我试图使用以下内容枚举Windows 64位中的所有系统句柄:
WinDef.ULONGByReference nBufferLength = new WinDef.ULONGByReference();
Memory pInfo = new Memory(4);
long ntStatus = -1;
while (ntStatus != 0 /* NT_SUCCESS */) {
ntStatus = NtDll.INSTANCE.NtQuerySystemInformation(
0x10, pInfo, (int) pInfo.size(), nBufferLength);
if (ntStatus == 0xC0000004 /*STATUS_INFO_LENGTH_MISMATCH*/) {
if (pInfo != Pointer.NULL) {
Native.free(Pointer.nativeValue(pInfo));
}
int bufferLength = nBufferLength.getValue().intValue();
pInfo = new Memory(bufferLength);
} else if (ntStatus != 0) {
throw new Win32Exception(Native.getLastError());
}
}
long handleCount = pInfo.getLong(0);
long handleAddress = Pointer.nativeValue(pInfo.share(8));
for (int i = 0; i < handleCount; i++) {
SYSTEM_HANDLE currentHandle = new SYSTEM_HANDLE(new Pointer(handleAddress));
System.out.println(handleAddress + "@" + currentHandle.ProcessId);
lpHandle += currentHandle.size();
}
但在循环中我总是遇到退出代码-1073740940(0xC0000374)。
所以,我看到了构造函数Pointer(long peer)的警告,我不知道自己在做什么,试图将代码切换为使用share而不是直接地址操作。这很慢,最终堆栈溢出。
这是我的SYSTEM_HANDLE结构:
public class SYSTEM_HANDLE extends Structure {
public WinDef.ULONG ProcessId;
public WinDef.BYTE ObjectTypeNumber;
public WinDef.BYTE Flags;
public WinDef.USHORT Handle;
public WinDef.PVOID Object;
public WinDef.DWORD GrantedAccess;
public SYSTEM_HANDLE(Pointer p) {
super(p);
read();
}
@Override
protected List<String> getFieldOrder() {
return Arrays.asList("ProcessId", "ObjectTypeNumber", "Flags",
"Handle", "Object", "GrantedAccess");
}
}