Skip to content

Commit

Permalink
Update handles after termination
Browse files Browse the repository at this point in the history
  • Loading branch information
@dmex
dmex committed Jan 18, 2025
1 parent d310f21 commit 9bf3a80
Showing 1 changed file with 23 additions and 23 deletions.
46 changes: 23 additions & 23 deletions SystemInformer/hndlprv.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -345,24 +345,22 @@ VOID PhHandleProviderUpdate(
PPH_HANDLE_PROVIDER handleProvider = (PPH_HANDLE_PROVIDER)Object;
PSYSTEM_HANDLE_INFORMATION_EX handleInfo;
PSYSTEM_HANDLE_TABLE_ENTRY_INFO_EX handles;
ULONG numberOfHandles;
ULONG_PTR numberOfHandles;
ULONG i;
PH_HASHTABLE_ENUM_CONTEXT enumContext;
PPH_KEY_VALUE_PAIR handlePair;
BOOLEAN useWorkQueue = FALSE;
PH_WORK_QUEUE workQueue;
KPH_LEVEL level;

if (!NT_SUCCESS(handleProvider->RunStatus = PhEnumHandlesGeneric(
handleProvider->RunStatus = PhEnumHandlesGeneric(
handleProvider->ProcessId,
handleProvider->ProcessHandle,
PhCsEnableHandleSnapshot,
&handleInfo
)))
goto UpdateExit;
);

level = KsiLevel();

if (level < KphLevelMed)
{
useWorkQueue = TRUE;
Expand All @@ -375,18 +373,21 @@ VOID PhHandleProviderUpdate(
}
}

handles = handleInfo->Handles;
numberOfHandles = (ULONG)handleInfo->NumberOfHandles;

for (i = 0; i < numberOfHandles; i++)
if (NT_SUCCESS(handleProvider->RunStatus))
{
PSYSTEM_HANDLE_TABLE_ENTRY_INFO_EX handle = &handles[i];
handles = handleInfo->Handles;
numberOfHandles = handleInfo->NumberOfHandles;

PhAddItemSimpleHashtable(
handleProvider->TempListHashtable,
(PVOID)handle->HandleValue,
handle
);
for (i = 0; i < numberOfHandles; i++)
{
PSYSTEM_HANDLE_TABLE_ENTRY_INFO_EX handle = &handles[i];

PhAddItemSimpleHashtable(
handleProvider->TempListHashtable,
handle->HandleValue,
handle
);
}
}

// Look for closed handles.
Expand Down Expand Up @@ -418,13 +419,13 @@ VOID PhHandleProviderUpdate(
if (
// TODO(jxy-s): remove following line after next driver release, see commit 3a54b8329
handleProvider->ProcessId != SYSTEM_PROCESS_ID &&
KsiLevel() >= KphLevelMed && handleProvider->ProcessHandle
level >= KphLevelMed && handleProvider->ProcessHandle
)
{
found = NT_SUCCESS(KphCompareObjects(
handleProvider->ProcessHandle,
handleItem->Handle,
(HANDLE)(*tempHashtableValue)->HandleValue
(*tempHashtableValue)->HandleValue
));
}
// This isn't 100% accurate as pool addresses may be re-used, but it works well.
Expand Down Expand Up @@ -466,10 +467,7 @@ VOID PhHandleProviderUpdate(

for (i = 0; i < handlesToRemove->Count; i++)
{
PhpRemoveHandleItem(
handleProvider,
(PPH_HANDLE_ITEM)handlesToRemove->Items[i]
);
PhpRemoveHandleItem(handleProvider, handlesToRemove->Items[i]);
}

PhReleaseQueuedLockExclusive(&handleProvider->HandleHashSetLock);
Expand Down Expand Up @@ -588,7 +586,10 @@ VOID PhHandleProviderUpdate(
PhDeleteWorkQueue(&workQueue);
}

PhFree(handleInfo);
if (NT_SUCCESS(handleProvider->RunStatus))
{
PhFree(handleInfo);
}

// Re-create the temporary hashtable if it got too big.
if (handleProvider->TempListHashtable->AllocatedEntries > 8192)
Expand All @@ -601,6 +602,5 @@ VOID PhHandleProviderUpdate(
PhClearHashtable(handleProvider->TempListHashtable);
}

UpdateExit:
PhInvokeCallback(&handleProvider->HandleUpdatedEvent, NULL);
}

0 comments on commit 9bf3a80

Please sign in to comment.