PPH_HANDLE_PROVIDER PhCreateHandleProvider(
__in HANDLE ProcessId
)
{
PPH_HANDLE_PROVIDER handleProvider;
if (!NT_SUCCESS(PhCreateObject(
&handleProvider,
sizeof(PH_HANDLE_PROVIDER),
0,
PhHandleProviderType
)))
return NULL;
handleProvider->HandleHashSetSize = 128;
handleProvider->HandleHashSet = PhCreateHashSet(handleProvider->HandleHashSetSize);
handleProvider->HandleHashSetCount = 0;
PhInitializeQueuedLock(&handleProvider->HandleHashSetLock);
PhInitializeCallback(&handleProvider->HandleAddedEvent);
PhInitializeCallback(&handleProvider->HandleModifiedEvent);
PhInitializeCallback(&handleProvider->HandleRemovedEvent);
PhInitializeCallback(&handleProvider->UpdatedEvent);
handleProvider->ProcessId = ProcessId;
handleProvider->ProcessHandle = NULL;
PhOpenProcess(
&handleProvider->ProcessHandle,
PROCESS_DUP_HANDLE,
ProcessId
);
handleProvider->TempListHashtable = PhCreateSimpleHashtable(20);
return handleProvider;
}
PPH_HANDLE_PROVIDER PhCreateHandleProvider(
_In_ HANDLE ProcessId
)
{
PPH_HANDLE_PROVIDER handleProvider;
handleProvider = PhCreateObject(
PhEmGetObjectSize(EmHandleProviderType, sizeof(PH_HANDLE_PROVIDER)),
PhHandleProviderType
);
handleProvider->HandleHashSetSize = 128;
handleProvider->HandleHashSet = PhCreateHashSet(handleProvider->HandleHashSetSize);
handleProvider->HandleHashSetCount = 0;
PhInitializeQueuedLock(&handleProvider->HandleHashSetLock);
PhInitializeCallback(&handleProvider->HandleAddedEvent);
PhInitializeCallback(&handleProvider->HandleModifiedEvent);
PhInitializeCallback(&handleProvider->HandleRemovedEvent);
PhInitializeCallback(&handleProvider->UpdatedEvent);
handleProvider->ProcessId = ProcessId;
handleProvider->ProcessHandle = NULL;
handleProvider->RunStatus = PhOpenProcess(
&handleProvider->ProcessHandle,
PROCESS_DUP_HANDLE,
ProcessId
);
handleProvider->TempListHashtable = PhCreateSimpleHashtable(20);
PhEmCallObjectOperation(EmHandleProviderType, handleProvider, EmObjectCreate);
return handleProvider;
}
