im using the API NtQuerySystemInformation to retrieve SystemHandleInformation.
So far, its working perfectly when i run the code in a 32bit OS, but when i run the code in a 64bit OS i eget invalid data in the destination pointer
Public Declare Auto Function NtQuerySystemInformation Lib "ntdll.dll" (ByVal SystemInformationClass As Integer, ByVal SystemInformation As IntPtr, ByVal SystemInformationLength As Integer, ByRef returnLength As Integer) As UInteger
Dim retLength As Integer = 512
Dim lpBufferHandles As IntPtr
Dim Handle As New SYSTEM_HANDLE_INFORMATION()
lpBufferHandles = Marshal.AllocHGlobal(retLength)
NtQuerySystemInformation(SystemHandleInformation, lpBufferHandles, retLength, retLength)
Marshal.FreeHGlobal(lpBufferHandles)
lpBufferHandles = Marshal.AllocHGlobal(retLength)
NtQuerySystemInformation(SystemHandleInformation, lpBufferHandles, retLength, retLength
Dim totalHandles as integer = Marshal.ReadInt32(lpBufferHandles)
For X As Integer = 0 To m_totalHandles - 1
Handle = DirectCast(Marshal.PtrToStructure(New IntPtr(lpBufferHandles.ToInt32 + 4 + (16 * X)), Handle.[GetType]()), SYSTEM_HANDLE_INFORMATION)
Debug.WriteLine("Found handle type {0} for PID {1}.", Handle.ObjectTypeNumber, Handle.ProcessID)
Next
and here is the SYSTEM_HANDLE_INFORMATION structure
<StructLayout(LayoutKind.Sequential)> Structure SYSTEM_HANDLE_INFORMATION
Public ProcessID As Integer
Public ObjectTypeNumber As Byte
Public Flags As Byte
Public Handle As UShort
Public Object_Pointer As Integer
Public GrantedAccess As Integer
End Structure
Im currently running Windows 7 64 bit, so what i usually do is set CPU to AnyCPU, regardless of this, when i compile this piece of code for x86 it runs correctly and returns correct data, but when i compile it for x64 it returns all sort of invalid details (wrong data).
So far i wasn't able to understand what is wrong, could anyone help me?
As an added information, if i query the struct size of "Handle" they are the same, in both cases, but the buffersize, in this case lpBufferHandles is very different, around 37k in x86 and 58k in x64 ... so, it looks like its returning details is some other structure or so?