I have a kernel driver. How can i enumerate all opened handles of specified process in my kernel driver? I want to close these handles.
Thanks!
Asked
Active
Viewed 3,537 times
1
-
Have you tried [process explorer](http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx)? – Alexey Frunze Oct 14 '12 at 19:14
-
@AlexeyFrunze: I'm assuming he wants to write code in his kernel driver to enumerate all the handles of a specified process. – Gabe Oct 14 '12 at 19:15
-
@Gabe Could be, but we don't know for sure. Btw, shouldn't the driver be able to keep track of device opens, because it should receive open calls? – Alexey Frunze Oct 14 '12 at 19:18
-
Dangerous. It will likely stall on pipes and mailslots. – 0xC0000022L Oct 14 '12 at 19:44
-
1Not to mention randomly destroying files: http://stackoverflow.com/a/2611885/17034 – Hans Passant Oct 14 '12 at 20:10
-
@HansPassant: It's possible that what he really wants to do is just invalidate the handle (like what happens to handles to open files on a drive after you surprise eject) rather than actually close them. – Gabe Oct 14 '12 at 21:18
1 Answers
5
I want to close these handles.
For what it is worth, just because something can be done, doesn't mean it should be done. This is a bad idea.
That said, it's possible to enumerate all handles for all processes using an undocumented call to Zw/NtQuerySystemInformation with information class SystemHandleInformation. A web search using these terms will yield what you want.
Bukes
- 3,668
- 1
- 18
- 20