Menu
From where does this structure originates? I know that it is declared in famous ntdll.h and is a part of undocumented windows API. But isn't it vary between different versions of windows? Is there a way to dump this structure from working system? I tried 'dt SYSTEM_HANLDE_INFORMATION' in Windbg and 'type SYSTEM_HANLDE_INFORMATION' in SoftIce but all I get is 'no such symbol' message. I also dumped ntoskrnl.pdb with PdbDump.exe and searched among the dumped structures - and could not find neither SYSTEM_HANLDE_INFORMATION nor SYSTEM_HANLDE.
Could you help me?
869
You can refer to this paper on CodeProject on querying all open handles to files, where it is defined as:
typedef struct _SYSTEM_HANDLE
{
DWORD dwProcessId;
BYTE bObjectType;
BYTE bFlags;
WORD wValue;
PVOID pAddress;
DWORD GrantedAccess;
}
SYSTEM_HANDLE;
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
