ProcExp152SysDotNetProxy 2.0.0

.NET Standard 2.0 This package targets .NET Standard 2.0. The package is compatible with this framework or higher. 
dotnet add package ProcExp152SysDotNetProxy --version 2.0.0
                    


                    

                
NuGet\Install-Package ProcExp152SysDotNetProxy -Version 2.0.0
This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package. 
<PackageReference Include="ProcExp152SysDotNetProxy" Version="2.0.0" />
For projects that support PackageReference, copy this XML node into the project file to reference the package. 
<PackageVersion Include="ProcExp152SysDotNetProxy" Version="2.0.0" />
                    


                            Directory.Packages.props
                        

                    

                
<PackageReference Include="ProcExp152SysDotNetProxy" />
                    


                            Project file
For projects that support Central Package Management (CPM), copy this XML node into the solution Directory.Packages.props file to version the package. 
paket add ProcExp152SysDotNetProxy --version 2.0.0
                    


                    

                
#r "nuget: ProcExp152SysDotNetProxy, 2.0.0"
#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package. 
#:package ProcExp152SysDotNetProxy@2.0.0
#:package directive can be used in C# file-based apps starting in .NET 10 preview 4. Copy this into a .cs file before any lines of code to reference the package. 
#addin nuget:?package=ProcExp152SysDotNetProxy&version=2.0.0
                    


                            Install as a Cake Addin
                        

                    

                
#tool nuget:?package=ProcExp152SysDotNetProxy&version=2.0.0
                    


                            Install as a Cake Tool

ProcExpSys152DotNetProxy

.Net library for interfacing with the PROCEXP152.SYS driver.<br> The following functionality is supported:

  • Open protected process handle
  • Close Handle
  • Get handle type and name

The library includes the PROCEXP152.SYS driver and automatically extracts it if needed.

There are also helper classes for:

  • Get all handles in the system
  • Convert file handle names to disk-based file names

Prerequisites

  • Windows x86, x64 or arm64

Examples

Getting information about all handles in the system

// Load the driver service
var driver = new ProcExp152Sys();

// Get all handles in the system
var handles = SystemHandlesRetriever.QuerySystemHandleInformation();

// Create the converter to convert device-based paths to disk letter-based paths:
//  "\\Device\HarddiskVolume3\Windows\System32\en-US\KernelBase.dll.mui" -> "C:\Windows\System32\en-US\KernelBase.dll.mui"
var fileNameConverter = new FileHandleNameConverter();

// Iterate through all handles and print their type and name using the ProcExp152 driver
foreach (var handle in handles)
{
    var handleType = driver.GetHandleType(handle);
    var handleName = driver.GetHandleName(handle);

    // If handle is a file, we can get its full file name using a fileNameConverter
    if (handleType == "File" && handleName != null)
    {
        var handleFilePath = fileNameConverter.ToDriveLetterBasedFullName(handleName);

        // Not all file handles are actual files, thus the conversion might fail
        if (handleFilePath != null)
        {
            Console.WriteLine($"pid={handle.UniqueProcessId}; type={handleType}; name={handleFilePath}");
            continue;
        }
    }

    Console.WriteLine($"pid={handle.UniqueProcessId}; type={handleType}; name={handleName}");
}

Close a particular handle

// Load the driver service
var driver = new ProcExp152Sys();

// Get all handles in the system
var handles = SystemHandlesRetriever.QuerySystemHandleInformation();

// Create the converter to convert device-based paths to disk letter-based paths:
//  "\\Device\HarddiskVolume3\Windows\System32\en-US\KernelBase.dll.mui" -> "C:\Windows\System32\en-US\KernelBase.dll.mui"
var fileNameConverter = new FileHandleNameConverter();

// Iterate through all handles and look for a specific file handle
foreach (var handle in handles)
{
    var handleType = driver.GetHandleType(handle);
    var handleName = driver.GetHandleName(handle);

    if (handleType == "File" && handleName != null)
    {
        var handleFilePath = fileNameConverter.ToDriveLetterBasedFullName(handleName);
        if (handleFilePath == @"C:\my\repo\someFile.pdf")
        {
            // Close the handle
            driver.CloseHandle(handle);
            break;
        }
    }
}

Details

PROCEXP152.SYS is a Windows kernel driver that is part of the Sysinternals Process Explorer and Handle. It is used to get access to privileged processes and handles. For example, it allows access to handles of a System (pid=4) process, which is not possible by conventional means.<br> Even though it is possible to use NtDll to get handle names. It has a bug when a method to get the name or type of a handle hangs the calling thread without any way to recover (issue). Thus, the PROCEXP152.sys driver is the only reliable way to do that.

Example of a potential use case for this library

Making utilities like Backstab in C#.

Product Compatible and additional computed target framework versions.
.NET net5.0 was computed.  net5.0-windows was computed.  net6.0 was computed.  net6.0-android was computed.  net6.0-ios was computed.  net6.0-maccatalyst was computed.  net6.0-macos was computed.  net6.0-tvos was computed.  net6.0-windows was computed.  net7.0 was computed.  net7.0-android was computed.  net7.0-ios was computed.  net7.0-maccatalyst was computed.  net7.0-macos was computed.  net7.0-tvos was computed.  net7.0-windows was computed.  net8.0 was computed.  net8.0-android was computed.  net8.0-browser was computed.  net8.0-ios was computed.  net8.0-maccatalyst was computed.  net8.0-macos was computed.  net8.0-tvos was computed.  net8.0-windows was computed.  net9.0 was computed.  net9.0-android was computed.  net9.0-browser was computed.  net9.0-ios was computed.  net9.0-maccatalyst was computed.  net9.0-macos was computed.  net9.0-tvos was computed.  net9.0-windows was computed.  net10.0 was computed.  net10.0-android was computed.  net10.0-browser was computed.  net10.0-ios was computed.  net10.0-maccatalyst was computed.  net10.0-macos was computed.  net10.0-tvos was computed.  net10.0-windows was computed. 
.NET Core netcoreapp2.0 was computed.  netcoreapp2.1 was computed.  netcoreapp2.2 was computed.  netcoreapp3.0 was computed.  netcoreapp3.1 was computed. 
.NET Standard netstandard2.0 is compatible.  netstandard2.1 was computed. 
.NET Framework net461 was computed.  net462 was computed.  net463 was computed.  net47 was computed.  net471 was computed.  net472 was computed.  net48 was computed.  net481 was computed. 
MonoAndroid monoandroid was computed. 
MonoMac monomac was computed. 
MonoTouch monotouch was computed. 
Tizen tizen40 was computed.  tizen60 was computed. 
Xamarin.iOS xamarinios was computed. 
Xamarin.Mac xamarinmac was computed. 
Xamarin.TVOS xamarintvos was computed. 
Xamarin.WatchOS xamarinwatchos was computed. 
Compatible target framework(s)
Included target framework(s) (in package)
Learn more about Target Frameworks and .NET Standard.

NuGet packages

This package is not used by any NuGet packages.

GitHub repositories

This package is not used by any popular GitHub repositories.

Version Downloads Last Updated
2.0.0 105 1/17/2025
1.0.0 80 1/14/2025