PSS_HANDLE_ENTRY structure

Holds information about a handle returned by PssWalkSnapshot.

Syntax

typedef struct PSS_HANDLE_ENTRY {
  HANDLE           Handle;
  PSS_HANDLE_FLAGS Flags;
  PSS_OBJECT_TYPE  ObjectType;
  FILETIME         CaptureTime;
  DWORD            Attributes;
  DWORD            GrantedAccess;
  DWORD            HandleCount;
  DWORD            PointerCount;
  DWORD            PagedPoolCharge;
  DWORD            NonPagedPoolCharge;
  FILETIME         CreationTime;
  WORD             TypeNameLength;
  wchar_t const    *TypeName;
  WORD             ObjectNameLength;
  wchar_t const    *ObjectName;
  union {
    struct {
      DWORD     ExitStatus;
      void      *PebBaseAddress;
      ULONG_PTR AffinityMask;
      LONG      BasePriority;
      DWORD     ProcessId;
      DWORD     ParentProcessId;
      DWORD     Flags;
    } Process;
    struct {
      DWORD     ExitStatus;
      void      *TebBaseAddress;
      DWORD     ProcessId;
      DWORD     ThreadId;
      ULONG_PTR AffinityMask;
      int       Priority;
      int       BasePriority;
      void      *Win32StartAddress;
    } Thread;
    struct {
      LONG  CurrentCount;
      BOOL  Abandoned;
      DWORD OwnerProcessId;
      DWORD OwnerThreadId;
    } Mutant;
    struct {
      BOOL ManualReset;
      BOOL Signaled;
    } Event;
    struct {
      void          *BaseAddress;
      DWORD         AllocationAttributes;
      LARGE_INTEGER MaximumSize;
    } Section;
    struct {
      LONG CurrentCount;
      LONG MaximumCount;
    } Semaphore;
  } TypeSpecificInformation;
};

Members

Handle

The handle value.

Flags

Flags that indicate what parts of this structure are valid. For more information, see PSS_HANDLE_FLAGS.

ObjectType

The type of the object that the handle references. For more information, see PSS_OBJECT_TYPE.

CaptureTime

The capture time of this information. For more information, see FILETIME.

Attributes

Attributes.

GrantedAccess

Reserved for use by the operating system.

HandleCount

Reserved for use by the operating system.

PointerCount

Reserved for use by the operating system.

PagedPoolCharge

Reserved for use by the operating system.

NonPagedPoolCharge

Reserved for use by the operating system.

CreationTime

Reserved for use by the operating system.

TypeNameLength

The length of TypeName, in bytes.

TypeName

The type name of the object referenced by this handle. The buffer may not terminated by a NULL character. The pointer is valid for the lifetime of the walk marker passed to PssWalkSnapshot.

ObjectNameLength

The length of ObjectName, in bytes.

ObjectName

Specifies the name of the object referenced by this handle. The buffer may not terminated by a NULL character. The pointer is valid for the lifetime of the walk marker passed to PssWalkSnapshot.

TypeSpecificInformation

Type-specific information.

TypeSpecificInformation.Process.ExitStatus

The exit code of the process. If the process has not exited, this is set to STILL_ACTIVE (259).

TypeSpecificInformation.Process.PebBaseAddress

The address of the process environment block (PEB). Reserved for use by the operating system.

TypeSpecificInformation.Process.AffinityMask

The affinity mask of the process.

TypeSpecificInformation.Process.BasePriority

The base priority level of the process.

TypeSpecificInformation.Process.ProcessId

The process ID.

TypeSpecificInformation.Process.ParentProcessId

The parent process ID.

TypeSpecificInformation.Process.Flags

Flags about the process. For more information, see PSS_PROCESS_FLAGS.

TypeSpecificInformation.Thread.ExitStatus

The exit code of the process. If the process has not exited, this is set to STILL_ACTIVE (259).

TypeSpecificInformation.Thread.TebBaseAddress

The address of the thread environment block (TEB). Reserved for use by the operating system.

TypeSpecificInformation.Thread.ProcessId

The process ID.

TypeSpecificInformation.Thread.ThreadId

The thread ID.

TypeSpecificInformation.Thread.AffinityMask

The affinity mask of the process.

TypeSpecificInformation.Thread.Priority

The thread’s dynamic priority level.

TypeSpecificInformation.Thread.BasePriority

The thread’s base priority level.

TypeSpecificInformation.Thread.Win32StartAddress

A pointer to the thread procedure for the thread.

TypeSpecificInformation.Mutant.CurrentCount

Reserved for use by the operating system.

TypeSpecificInformation.Mutant.Abandoned

TRUE if the mutant has been abandoned (the owning thread exited without releasing the mutex), FALSE if not.

TypeSpecificInformation.Mutant.OwnerProcessId

The process ID of the owning thread, at the time of snapshot creation and handle capture.

TypeSpecificInformation.Mutant.OwnerThreadId

The process ID of the owning thread, at the time of snapshot creation and handle capture.

TypeSpecificInformation.Event.ManualReset

TRUE if the event is manual reset, FALSE if not.

TypeSpecificInformation.Event.Signaled

TRUE if the event was signaled at the time of snapshot creation and handle capture, FALSE if not.

TypeSpecificInformation.Section.BaseAddress

Reserved for use by the operating system.

TypeSpecificInformation.Section.AllocationAttributes

Reserved for use by the operating system.

TypeSpecificInformation.Section.MaximumSize

Reserved for use by the operating system.

Remarks

PssWalkSnapshot returns a PSS_HANDLE_ENTRY structure when the PSS_WALK_INFORMATION_CLASS member that the caller provides it is PSS_WALK_HANDLES.

Requirements

   
Windows version Windows 8.1 [desktop apps only] Windows Server 2012 R2 [desktop apps only]
Header processsnapshot.h

See Also

Process Snapshotting