#include "stdafx.h"
#include "handletable.h"

extern "C" DWORD __stdcall 
	NtQuerySystemInformation (DWORD, DWORD*, DWORD, void*);

CHandleTable::CHandleTable (DWORD pid)
{
	DWORD ret_len;
	m_memptr = (DWORD*)VirtualAlloc (NULL, 0x2000, MEM_COMMIT, PAGE_READWRITE);
	if (NtQuerySystemInformation (16, m_memptr, 0x2000, &ret_len))
	{
		VirtualFree (m_memptr, 0, MEM_RELEASE);
		m_memptr = (DWORD*)VirtualAlloc (NULL, ret_len+256, MEM_COMMIT, PAGE_READWRITE);
		NtQuerySystemInformation (16, m_memptr, ret_len, NULL);
	}
	m_numstructs = m_memptr[0];
	m_handleblock = (HANDLEBLOCK*)&m_memptr[1];
	for (DWORD s=0; s<m_numstructs; s++)
	{
		if (m_handleblock->ProcessID == pid)
			break;
		m_handleblock++;
	}
	if (s == m_numstructs)
		m_handleblock = NULL;
	m_counter = 0;
	m_pid = pid;
}

CHandleTable::~CHandleTable()
{
	VirtualFree (m_memptr, 0, MEM_RELEASE);
}

HANDLE CHandleTable::GetNextHandle (DWORD *objaddress)
{
	if (m_handleblock)
	{
		if (objaddress)
			*objaddress = m_handleblock[m_counter].KernelAddress;
		if (m_handleblock[m_counter].ProcessID == m_pid)
			return (HANDLE)m_handleblock[m_counter++].HandleNumber;
	}
	return NULL;
}