SYSTEM_HANDLE_TABLE_ENTRY_INFO_EX

The SYSTEM_HANDLE_TABLE_ENTRY_INFO_EX structure is a recurring element in the SYSTEM_HANDLE_INFORMATION_EX that a successful call to ZwQuerySystemInformation or NtQuerySystemInformation produces in its output buffer when given the information class SystemExtendedHandleInformation (0x40).

Documentation Status

The SYSTEM_HANDLE_TABLE_ENTRY_INFO_EX structure is not documented.

Layout

The SYSTEM_HANDLE_TABLE_ENTRY_INFO_EX structure is 0x1C or 0x28 bytes in 32-bit and 64-bit Windows, respectively.

Offset (x86) Offset (x64) Definition
0x00 0x00 
PVOID Object;
0x04 0x08 
ULONG_PTR UniqueProcessId;
0x08 0x10 
ULONG_PTR HandleValue;
0x0C 0x18 
ULONG GrantedAccess;
0x10 0x1C 
USHORT CreatorBackTraceIndex;
0x12 0x1E 
USHORT ObjectTypeIndex;
0x14 0x20 
ULONG HandleAttributes;
0x18 0x24 
ULONG Reserved;

This page was created on 9th July 2016 but was not published until 25th October 2016.

Copyright © 2016. Geoff Chappell. All rights reserved. Conditions apply.