I need to check certain behavior in process creation events in windows, i need to implement a rule that check the startupinfo structure passed to createprocess api call and extracting the std input/std output handles values for the created process. Then i have to check if this handle is belong to tcp socket or not. Is there any api function that might help me to get any info about the handle number i have (whether it's file handle or socket handle)?
Use the GetFileType() function
Retrieves the file type of the specified file.
Syntax
DWORD WINAPI GetFileType( _In_ HANDLE hFile );Parameters
hFile [in]
A handle to the file.
Return value
The function returns one of the following values.
FILE_TYPE_CHAR
The specified file is a character file, typically an LPT device or a console.
FILE_TYPE_DISK
The specified file is a disk file.
FILE_TYPE_PIPE
The specified file is a socket, a named pipe, or an anonymous pipe.
FILE_TYPE_REMOTE
Unused.
FILE_TYPE_UNKNOWN
Either the type of the specified file is unknown, or the function failed