Find all open handles (Mutex, File, Key etc)
in [Win32 Kernel]
|
Prev: Disable power button programatically in Windows XP
Next: How to set registry key permission in the code?
From: Gerry Hickman on 16 Apr 2007 11:40 Thanks Jeffrey, The article from osronline is very helpful! Is there any possibility we could either have better DOCs for NtQuerySystemInformation or a proper API for this in future? A WMI Provider would be nice:) -- Gerry Hickman - (London UK) ""Jeffrey Tan[MSFT]"" <jetan(a)online.microsoft.com> wrote in message news:M75GiN$fHHA.4692(a)TK2MSFTNGHUB02.phx.gbl... > Hi Gerry, > > Based on my knowledge, there is no good documented API for this task. > Handle.exe from sysinternals installs a driver in kernel mode to query the > process handle table for this information. > > The common approach for this task is still calling NtQuerySystemInformation > API which may be altered in future version of Windows: > http://www.osronline.com/lists_archive/ntdev/thread199.html > > Your application using NtQuerySystemInformation have to modify its > implementation for each new version of Windows to keep forward > compatibility. This is the way most of the system tools doing today. > > Thanks. > > Best regards, > Jeffrey Tan > Microsoft Online Community Support > ================================================== > Get notification to my posts through email? Please refer to > http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif > ications. > > Note: The MSDN Managed Newsgroup support offering is for non-urgent issues > where an initial response from the community or a Microsoft Support > Engineer within 1 business day is acceptable. Please note that each follow > up response may take approximately 2 business days as the support > professional working with you may need further investigation to reach the > most efficient resolution. The offering is not appropriate for situations > that require urgent, real-time or phone-based interactions or complex > project analysis and dump analysis issues. Issues of this nature are best > handled working with a dedicated Microsoft Support Engineer by contacting > Microsoft Customer Support Services (CSS) at > http://msdn.microsoft.com/subscriptions/support/default.aspx. > ================================================== > This posting is provided "AS IS" with no warranties, and confers no rights. >
From: "Jeffrey Tan[MSFT]" on 16 Apr 2007 22:34 Hi Gerry, Thanks for your feedback. Sorry, I can not guarantee this possibility. NtQuerySystemInformation is semi-documented in MSDN and much of the SystemInformationClass enum is not documented yet(including our enum value 16). I do not know any other public interfaces for this task. Also, based on my knowledge, it is the kernel-mode service that querys process handle table and returns the result to the user-mode and the only user-mode interface to query the kernel-mode is NtQuerySystemInformation API in Ntdll.dll. So if you would like to create a WMI provider, it still has to use NtQuerySystemInformation API internally, which has to be changed in future Windows. Thanks for your understanding. Best regards, Jeffrey Tan Microsoft Online Community Support ================================================== Get notification to my posts through email? Please refer to http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif ications. Note: The MSDN Managed Newsgroup support offering is for non-urgent issues where an initial response from the community or a Microsoft Support Engineer within 1 business day is acceptable. Please note that each follow up response may take approximately 2 business days as the support professional working with you may need further investigation to reach the most efficient resolution. The offering is not appropriate for situations that require urgent, real-time or phone-based interactions or complex project analysis and dump analysis issues. Issues of this nature are best handled working with a dedicated Microsoft Support Engineer by contacting Microsoft Customer Support Services (CSS) at http://msdn.microsoft.com/subscriptions/support/default.aspx. ================================================== This posting is provided "AS IS" with no warranties, and confers no rights.
From: Mikep on 17 Apr 2007 15:12 If you google around for information on 'NtQuerySystemInformation hangs on pipes', you'll see that calling it from userland will hang the calling thread if you are requesting information on a handle for a pipe. Don't recall whether the pipe has to be named or not. Calling from kernal mode works fine. Mike P "Gerry Hickman" <gerry666uk(a)newsgroup.nospam> wrote in message news:udJCD2DgHHA.284(a)TK2MSFTNGP05.phx.gbl... > Thanks Jeffrey, > > The article from osronline is very helpful! > > Is there any possibility we could either have better DOCs for > NtQuerySystemInformation or a proper API for this in future? A WMI > Provider > would be nice:) > > -- > Gerry Hickman - (London UK) > > ""Jeffrey Tan[MSFT]"" <jetan(a)online.microsoft.com> wrote in message > news:M75GiN$fHHA.4692(a)TK2MSFTNGHUB02.phx.gbl... >> Hi Gerry, >> >> Based on my knowledge, there is no good documented API for this task. >> Handle.exe from sysinternals installs a driver in kernel mode to query >> the >> process handle table for this information. >> >> The common approach for this task is still calling > NtQuerySystemInformation >> API which may be altered in future version of Windows: >> http://www.osronline.com/lists_archive/ntdev/thread199.html >> >> Your application using NtQuerySystemInformation have to modify its >> implementation for each new version of Windows to keep forward >> compatibility. This is the way most of the system tools doing today. >> >> Thanks. >> >> Best regards, >> Jeffrey Tan >> Microsoft Online Community Support >> ================================================== >> Get notification to my posts through email? Please refer to >> > http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif >> ications. >> >> Note: The MSDN Managed Newsgroup support offering is for non-urgent >> issues >> where an initial response from the community or a Microsoft Support >> Engineer within 1 business day is acceptable. Please note that each >> follow >> up response may take approximately 2 business days as the support >> professional working with you may need further investigation to reach the >> most efficient resolution. The offering is not appropriate for situations >> that require urgent, real-time or phone-based interactions or complex >> project analysis and dump analysis issues. Issues of this nature are best >> handled working with a dedicated Microsoft Support Engineer by contacting >> Microsoft Customer Support Services (CSS) at >> http://msdn.microsoft.com/subscriptions/support/default.aspx. >> ================================================== >> This posting is provided "AS IS" with no warranties, and confers no > rights. >> > >
