Techwiki:Win32k/HANDLEENTRY
Windows XP version of User Handle Entrys
typedef struct _HANDLEENTRY { /* 000 */ PHEAD phead; // Pointer to the Object. /* 004 */ PVOID pOwner; // PTI or PPI /* 008 */ BYTE bType; // Object handle type /* 009 */ BYTE bFlags; // Flags /* 00a */ WORD wUniq; // Access count. } HANDLEENTRY, *PHE; // Flags: #define HANDLEF_DESTROY 0x01 #define HANDLEF_INDESTROY 0x02 #define HANDLEF_INWAITFORDEATH 0x04 #define HANDLEF_FINALDESTROY 0x08 #define HANDLEF_MARKED_OK 0x10 #define HANDLEF_GRANTED 0x20 // enum HANDLE_TYPE{ TYPE_FREE = 0 , // 'must be zero! TYPE_WINDOW = 1 , // 'in order of use for C code lookups TYPE_MENU = 2, // TYPE_CURSOR = 3, // TYPE_SETWINDOWPOS = 4, // HDWP TYPE_HOOK = 5, // TYPE_CLIPDATA = 6 , // 'clipboard data TYPE_CALLPROC = 7, // TYPE_ACCELTABLE = 8, // TYPE_DDEACCESS = 9, // TYPE_DDECONV = 10, // TYPE_DDEXACT = 11, // 'DDE transaction tracking info. TYPE_MONITOR = 12, // TYPE_KBDLAYOUT = 13, // 'Keyboard Layout handle (HKL) object. TYPE_KBDFILE = 14, // 'Keyboard Layout file object. TYPE_WINEVENTHOOK = 15,// 'WinEvent hook (EVENTHOOK) TYPE_TIMER = 16, // TYPE_INPUTCONTEXT = 17,// 'Input Context info structure TYPE_HIDDATA = 18, // TYPE_DEVICEINFO = 19, // TYPE_TOUCHINPUT = 20, // 'Ustz' W7U sym tagTOUCHINPUTINFO TYPE_GESTUREINFO = 21, // 'Usgi' TYPE_CTYPES = 22, // 'Count of TYPEs; Must be LAST + 1 TYPE_GENERIC = 255 // 'used for generic handle validation };
References
- http://my.opera.com/bluewish/blog/show.dml/301069
- http://hi.baidu.com/isreverse/blog/item/04f0b758ca02c383810a1856.html
- http://forum.sources.ru/index.php?showtopic=237646
- Windows Symbol files, userkdx.dll, !dso