none
NtQuerySystemInformation (SYSTEM_HANDLE_INFORMATION_CLASS) not returning handles of all processes RRS feed

  • Question

  • Hello, im a total rookie in windows development, so please bare with me.

    Prologue:

    I am trying to get the tcp socket a process is using, and close it. To do that, my current strategy is to find all the processes and get all their handles, then find the specific process im looking for and go through its handles, find the one that is pointing to a DGRAM_SOCKET and call closesocket on that.


    The question:

    I am using NtQuerySystemInformation with the SYSTEM_HANDLE_INFORMATION_CLASS to get all the handles of all processes. However, i am getting only the handles of some processes, even when i run the program as administrator.

    What could be the reason for that? Any pointers would be helpful.


    • Edited by rumblepie Friday, October 4, 2019 9:35 AM
    Friday, October 4, 2019 9:19 AM

All replies

  • I didn't find the SYSTEM_HANDLE_INFORMATION_CLASS, but the only that would return handle information is SYSTEM_PROCESS_INFORMATION. MSDN reports exactly this:

    The HandleCount member contains the total number of handles being used by the process in question; use GetProcessHandleCount to retrieve this information instead.

    So, probably you should enumerate all the process and then call GetProcessHandleCount and go on with your plan.. or have a look at how TCPView works.

    HTH
    -mario

    Saturday, October 5, 2019 12:40 PM