Structure SYSTEM_HANDLE_INFORMATION

Question

Structure SYSTEM_HANDLE_INFORMATION

Where did this structure come from? I know that it is declared in the famous ntdll.h file and is part of the undocumented windows API. But doesn’t it depend on different versions of windows? Is there any way to reset this structure from a working system? I tried "dt SYSTEM_HANLDE_INFORMATION" in Windbg and "type SYSTEM_HANLDE_INFORMATION" in SoftIce, but all I get is the message "there is no such character." I also dumped ntoskrnl.pdb with PdbDump.exe and searched among the dropped structures - and could not find either SYSTEM_HANLDE_INFORMATION or SYSTEM_HANLDE.

could you help me?

+4

data-structures sysinternals

striker Mar 30 '10 at 18:20

source share

1 answer

xjdrew · Answer 1 · 2011-03-02T04:08:04+0000

You can refer to this article in CodeProject when requesting all open file descriptors, where it is defined as:

typedef struct _SYSTEM_HANDLE { DWORD dwProcessId; BYTE bObjectType; BYTE bFlags; WORD wValue; PVOID pAddress; DWORD GrantedAccess; } SYSTEM_HANDLE;

Structure SYSTEM_HANDLE_INFORMATION

More articles: