typedef struct _SYSTEM_HANDLE_TABLE_ENTRY_INFO{	USHORT	UniqueProcessId;	USHORT	CreatorBackTraceIndex;	UCHAR	ObjectTypeIndex;	UCHAR	HandleAttributes;	USHORT	HandleValue;	PVOID	Object;	ULONG	GrantedAccess;} SYSTEM_HANDLE_TABLE_ENTRY_INFO, *PSYSTEM_HANDLE_TABLE_ENTRY_INFO;typedef struct _SYSTEM_HANDLE_INFORMATION {    ULONG64 NumberOfHandles;	SYSTEM_HANDLE_TABLE_ENTRY_INFO Handles[1];} SYSTEM_HANDLE_INFORMATION, *PSYSTEM_HANDLE_INFORMATION;

ObjectTypeIndex这个值的定义

#define OB_TYPE_INDEX_TYPE 1 // [ObjT] "Type"#define OB_TYPE_INDEX_DIRECTORY 2 // [Dire] "Directory"#define OB_TYPE_INDEX_SYMBOLIC_LINK 3 // [Symb] "SymbolicLink"#define OB_TYPE_INDEX_TOKEN 4 // [Toke] "Token"#define OB_TYPE_INDEX_PROCESS 5 // [Proc] "Process"#define OB_TYPE_INDEX_THREAD 6 // [Thre] "Thread"#define OB_TYPE_INDEX_JOB 7 // [Job ] "Job"#define OB_TYPE_INDEX_EVENT 8 // [Even] "Event"#define OB_TYPE_INDEX_EVENT_PAIR 9 // [Even] "EventPair"#define OB_TYPE_INDEX_MUTANT 10 // [Muta] "Mutant"#define OB_TYPE_INDEX_CALLBACK 11 // [Call] "Callback"#define OB_TYPE_INDEX_SEMAPHORE 12 // [Sema] "Semaphore"#define OB_TYPE_INDEX_TIMER 13 // [Time] "Timer"#define OB_TYPE_INDEX_PROFILE 14 // [Prof] "Profile"#define OB_TYPE_INDEX_WINDOW_STATION 15 // [Wind] "WindowStation"#define OB_TYPE_INDEX_DESKTOP 16 // [Desk] "Desktop"#define OB_TYPE_INDEX_SECTION 17 // [Sect] "Section"#define OB_TYPE_INDEX_KEY 18 // [Key ] "Key"#define OB_TYPE_INDEX_PORT 19 // [Port] "Port"#define OB_TYPE_INDEX_WAITABLE_PORT 20 // [Wait] "WaitablePort"#define OB_TYPE_INDEX_ADAPTER 21 // [Adap] "Adapter"#define OB_TYPE_INDEX_CONTROLLER 22 // [Cont] "Controller"#define OB_TYPE_INDEX_DEVICE 23 // [Devi] "Device"#define OB_TYPE_INDEX_DRIVER 24 // [Driv] "Driver"#define OB_TYPE_INDEX_IO_COMPLETION 25 // [IoCo] "IoCompletion"#define OB_TYPE_INDEX_FILE 26 // [File] "File"#define OB_TYPE_INDEX_WMI_GUID 27 // [WmiG] "WmiGuid"

来源： <>

typedef struct _SYSTEM_HANDLE_TABLE_ENTRY_INFO{	USHORT	UniqueProcessId;	USHORT	CreatorBackTraceIndex;	UCHAR	ObjectTypeIndex;	UCHAR	HandleAttributes;	USHORT	HandleValue;	PVOID	Object;	ULONG	GrantedAccess;} SYSTEM_HANDLE_TABLE_ENTRY_INFO, *PSYSTEM_HANDLE_TABLE_ENTRY_INFO;typedef struct _SYSTEM_HANDLE_INFORMATION {    ULONG64 NumberOfHandles;	SYSTEM_HANDLE_TABLE_ENTRY_INFO Handles[1];} SYSTEM_HANDLE_INFORMATION, *PSYSTEM_HANDLE_INFORMATION;

ObjectTypeIndex这个值的定义

#define OB_TYPE_INDEX_TYPE 1 // [ObjT] "Type"#define OB_TYPE_INDEX_DIRECTORY 2 // [Dire] "Directory"#define OB_TYPE_INDEX_SYMBOLIC_LINK 3 // [Symb] "SymbolicLink"#define OB_TYPE_INDEX_TOKEN 4 // [Toke] "Token"#define OB_TYPE_INDEX_PROCESS 5 // [Proc] "Process"#define OB_TYPE_INDEX_THREAD 6 // [Thre] "Thread"#define OB_TYPE_INDEX_JOB 7 // [Job ] "Job"#define OB_TYPE_INDEX_EVENT 8 // [Even] "Event"#define OB_TYPE_INDEX_EVENT_PAIR 9 // [Even] "EventPair"#define OB_TYPE_INDEX_MUTANT 10 // [Muta] "Mutant"#define OB_TYPE_INDEX_CALLBACK 11 // [Call] "Callback"#define OB_TYPE_INDEX_SEMAPHORE 12 // [Sema] "Semaphore"#define OB_TYPE_INDEX_TIMER 13 // [Time] "Timer"#define OB_TYPE_INDEX_PROFILE 14 // [Prof] "Profile"#define OB_TYPE_INDEX_WINDOW_STATION 15 // [Wind] "WindowStation"#define OB_TYPE_INDEX_DESKTOP 16 // [Desk] "Desktop"#define OB_TYPE_INDEX_SECTION 17 // [Sect] "Section"#define OB_TYPE_INDEX_KEY 18 // [Key ] "Key"#define OB_TYPE_INDEX_PORT 19 // [Port] "Port"#define OB_TYPE_INDEX_WAITABLE_PORT 20 // [Wait] "WaitablePort"#define OB_TYPE_INDEX_ADAPTER 21 // [Adap] "Adapter"#define OB_TYPE_INDEX_CONTROLLER 22 // [Cont] "Controller"#define OB_TYPE_INDEX_DEVICE 23 // [Devi] "Device"#define OB_TYPE_INDEX_DRIVER 24 // [Driv] "Driver"#define OB_TYPE_INDEX_IO_COMPLETION 25 // [IoCo] "IoCompletion"#define OB_TYPE_INDEX_FILE 26 // [File] "File"#define OB_TYPE_INDEX_WMI_GUID 27 // [WmiG] "WmiGuid"

来源： <>