LocalHookGetNameByHandle Method

Reads the kernel object name for a given windows usermode handle. Executes in approx. 100 micro secounds.

Namespace: EasyHook
Assembly: EasyHook (in EasyHook.dll) Version: 2.7.6684.0 (2.7.6684.0)

Syntax

public static string GetNameByHandle(
	IntPtr InHandle
)

Public Shared Function GetNameByHandle ( 
	InHandle As IntPtr
) As String

public:
static String^ GetNameByHandle(
	IntPtr InHandle
)

static member GetNameByHandle : 
        InHandle : IntPtr -> string

Parameters

InHandle: Type: SystemIntPtr

Return Value

Type: String
The kernel object name associated with the given handle.

Exceptions

Exception	Condition
ArgumentException	The given handle is invalid or could not be accessed for unknown reasons.

Remarks

This allows you to translate a handle back to the associated filename for example. But keep in mind that such names are only valid for kernel service routines, like NtCreateFile. You won't have success when calling CreateFile on such object names! The regular windows user mode API has some methods that will allow you to convert such kernelmode names back into usermode names. I know this because I did it some years ago but I've already forgotten how it has to be done! I can only give you some hints: FindFirstVolume(), FindFirstVolumeMountPoint(), QueryDosDevice(), GetVolumePathNamesForVolumeName()

A valid usermode handle.

Reference

LocalHook Class

EasyHook Namespace

LocalHookAddLanguageSpecificTextSet("LST953778B7_0?cpp=::|nu=.");GetNameByHandle Method

Parameters

Return Value

Reference

LocalHookGetNameByHandle Method