Created
August 2, 2016 02:57
-
-
Save markhc/535b9b9a7408b08f38bcde1a213c7ce4 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <Windows.h> | |
| #include <Psapi.h> | |
| #include <ntstatus.h> | |
| #include <cstdint> | |
| #include <functional> | |
| #include <Shlwapi.h> | |
| #include <winternl.h> | |
| #pragma comment(lib, "ntdll.lib") | |
| #pragma comment(lib, "Shlwapi.lib") | |
| typedef struct _OBJECT_NAME_INFORMATION | |
| { | |
| UNICODE_STRING Name; | |
| } OBJECT_NAME_INFORMATION, *POBJECT_NAME_INFORMATION; | |
| typedef struct _OBJECT_TYPE_INFORMATION | |
| { | |
| UNICODE_STRING TypeName; | |
| ULONG TotalNumberOfObjects; | |
| ULONG TotalNumberOfHandles; | |
| ULONG TotalPagedPoolUsage; | |
| ULONG TotalNonPagedPoolUsage; | |
| ULONG TotalNamePoolUsage; | |
| ULONG TotalHandleTableUsage; | |
| ULONG HighWaterNumberOfObjects; | |
| ULONG HighWaterNumberOfHandles; | |
| ULONG HighWaterPagedPoolUsage; | |
| ULONG HighWaterNonPagedPoolUsage; | |
| ULONG HighWaterNamePoolUsage; | |
| ULONG HighWaterHandleTableUsage; | |
| ULONG InvalidAttributes; | |
| GENERIC_MAPPING GenericMapping; | |
| ULONG ValidAccessMask; | |
| BOOLEAN SecurityRequired; | |
| BOOLEAN MaintainHandleCount; | |
| ULONG PoolType; | |
| ULONG DefaultPagedPoolCharge; | |
| ULONG DefaultNonPagedPoolCharge; | |
| } OBJECT_TYPE_INFORMATION, *POBJECT_TYPE_INFORMATION; | |
| typedef struct _SYSTEM_HANDLE_TABLE_ENTRY_INFO | |
| { | |
| USHORT UniqueProcessId; | |
| USHORT CreatorBackTraceIndex; | |
| UCHAR ObjectTypeIndex; | |
| UCHAR HandleAttributes; | |
| USHORT HandleValue; | |
| PVOID Object; | |
| ULONG GrantedAccess; | |
| } SYSTEM_HANDLE_TABLE_ENTRY_INFO, *PSYSTEM_HANDLE_TABLE_ENTRY_INFO; | |
| typedef struct _SYSTEM_HANDLE_INFORMATION | |
| { | |
| ULONG NumberOfHandles; | |
| SYSTEM_HANDLE_TABLE_ENTRY_INFO Handles[1]; | |
| } SYSTEM_HANDLE_INFORMATION, *PSYSTEM_HANDLE_INFORMATION; | |
| NTSTATUS NTAPI NtQueryObject( | |
| _In_opt_ HANDLE Handle, | |
| _In_ OBJECT_INFORMATION_CLASS ObjectInformationClass, | |
| _Out_opt_ PVOID ObjectInformation, | |
| _In_ ULONG ObjectInformationLength, | |
| _Out_opt_ PULONG ReturnLength | |
| ); | |
| NTSTATUS WINAPI NtQuerySystemInformation( | |
| _In_ SYSTEM_INFORMATION_CLASS SystemInformationClass, | |
| _Inout_ PVOID SystemInformation, | |
| _In_ ULONG SystemInformationLength, | |
| _Out_opt_ PULONG ReturnLength | |
| ); | |
| typedef std::function<NTSTATUS(PSYSTEM_HANDLE_TABLE_ENTRY_INFO)> ENUM_HANDLE_CALLBACK; |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment