获取给定进程的文件句柄 [英] Getting the file handles of given process

问题描述

我需要让所有给定进程的文件句柄的一种方式。

I need a way for getting all of the file handles of a given process.

例如，给定一个Winword.exe进程的句柄，我想得到这一进程的文件句柄（DOC文件等）的列表中。

for example, given a the winword.exe process handle, i would like to get the list of the file handles of that process (doc files etc).

我使用通过C＃在Win32 API / PInvoke的。

i'm using the Win32 api via C#/pInvoke.

感谢

推荐答案

这是简单的解决方案是使用的 handle.exe 并读取其输出。另一个解决方案是使用的P / Invoke与 NtQuerySystemInformation 功能。 这并的在此的Sysinternals论坛后有更多的细节以及本的文章。在托管代码这样做可能会很困难，因为你需要写一个驱动程序来读取内核地址空间。

An easy solution would be to use handle.exe and read its output. Another solution is to use P/Invoke with NtQuerySystemInformation function. This and this forum post on SysInternals has more details as well as this article on CodeProject. Doing it in managed code could be very difficult as you will need to write a driver to read the kernel address space.

我建议你暴露在所需要的功能Win32函数，你可以从托管代码调用。

I would suggest you to expose the needed functionality in a Win32 function that you could call from managed code.

这篇关于获取给定进程的文件句柄的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！