From: Gerry Hickman on 21 Apr 2007 12:19 Hi Jeffrey, OK, but lots of things change with each version of Windows but that doesn't stop them being documented! The other idea about Microsoft giving us a WMI provider is that it could update such a provider when a new version of windows is released, it could also wrap the kernel mode calls and only pass back results in user mode... There's a lot of guff about improved "Reliability and Performance" monitoring in Vista, but they appear to have forgotten the basics (like open handles!) Anyway, thanks for the help with this. Jeffrey Tan[MSFT] wrote: > Hi Gerry, > > Thanks for your feedback. > > Sorry, I can not guarantee this possibility. NtQuerySystemInformation is > semi-documented in MSDN and much of the SystemInformationClass enum is not > documented yet(including our enum value 16). I do not know any other > public interfaces for this task. > > Also, based on my knowledge, it is the kernel-mode service that querys > process handle table and returns the result to the user-mode and the only > user-mode interface to query the kernel-mode is NtQuerySystemInformation > API in Ntdll.dll. So if you would like to create a WMI provider, it still > has to use NtQuerySystemInformation API internally, which has to be changed > in future Windows. > > Thanks for your understanding. > > Best regards, > Jeffrey Tan > Microsoft Online Community Support > ================================================== > Get notification to my posts through email? Please refer to > http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif > ications. > > Note: The MSDN Managed Newsgroup support offering is for non-urgent issues > where an initial response from the community or a Microsoft Support > Engineer within 1 business day is acceptable. Please note that each follow > up response may take approximately 2 business days as the support > professional working with you may need further investigation to reach the > most efficient resolution. The offering is not appropriate for situations > that require urgent, real-time or phone-based interactions or complex > project analysis and dump analysis issues. Issues of this nature are best > handled working with a dedicated Microsoft Support Engineer by contacting > Microsoft Customer Support Services (CSS) at > http://msdn.microsoft.com/subscriptions/support/default.aspx. > ================================================== > This posting is provided "AS IS" with no warranties, and confers no rights. > > -- Gerry Hickman (London UK)
From: Gerry Hickman on 21 Apr 2007 12:23 Hi Mike, OK, I think you're saying you can't just write a program and try to make the calls to NtQuerySystemInformation without running into problems because it needs to run in kernel mode? Hmm, is that why there's talk of a "driver" being used, e.g. with SysInternals implementation? Would it be possible to write a multi-threaded program, with one thread in kernel mode? Mikep wrote: > If you google around for information on 'NtQuerySystemInformation hangs on > pipes', you'll see that calling it from userland will hang the calling > thread if you are requesting information on a handle for a pipe. Don't > recall whether the pipe has to be named or not. > > Calling from kernal mode works fine. > > Mike P > > "Gerry Hickman" <gerry666uk(a)newsgroup.nospam> wrote in message > news:udJCD2DgHHA.284(a)TK2MSFTNGP05.phx.gbl... >> Thanks Jeffrey, >> >> The article from osronline is very helpful! >> >> Is there any possibility we could either have better DOCs for >> NtQuerySystemInformation or a proper API for this in future? A WMI >> Provider >> would be nice:) >> >> -- >> Gerry Hickman - (London UK) >> >> ""Jeffrey Tan[MSFT]"" <jetan(a)online.microsoft.com> wrote in message >> news:M75GiN$fHHA.4692(a)TK2MSFTNGHUB02.phx.gbl... >>> Hi Gerry, >>> >>> Based on my knowledge, there is no good documented API for this task. >>> Handle.exe from sysinternals installs a driver in kernel mode to query >>> the >>> process handle table for this information. >>> >>> The common approach for this task is still calling >> NtQuerySystemInformation >>> API which may be altered in future version of Windows: >>> http://www.osronline.com/lists_archive/ntdev/thread199.html >>> >>> Your application using NtQuerySystemInformation have to modify its >>> implementation for each new version of Windows to keep forward >>> compatibility. This is the way most of the system tools doing today. >>> >>> Thanks. >>> >>> Best regards, >>> Jeffrey Tan >>> Microsoft Online Community Support >>> ================================================== >>> Get notification to my posts through email? Please refer to >>> >> http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif >>> ications. >>> >>> Note: The MSDN Managed Newsgroup support offering is for non-urgent >>> issues >>> where an initial response from the community or a Microsoft Support >>> Engineer within 1 business day is acceptable. Please note that each >>> follow >>> up response may take approximately 2 business days as the support >>> professional working with you may need further investigation to reach the >>> most efficient resolution. The offering is not appropriate for situations >>> that require urgent, real-time or phone-based interactions or complex >>> project analysis and dump analysis issues. Issues of this nature are best >>> handled working with a dedicated Microsoft Support Engineer by contacting >>> Microsoft Customer Support Services (CSS) at >>> http://msdn.microsoft.com/subscriptions/support/default.aspx. >>> ================================================== >>> This posting is provided "AS IS" with no warranties, and confers no >> rights. >> > > -- Gerry Hickman (London UK)
First
|
Prev
|
Next
|
Last
Pages: 1 2 3 4 Prev: Disable power button programatically in Windows XP Next: How to set registry key permission in the code? |