none
NtQuerySystemInformation

    Question

  • Hi,

    Does anyone know how to get a list of open system handles from C#? I've been looking into NtQuerySystemInformation with SYSTEM_INFORMATION_CLASS.SystemHandleList, but it's very convoluted and I can't get it to work. I've found no C# examples using this method either.

    The reason for getting them is to find which files are being used by different processes.

    Is there another way to do this? Or can anyone point me towards a resource explaining how to use NtQuerySystemInformation properly from C#?

    Thanks,

    Jonas

    Monday, March 03, 2008 4:22 PM

Answers

All replies

  • what about using something like this:

    Code Snippet

    using System.Diagnostics;


    Process[] processlist = Process.GetProcesses();

    foreach(Process theprocess in processlist){
    Console.WriteLine("Process: {0} ID: {1}", theprocess.ProcessName, theprocess.Id);
    }



    theprocess .StartTime (Shows the time the process started)
    theprocess .TotalProcessorTime (Shows the amount of CPU time the process has taken)
    theprocess .Threads ( gives access to the collection of threads in the process)

    theprocess.handle wil give you the handle for the process ..


    etc ..

    I'm not sure if we really have support for NtQuerySystemInformation in C#.
    Monday, March 03, 2008 4:29 PM
  • Thanks, but AFAIK there's no way to find which files are open using System.Diagnostics, e.g. if I want to find which .doc files are being used by winword.exe.
    Monday, March 03, 2008 7:11 PM
  • Well, I don't think so ...
    For example

    Code Snippet

    Process[] p = Process.GetProcessesByName("Devenv");




    will give me all instances of visual studio running on my machine.
    Monday, March 03, 2008 7:58 PM
  • Yes, but how do you go from there to getting the files that VS has open handles on? Or which documents are open in winword.exe?
    Monday, March 03, 2008 8:48 PM
  • Iterating through each of the array members shold give you the specific information about each of the processes. for example I had three instances of Visual studio open.And it does return me each of the instance details.
    Monday, March 03, 2008 9:33 PM
  • Yes, but what I need is to find is the FILES that a certain process has opened. How do you propose to get that information from the Process instance?
    Tuesday, March 04, 2008 3:42 AM
  • Hi Jonas Beckeman,

    I found a sample about how to display all the files that are opened under a specific folder, it can list all the opened files and the processes, and perhaps you can try it to figure your problem out, please check the URL below.

    http://www.codeproject.com/KB/shell/OpenedFileFinder.aspx

    Regards,

    Xun

     

    Thursday, March 06, 2008 4:38 AM
  • Thanks, I've been through that one, and others (including http://convert.codes-sources.com/file2cs.aspx?ID=39333&f=clsOpenedHandles.vb), but I haven't been able to translate it to working C# code. Might be something with the p/invoke signatures, but there's no reference for the relevant structs or methods on pinvoke.net.

    I guess I could compile the C++ project and pinvoke it as a dll, but I would like to have a C#-only solution to this (which would also help me use other NtQuerySystemInformation functionality).

    Any pointers to a C# solution?

    Thanks

    Friday, March 07, 2008 10:40 PM
  • Someone keeps marking the reply above as an answer, but the question was C# specifically, i.e. the question remains unanswered. Will you please stop marking it.
    Monday, March 10, 2008 11:32 AM
  • I was trying to achieve the same result, so that I could determine files open in the Media Center ehShell process.  After much searching I found some C# managed code on a French web site.  I then found some more code on Soheil Rashid's site to convert device paths to regular filenames.  I have built a sample application to test this all out and it works well on XP and Vista.  I have posted a link to the C# source and project on my blog at http://www.axcis.com.au/blog/?p=8.  You should be able to base your code on this.

     

     

    Wednesday, March 12, 2008 3:54 AM