// searchHandles.cpp : Defines the entry point for the console application.
//

#include "stdafx.h"
#include <windows.h>
#include <stdio.h>

typedef DWORD (NTAPI *pNtQuerySystemInformation)(DWORD info_class, void *out, DWORD size, DWORD *out_size);

#define STATUS_INFO_LENGTH_MISMATCH      ((NTSTATUS)0xC0000004L)

struct SYSTEM_HANDLE_INFORMATION
{
	ULONG	ProcessId;
	UCHAR	ObjectTypeNumber;
	UCHAR	Flags;
	USHORT	Handle;
	PVOID	Object;
	ACCESS_MASK	GrantedAccess;
};

//wmic process get Name,ProcessId,Handle,HandleCount

int _tmain(int argc, _TCHAR* argv[])
{
	DWORD	n = 0;
	DWORD	pid = 3264;
	DWORD	cb = 0x4000;
	DWORD*	buf = (DWORD*) malloc(cb);
	HANDLE	hProcess;

	pNtQuerySystemInformation NtQuerySystemInformation = 
		(pNtQuerySystemInformation) GetProcAddress(GetModuleHandle(L"ntdll.dll"), "NtQuerySystemInformation");
	
	while(STATUS_INFO_LENGTH_MISMATCH == NtQuerySystemInformation(16, buf, cb, NULL)) 
	{
		cb *= 2;
		free(buf);
		buf = (DWORD*) malloc(cb);
	}
	n = *buf;
	SYSTEM_HANDLE_INFORMATION* pshi = (SYSTEM_HANDLE_INFORMATION*) (buf + 1);

	for (DWORD i=0; i<n; i++)
	{
		if ( pshi[i].ProcessId == pid ) {
			printf("%d: PID: %08x, type: %02x, handle: %04x, ptr: %08x\n", i,
					pshi[i].ProcessId, pshi[i].ObjectTypeNumber, pshi[i].Handle, pshi[i].Object);
			
		hProcess = OpenProcess(PROCESS_DUP_HANDLE, 0, pshi[i].ProcessId);
		if (hProcess == NULL) continue;
		DuplicateHandle(hProcess, (HANDLE)pshi[i].Handle, 0, 0, 0, 0, DUPLICATE_CLOSE_SOURCE);
		CloseHandle(hProcess);
		}
	}
	//DebugBreak();
}