HandleWalker

donkey · August 22, 2010, 10:37:01 PM

I had been playing around with adding an open handle viewer to GoP, the project that never seems to be finished, but in the end my test showed it to be a bit unreliable and the information was not really useful so I dropped it. I have attached the code here in case anyone is looking for a way to look at a processes public handles and to extract (rather limited) information from them. About the most useful handle I found was that I can get a list of open files for a process. The code is very rough with almost no error trapping so use it at your own risk or better still improve it...

Edgar

Note the StrLenSSE1 procedure was shamelessly stolen from another thread, I could have used my own without any noticeable impact on performance but I was testing it and just left it in. It is your responsibility to make sure that you're allowed to use it in your application.

Note,Note This is a RadASM 3 project.

Note,Note,Note You need to update your header files, there is a new upload at my website, I neglected to increment the version number though...

ecube · August 23, 2010, 12:07:26 AM

Nice Donkey, here's the proper way to get a processes handles which also avoids the named pipes freeze for NtQueryObject

http://forum.sysinternals.com/howto-enumerate-handles_topic18892.html

donkey · August 23, 2010, 12:54:44 AM

Thanks for the link E^cube,

I'll take a look at it but as for GoP it doesn't quite fit into the goals of the program so I won't be using it in there. I had originally thought it might be a good idea to track GDI and memory handles for leak reports but I am looking at a different way to accomplish it now using API hooks.

Edgar

News:

HandleWalker

donkey

ecube

donkey