是否有SYSTEM_HANDLE_ENTRY.ObjectType的可能值列表?

时间:2016-08-23 10:25:31

标签: winapi pinvoke

我正在编写一个列出打开文件句柄的程序。我实际上得到了太多结果。我的列表包括病毒扫描程序等内容。我得到了一堆对象类型43,看起来不像我想要的那样。在任何地方都有这些值的列表吗?

1 个答案:

答案 0 :(得分:2)

您可以通过指定val data = input.map(r => Rating(r.getString(0).toInt, r.getString(1).toInt, r.getLong(2))).cache val rank = 20 val alpha = 40 val maxIter = 10 val lambda = 0.05 val checkpointIterval = 5 val als = new ALS() .setImplicitPrefs(true) .setCheckpointInterval(checkpointIterval) .setRank(rank) .setAlpha(alpha) .setIterations(maxIter) .setLambda(lambda) val model = als.run(ratings) val recommendations = model.recommendProductsForUsers(200) recommendations.saveAsTextFile(outdir) 信息类来致电NtQueryObject。这将为您提供有关当前在系统中注册的所有对象类型的信息。使用ObjectTypesInformation作为返回数组的索引,以获取有关相应对象类型的信息。或者,您可以使用SYSTEM_HANDLE_ENTRY.ObjectTypeNtQueryObject来获取有关给定对象的类型信息(由其句柄指定)。

此代码应检索有关所有类型对象的信息。

ObjectTypeInformation

如上述评论中所述,这些内容完全没有记录。但是,上面的代码(略有修改......例如,您需要获取typedef enum _OBJECT_INFORMATION_CLASS { ObjectBasicInformation, ObjectNameInformation, ObjectTypeInformation, ObjectTypesInformation, ObjectHandleFlagInformation, ObjectSessionInformation, } OBJECT_INFORMATION_CLASS; typedef struct _OBJECT_TYPE_INFORMATION { UNICODE_STRING TypeName; ULONG TotalNumberOfObjects; ULONG TotalNumberOfHandles; ULONG TotalPagedPoolUsage; ULONG TotalNonPagedPoolUsage; ULONG TotalNamePoolUsage; ULONG TotalHandleTableUsage; ULONG HighWaterNumberOfObjects; ULONG HighWaterNumberOfHandles; ULONG HighWaterPagedPoolUsage; ULONG HighWaterNonPagedPoolUsage; ULONG HighWaterNamePoolUsage; ULONG HighWaterHandleTableUsage; ULONG InvalidAttributes; GENERIC_MAPPING GenericMapping; ULONG ValidAccessMask; BOOLEAN SecurityRequired; BOOLEAN MaintainHandleCount; ULONG PoolType; ULONG DefaultPagedPoolCharge; ULONG DefaultNonPagedPoolCharge; } OBJECT_TYPE_INFORMATION, *POBJECT_TYPE_INFORMATION; typedef struct _OBJECT_TYPES_INFORMATION { LONG NumberOfTypes; // OBJECT_TYPE_INFORMATION TypeInformation [1]; } OBJECT_TYPES_INFORMATION, *POBJECT_TYPES_INFORMATION; NTSTATUS QueryObjectTypesInfo(POBJECT_TYPES_INFORMATION *TypesInfo) { ULONG StartBufferLength = 28; ULONG BufferLength = 0; NTSTATUS status = 0xC0000001; status = STATUS_SUCCESS; *TypesInfo = (POBJECT_TYPES_INFORMATION)malloc(StartBufferLength); if (*TypesInfo != NULL) { status = NtQueryObject(NULL, ObjectTypesInformation, TypesInfo, StartBufferLength, &BufferLength); if (status == STATUS_INFO_LENGTH_MISMATCH) { *TypesInfo = NULL; while (status == STATUS_INFO_LENGTH_MISMATCH) { if (*TypesInfo != NULL) free(*TypesInfo); *TypesInfo = (POBJECT_TYPES_INFORMATION)malloc(BufferLength); if (*TypesInfo != NULL) status = NtQueryObject(NULL, ObjectTypesInformation, *TypesInfo, BufferLength, &BufferLength); else status = STATUS_INSUFFICIENT_RESOURCES; } if (!NT_SUCCESS(status)) { if (*TypesInfo != NULL) { free(*TypesInfo); *TypesInfo = NULL; } } } } else status = STATUS_INSUFFICIENT_RESOURCES; return status; } 例程的地址并定义一些NtQueryObject内容)适用于64位Windows 8.1。

要获得完整的代码(在捷克语中已经很老了,请注释),请从我的(捷克语)网站下载此项目: https://jadro-windows.cz/download/ntqueryobject.zip

使用NTSTATUS命令获取类型信息

相关问题
最新问题