need to use the
> ZwQuerySystemInformation function with parameter
> SystemHandleInformation. I DO find this function on MSDN, but I can't
> seem to find a header file or something alike that declares this function.

Yes, you must use NtQuerySystemInformation() to enumerate the handle
table.
You just call it dynamically
Headers come mainly from the DDK .

typedef NTSTATUS (CALLBACK* NTQUERYSYSTEMINFORMATION) (
IN SYSTEM_INFORMATION_CLASS SystemInformationClass,
OUT PVOID SystemInformation,
IN ULONG SystemInformationLength,
OUT PULONG ReturnLength OPTIONAL
);

Schirp Dikkers

unread,
Jun 20, 2008, 5:45:37 AM6/20/08
to

> Yes, you must use NtQuerySystemInformation() to enumerate the handle
> table.
> You just call it dynamically
> Headers come mainly from the DDK .


Hey thanks, I was able to find and integrate that function, but now the
problem seems to be that SystemHandleInformation as the first parameter
is not (or no longer) accepted. How do I get the handles then?

Dirk.

Christian ASTOR

unread,
Jun 20, 2008, 2:43:43 PM6/20/08
to

e.g. =>

SYSTEM_HANDLE_INFORMATION * pSysHandleInfo = NULL;
DWORD nSize = 4096, nReturned ;

pSysHandleInfo = (SYSTEM_HANDLE_INFORMATION
*)HeapAlloc(GetProcessHeap(), 0, nSize);
if (pSysHandleInfo)
{
while (NtQuerySystemInformation(SystemHandleInformation,
pSysHandleInfo, nSize, &nReturned) == STATUS_INFO_LENGTH_MISMATCH)
{
HeapFree(GetProcessHeap(), 0, pSysHandleInfo);
nSize += 4096;
pSysHandleInfo = (SYSTEM_HANDLE_INFORMATION
*)HeapAlloc(GetProcessHeap(), 0, nSize);
}
// etc...

}


with

typedef struct _SYSTEM_HANDLE_TABLE_ENTRY_INFO {
USHORT UniqueProcessId;
USHORT CreatorBackTraceIndex;
UCHAR ObjectTypeIndex;
UCHAR HandleAttributes;
USHORT HandleValue;
PVOID Object;
ULONG GrantedAccess;
} SYSTEM_HANDLE_TABLE_ENTRY_INFO, *PSYSTEM_HANDLE_TABLE_ENTRY_INFO;

typedef struct _SYSTEM_HANDLE_INFORMATION {
ULONG NumberOfHandles;
SYSTEM_HANDLE_TABLE_ENTRY_INFO Handles[1];
} SYSTEM_HANDLE_INFORMATION, *PSYSTEM_HANDLE_INFORMATION;

and SYSTEM_INFORMATION_CLASS, for example,
http://www.reactos.org/generated/doxygen/d0/dd8/extypes_8h.html

Schirp Dikkers

unread,
Jun 30, 2008, 3:18:22 AM6/30/08
to
Hi Christian,

Thank you for your answer. I've been very sick so that's why it took a
week to read this.

But this doesn't answer the question or solve the problem.
My compiler doesn't seem to be able to find the
"SystemHandleInformation" constant you use in as the first parameter of
NtQuerySystemInformation. And if I find help about this function,
"SystemHandleInformation" isn't even shown in the docs.

I've searched my whole Program Files folder for all .h files (where all
the sdk's are) and no "SystemHandleInformation" constant showed up.

Or in other words, I don't have this same enum like this ReactOS site has.

Where do I get this constant? Or if it's no longer supported, what do I
need to replace it?

Thanks!

Christian ASTOR schreef:

Christian ASTOR

unread,
Jun 30, 2008, 6:06:02 AM6/30/08
to
On 30 juin, 09:18, Schirp Dikkers <schirp.dikk...@wortels.nl> wrote:

> Or in other words, I don't have this same enum like this ReactOS site has.

Just copy-paste the enum...

Schirp Dikkers

unread,
Jun 30, 2008, 6:34:58 AM6/30/08
to
I already did and got it to work, thanks.
The function seems to return some information (but I really don't think
it are all the handles), and I don't know how to get the handle-type and
handle-name.

Do you know how this is done?

Thanks

Christian ASTOR schreef:

Christian ASTOR

unread,
Jun 30, 2008, 7:38:22 AM6/30/08
to
On 30 juin, 12:34, Schirp Dikkers <schirp.dikk...@wortels.nl> wrote:
> I already did and got it to work, thanks.
> The function seems to return some information (but I really don't think
> it are all the handles), and I don't know how to get the handle-type and
> handle-name.
>
> Do you know how this is done?

NtOpenProcess() or OpenProcess() with PROCESS_DUP_HANDLE
NtDuplicateObject()
NtQueryObject()
(+ NtQueryInformationFile())

Schirp Dikkers

unread,
Jun 30, 2008, 11:14:31 AM6/30/08
to
Thanks Christian, it's not working yet, but now I'm getting there...

Christian ASTOR schreef:

0 new messages