SYSTEM_HANDLE_INFORMATION结构 [英] SYSTEM_HANDLE_INFORMATION structure

查看:522
本文介绍了SYSTEM_HANDLE_INFORMATION结构的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

这个结构从哪里起源?我知道它在着名的ntdll.h中被声明,并且是未记录的Windows API的一部分。但不同版本的Windows之间是不是有所不同?有没有办法从工作系统转储这种结构?我在Windbg中尝试'dt SYSTEM_HANLDE_INFORMATION',并在SoftIce中键入SYSTEM_HANLDE_INFORMATION,但是我得到的就是'没有这样的符号'信息。我还用PdbDump.exe转储ntoskrnl.pdb并在转储的结构中搜索,并且找不到SYSTEM_HANLDE_INFORMATION和SYSTEM_HANLDE。



你能帮助我吗?

解决方案

你可以参考本文中的CodeProject 查询文件的所有打开句柄,其中定义为:

  typedef struct _SYSTEM_HANDLE 
 {
 DWORD dwProcessId; 
 BYTE bObjectType; 
 BYTE bFlags; 
 WORD wValue; 
 PVOID pAddress; 
 DWORD GrantedAccess; 
} 
 SYSTEM_HANDLE;


From where does this structure originates? I know that it is declared in famous ntdll.h and is a part of undocumented windows API. But isn't it vary between different versions of windows? Is there a way to dump this structure from working system? I tried 'dt SYSTEM_HANLDE_INFORMATION' in Windbg and 'type SYSTEM_HANLDE_INFORMATION' in SoftIce but all I get is 'no such symbol' message. I also dumped ntoskrnl.pdb with PdbDump.exe and searched among the dumped structures - and could not find neither SYSTEM_HANLDE_INFORMATION nor SYSTEM_HANLDE.

Could you help me?

解决方案

you can refer to this paper on CodeProject on querying all open handles to files, where it is defined as:

typedef struct _SYSTEM_HANDLE
{
    DWORD    dwProcessId;
    BYTE     bObjectType;
    BYTE     bFlags;
    WORD     wValue;
    PVOID    pAddress;
    DWORD    GrantedAccess;
}
SYSTEM_HANDLE;

这篇关于SYSTEM_HANDLE_INFORMATION结构的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
其他开发最新文章
热门教程
热门工具
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