我用!handle查询的时候,用flag 0xf,但是看到最后一行如下,这是什么原因,有什么办法能看到这个handle关联的Object吗?比如我的handle type是file,我想看到这个file object或者这个file 的路径.
No Object Specific Information available
在内核调试会话中可以呀,比如:
lkd> !handle 0124processor number 0, process 88aba020PROCESS 88aba020 SessionId: 0 Cid: 15f8 Peb: 7ffd4000 ParentCid: 00a8 DirBase: 18900cc0 ObjectTable: e42403c8 HandleCount: 87. Image: windbg.exe
Handle table at e333c000 with 87 Entries in use0124: Object: 88a89028 GrantedAccess: 00120089 Entry: e333c248Object: 88a89028 Type: (8ada4ca0) File ObjectHeader: 88a89010 (old version) HandleCount: 1 PointerCount: 1 Directory Object: 00000000 Name: \symbols\ntdll.pdb\36515FB5D04345E491F672FA2E2878C02\ntdll.pdb {HarddiskVolume2}