Sysinternals Homepage
Forum Home Forum Home > Sysinternals Utilities > Process Explorer
  New Posts New Posts RSS Feed: How procexp obtains info about handles?
  FAQ FAQ  Forum Search   Calendar   Register Register  Login Login

How procexp obtains info about handles?
 Post Reply Post Reply
Author
Message Reverse Sort Order
  Share Topic Share Topic  Topic Search Topic Search  Topic Options Topic Options
EP_X0FF View Drop Down
Senior Member
Senior Member
Avatar

Joined: 08 March 2006
Location: Russian Federation
Online Status: Offline
Posts: 4753 		Post Options Post Options   Quote EP_X0FF Quote  Post ReplyReply Direct Link To This Post Topic: How procexp obtains info about handles?
    Posted: 22 September 2006 at 6:48am
Refresh (remove non-existed handles from list)

1. GetList
2. Look for old non existed handles (compare with previous list)
3. Remove non-existed
Ring0 - the source of inspiration
Back to Top
vrtule View Drop Down
Senior Member
Senior Member
Avatar

Joined: 22 September 2006
Location: Czech Republic
Online Status: Offline
Posts: 121 		Post Options Post Options   Quote vrtule Quote  Post ReplyReply Direct Link To This Post Posted: 22 September 2006 at 6:33am
I know that it quickly refresh. But where can I find an information that the handle is being deleted? Does this retrieve NtQueryObject too?
Back to Top
EP_X0FF View Drop Down
Senior Member
Senior Member
Avatar

Joined: 08 March 2006
Location: Russian Federation
Online Status: Offline
Posts: 4753 		Post Options Post Options   Quote EP_X0FF Quote  Post ReplyReply Direct Link To This Post Posted: 22 September 2006 at 4:35am
I have another question yet. How procexp determines that certaint handle are being created or deleted?

Quickly refresh
Ring0 - the source of inspiration
Back to Top
vrtule View Drop Down
Senior Member
Senior Member
Avatar

Joined: 22 September 2006
Location: Czech Republic
Online Status: Offline
Posts: 121 		Post Options Post Options   Quote vrtule Quote  Post ReplyReply Direct Link To This Post Posted: 22 September 2006 at 3:34am

Ok. And can you tell me some details about the technique it knows which handles are "dangerous" (which caouse deadlock when you want to obtain their name)?

I have another question yet. How procexp determines that certaint handle are being created or deleted?

Thank you for responses
Back to Top
EP_X0FF View Drop Down
Senior Member
Senior Member
Avatar

Joined: 08 March 2006
Location: Russian Federation
Online Status: Offline
Posts: 4753 		Post Options Post Options   Quote EP_X0FF Quote  Post ReplyReply Direct Link To This Post Posted: 22 September 2006 at 3:20am
NtQueryObject
Ring0 - the source of inspiration
Back to Top
vrtule View Drop Down
Senior Member
Senior Member
Avatar

Joined: 22 September 2006
Location: Czech Republic
Online Status: Offline
Posts: 121 		Post Options Post Options   Quote vrtule Quote  Post ReplyReply Direct Link To This Post Posted: 22 September 2006 at 1:17am

Hello,

I'm just wondering how procexp does it. It is capable to obtain all information about open handles of a process even without kernel driver! Can I ask about the method it uses?

Sorry, my english is not very good, I apologise
Back to Top
 Post Reply Post Reply

Forum Jump Forum Permissions View Drop Down