(转) SYSTEM_HANDLE_INFORMATION中ObjectTypeIndex的定义
typedef struct _SYSTEM_HANDLE_TABLE_ENTRY_INFO{USHORT UniqueProcessId;
USHORT CreatorBackTraceIndex;
UCHAR ObjectTypeIndex;
UCHAR HandleAttributes;
USHORT HandleValue;
PVOID Object;
ULONG GrantedAccess;
} SYSTEM_HANDLE_TABLE_ENTRY_INFO, *PSYSTEM_HANDLE_TABLE_ENTRY_INFO;
typedef struct _SYSTEM_HANDLE_INFORMATION {
ULONG64 NumberOfHandles;
SYSTEM_HANDLE_TABLE_ENTRY_INFO Handles;
} SYSTEM_HANDLE_INFORMATION, *PSYSTEM_HANDLE_INFORMATION;
ObjectTypeIndex这个值的定义#define OB_TYPE_INDEX_TYPE 1 // "Type"
#define OB_TYPE_INDEX_DIRECTORY 2 // "Directory"
#define OB_TYPE_INDEX_SYMBOLIC_LINK 3 // "SymbolicLink"
#define OB_TYPE_INDEX_TOKEN 4 // "Token"
#define OB_TYPE_INDEX_PROCESS 5 // "Process"
#define OB_TYPE_INDEX_THREAD 6 // "Thread"
#define OB_TYPE_INDEX_JOB 7 // "Job"
#define OB_TYPE_INDEX_EVENT 8 // "Event"
#define OB_TYPE_INDEX_EVENT_PAIR 9 // "EventPair"
#define OB_TYPE_INDEX_MUTANT 10 // "Mutant"
#define OB_TYPE_INDEX_CALLBACK 11 // "Callback"
#define OB_TYPE_INDEX_SEMAPHORE 12 // "Semaphore"
#define OB_TYPE_INDEX_TIMER 13 // "Timer"
#define OB_TYPE_INDEX_PROFILE 14 // "Profile"
#define OB_TYPE_INDEX_WINDOW_STATION 15 // "WindowStation"
#define OB_TYPE_INDEX_DESKTOP 16 // "Desktop"
#define OB_TYPE_INDEX_SECTION 17 // "Section"
#define OB_TYPE_INDEX_KEY 18 // "Key"
#define OB_TYPE_INDEX_PORT 19 // "Port"
#define OB_TYPE_INDEX_WAITABLE_PORT 20 // "WaitablePort"
#define OB_TYPE_INDEX_ADAPTER 21 // "Adapter"
#define OB_TYPE_INDEX_CONTROLLER 22 // "Controller"
#define OB_TYPE_INDEX_DEVICE 23 // "Device"
#define OB_TYPE_INDEX_DRIVER 24 // "Driver"
#define OB_TYPE_INDEX_IO_COMPLETION 25 // "IoCompletion"
#define OB_TYPE_INDEX_FILE 26 // "File"
#define OB_TYPE_INDEX_WMI_GUID 27 // "WmiGuid"来源:<http://www.cnblogs.com/himessage/archive/2012/12/27/2835158.html>typedef struct _SYSTEM_HANDLE_TABLE_ENTRY_INFO{
USHORT UniqueProcessId;
USHORT CreatorBackTraceIndex;
UCHAR ObjectTypeIndex;
UCHAR HandleAttributes;
USHORT HandleValue;
PVOID Object;
ULONG GrantedAccess;
} SYSTEM_HANDLE_TABLE_ENTRY_INFO, *PSYSTEM_HANDLE_TABLE_ENTRY_INFO;
typedef struct _SYSTEM_HANDLE_INFORMATION {
ULONG64 NumberOfHandles;
SYSTEM_HANDLE_TABLE_ENTRY_INFO Handles;
} SYSTEM_HANDLE_INFORMATION, *PSYSTEM_HANDLE_INFORMATION;
ObjectTypeIndex这个值的定义#define OB_TYPE_INDEX_TYPE 1 // "Type"
#define OB_TYPE_INDEX_DIRECTORY 2 // "Directory"
#define OB_TYPE_INDEX_SYMBOLIC_LINK 3 // "SymbolicLink"
#define OB_TYPE_INDEX_TOKEN 4 // "Token"
#define OB_TYPE_INDEX_PROCESS 5 // "Process"
#define OB_TYPE_INDEX_THREAD 6 // "Thread"
#define OB_TYPE_INDEX_JOB 7 // "Job"
#define OB_TYPE_INDEX_EVENT 8 // "Event"
#define OB_TYPE_INDEX_EVENT_PAIR 9 // "EventPair"
#define OB_TYPE_INDEX_MUTANT 10 // "Mutant"
#define OB_TYPE_INDEX_CALLBACK 11 // "Callback"
#define OB_TYPE_INDEX_SEMAPHORE 12 // "Semaphore"
#define OB_TYPE_INDEX_TIMER 13 // "Timer"
#define OB_TYPE_INDEX_PROFILE 14 // "Profile"
#define OB_TYPE_INDEX_WINDOW_STATION 15 // "WindowStation"
#define OB_TYPE_INDEX_DESKTOP 16 // "Desktop"
#define OB_TYPE_INDEX_SECTION 17 // "Section"
#define OB_TYPE_INDEX_KEY 18 // "Key"
#define OB_TYPE_INDEX_PORT 19 // "Port"
#define OB_TYPE_INDEX_WAITABLE_PORT 20 // "WaitablePort"
#define OB_TYPE_INDEX_ADAPTER 21 // "Adapter"
#define OB_TYPE_INDEX_CONTROLLER 22 // "Controller"
#define OB_TYPE_INDEX_DEVICE 23 // "Device"
#define OB_TYPE_INDEX_DRIVER 24 // "Driver"
#define OB_TYPE_INDEX_IO_COMPLETION 25 // "IoCompletion"
#define OB_TYPE_INDEX_FILE 26 // "File"
#define OB_TYPE_INDEX_WMI_GUID 27 // "WmiGuid"来源:<http://www.cnblogs.com/himessage/archive/2012/12/27/2835158.html>
页:
[1]