内核中的_OBJECT_INFORMATION_CLASS 结构
实际上这个枚举类型有5种
typedef enum _OBJECT_INFORMATION_CLASS {
ObjectBasicInformation,
ObjectNameInformation,
ObjectTypeInformation,
ObjectAllInformation,
ObjectDataInformation
}
OBJECT_INFORMATION_CLASS, *POBJECT_INFORMATION_CLASS;
但在microsoft的文档中只有两项
OBJECT_INFORMATION_CLASS
The OBJECT_INFORMATION_CLASS enumeration type represents the type of information to supply about an object.
typedef enum _OBJECT_INFORMATION_CLASS {
ObjectBasicInformation=0,
ObjectTypeInformation=2,
}
OBJECT_INFORMATION_CLASS;
Values
ObjectBasicInformation
A PUBLIC_OBJECT_BASIC_INFORMATION structure is supplied.
ObjectTypeInformation
A PUBLIC_OBJECT_TYPE_INFORMATION structure is supplied.
Requirements
Versions: Available starting with Microsoft Windows 2000.
Headers: Defined in Ntifs.h. Include Ntifs.h or Fltkernel.h.
同样的 对于第一种信息类型 ObjectBasicInformation,它的真实的结构是这样的:
typedef struct _OBJECT_BASIC_INFORMATION {
ULONG Attributes;
ACCESS_MASK DesiredAccess;
ULONG HandleCount;
ULONG ReferenceCount;
ULONG PagedPoolUsage;
ULONG NonPagedPoolUsage;
ULONG Reserved;
ULONG NameInformationLength;
ULONG TypeInformationLength;
ULONG SecurityDescriptorLength;
LARGE_INTEGER CreationTime;
}
OBJECT_BASIC_INFORMATION, *POBJECT_BASIC_INFORMATION;
而同样的,这个结构在官方文档有部分没有声明,以下为官方的文档:
typedef struct _PUBLIC_OBJECT_BASIC_INFORMATION {
ULONG Attributes;
ACCESS_MASK GrantedAccess;
ULONG HandleCount;
ULONG PointerCount;
ULONG Reserved;
}
PUBLIC_OBJECT_BASIC_INFORMATION;
PPUBLIC_OBJECT_BASIC_INFORMATION
可见一个 LARGE_INTEGER占2个ULONG
页:
[1]