Prev: Disable power button programatically in Windows XP
Next: How to set registry key permission in the code?
From: Gerry Hickman on 13 Apr 2007 08:21
Hi,

I want to write a command line program to show all open handles (e.g.
registry keys held open in HKCU when the user logged off). I know there are
tools such as Microsoft OH.EXE and SysInternals(MS) HANDLE.EXE, but I want
to write my program using only official Microsoft SDKs and Documentation.

From what I can gather, the original tools were written using "undocumented"
calls to NtQuerySystemInformation(), but my program must use fully
documented and supported calls. The latest PSDK implies
NtQuerySystemInformation() is deprecated and "subject to change".

Can anyone help me find the correct headings in the Platform SDKs or a
website that shows how to do this? Thanks.

--
Gerry Hickman - (London UK)


From: Skywing [MVP] on 13 Apr 2007 11:59
The only strictly documented mechanism that I know of is to write a minidump
using MiniDumpWriteDump and then parse out the handle information stream
with MiniDumpReadStream. Oleg has a nice example of this up at :
http://www.debuginfo.com/examples/handledump.html

Unfortunately, this is a lot of extra work compared to just calling one of
the undocumented system calls.

The DbgEng API has a routine to query information about a specific handle,
a-la NtQueryObject, but no exposed mechanism to enumerate handles to my
knowledge.

--
Ken Johnson (Skywing)
Windows SDK MVP
http://www.nynaeve.net
"Gerry Hickman" <gerry666uk(a)newsgroup.nospam> wrote in message
news:OC7gSZcfHHA.3928(a)TK2MSFTNGP03.phx.gbl...
> Hi,
>
> I want to write a command line program to show all open handles (e.g.
> registry keys held open in HKCU when the user logged off). I know there
> are
> tools such as Microsoft OH.EXE and SysInternals(MS) HANDLE.EXE, but I want
> to write my program using only official Microsoft SDKs and Documentation.
>
> From what I can gather, the original tools were written using
> "undocumented"
> calls to NtQuerySystemInformation(), but my program must use fully
> documented and supported calls. The latest PSDK implies
> NtQuerySystemInformation() is deprecated and "subject to change".
>
> Can anyone help me find the correct headings in the Platform SDKs or a
> website that shows how to do this? Thanks.
>
> --
> Gerry Hickman - (London UK)
>
>

From: sylvain on 13 Apr 2007 16:39
Gerry Hickman wrote:
> Hi,
>
> I want to write a command line program to show all open handles (e.g.
> registry keys held open in HKCU when the user logged off). I know there are
> tools such as Microsoft OH.EXE and SysInternals(MS) HANDLE.EXE, but I want
> to write my program using only official Microsoft SDKs and Documentation.
>
> From what I can gather, the original tools were written using "undocumented"
> calls to NtQuerySystemInformation(), but my program must use fully
> documented and supported calls. The latest PSDK implies
> NtQuerySystemInformation() is deprecated and "subject to change".
>
> Can anyone help me find the correct headings in the Platform SDKs or a
> website that shows how to do this? Thanks.
>

The method had been given on microsoft.public.win32.programmer.ui
( loop on NtQuerySystemInformation() )
From: Gerry Hickman on 14 Apr 2007 19:01
Hi Sylvian,

I've just been to microsoft.public.win32.programmer.ui and can't find
this solution. I searched all subject headers and also tried Google groups.

Can you point me to the article?

sylvain wrote:
> Gerry Hickman wrote:
>> Hi,
>>
>> I want to write a command line program to show all open handles (e.g.
>> registry keys held open in HKCU when the user logged off). I know
>> there are
>> tools such as Microsoft OH.EXE and SysInternals(MS) HANDLE.EXE, but I
>> want
>> to write my program using only official Microsoft SDKs and Documentation.
>>
>> From what I can gather, the original tools were written using
>> "undocumented"
>> calls to NtQuerySystemInformation(), but my program must use fully
>> documented and supported calls. The latest PSDK implies
>> NtQuerySystemInformation() is deprecated and "subject to change".
>>
>> Can anyone help me find the correct headings in the Platform SDKs or a
>> website that shows how to do this? Thanks.
>>
>
> The method had been given on microsoft.public.win32.programmer.ui
> ( loop on NtQuerySystemInformation() )


--
Gerry Hickman (London UK)
From: "Jeffrey Tan[MSFT]" on 16 Apr 2007 02:49
Hi Gerry,

Based on my knowledge, there is no good documented API for this task.
Handle.exe from sysinternals installs a driver in kernel mode to query the
process handle table for this information.

The common approach for this task is still calling NtQuerySystemInformation
API which may be altered in future version of Windows:
http://www.osronline.com/lists_archive/ntdev/thread199.html

Your application using NtQuerySystemInformation have to modify its
implementation for each new version of Windows to keep forward
compatibility. This is the way most of the system tools doing today.

Thanks.

Best regards,
Jeffrey Tan
Microsoft Online Community Support
==================================================
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
ications.

Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/subscriptions/support/default.aspx.
==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

 |  Next  |  Last
Pages: 1 2 3 4
Prev: Disable power button programatically in Windows XP
Next: How to set registry key permission in the code?