6

I need to list all open handles in current process. Since i could not find any function like "EnumHandles", I was thinking of making a loop from 0 to 1000. The question is how i can retrieve the name of each handle? I am using c++ and the OS is Win7 32-bit EDIT: The handle I need name of is a Mutex. By comparing the name of the mutex, i want to get the handle id I seem to have found solution using OpenMutex, but i don't know what to pass on 3rd parameter,

WePro2
  • 83
  • 2
  • 5
  • 2
    What do you mean by the "name of each handle" ? Handles don't have names. Do you mean the handle id, corresponding window classes or text titles? – Matt H Jan 03 '12 at 22:04
  • Not all handles refer to files with names. Have you considered looking at Process Explorer? – Greg Hewgill Jan 03 '12 at 22:05
  • That approach will not work. What kind of handles? – SLaks Jan 03 '12 at 22:05
  • @MattH Question updated, i want the handle id for a mutex, by comparing the name in a loop (strcmp). – WePro2 Jan 03 '12 at 22:17

1 Answers1

5

I believe you have to use the NTDLL.DLL. To my knowledge this is what all tools monitoring processes, handles and other system information, have to use in the end, under Windows. I used it in a small Win32 tool, however never had to list handles.

Check here for a good intro of that library and related to your question. http://forum.sysinternals.com/howto-enumerate-handles_topic18892.html

Also the GetObjectName function in the first post of http://forum.sysinternals.com/enumerate-opened-files_topic3577.html

Accessing this kind of information in Windows may seem to be a lot of work and looks frightening because Microsoft does not want to support it, but you will see that when the 'easy' API is not giving you what you need, you have to dig to NTDLL. This is what tools like ProcessExplorer use in the end. It is not so hard to use: load the DLL, get the right function pointers to fill the structs that you declare yourself with what you will find on the net.

fury
  • 597
  • 1
  • 4
  • 15
  • I am not mentoring processes, it's handle located in current process – WePro2 Jan 03 '12 at 22:22
  • I badly explained it. The NTDLL.DLL library is meant for getting information about deep system information (processes, handles, etc). This is a DLL that is undocumented by Microsoft but you can find documentation at the links I gave, or by googling. You just have to know the structs and functions to call in the DLL. – fury Jan 03 '12 at 22:32
  • It look a lot of work just to retrive name of handles. I think OpenMutex might be the answer i am looking for, but i not sure if i need to pass full path of mutex(\Sessions\1\BaseNamedObjects\somemutex) or just somemutex on 3rd parameter. I have tryed both but haven't successed – WePro2 Jan 03 '12 at 22:44
  • Yes, accessing this kind of information in Windows may seem to be a lot of work and looks frightening because Microsoft does not want to support it, but you will see that when the 'easy' API is not giving you what you need, you have to dig to NTDLL. This is what tools like ProcessExplorer use in the end. It is not so hard to use: load the DLL, get the right function pointers to fill the structs that you declare yourself with what you will find on the net. – fury Jan 03 '12 at 23:01