PHANDLE_TABLE_ENTRY
NTAPI
ExpLookupHandleTableEntry(IN PHANDLE_TABLE HandleTable,
                          IN EXHANDLE LookupHandle)
{
    ULONG i, j, k, TableLevel, NextHandle;
    ULONG_PTR TableBase;
    PHANDLE_TABLE_ENTRY Entry = NULL;
    EXHANDLE Handle = LookupHandle;
    PUCHAR Level1, Level2, Level3;

    /* Clear the tag bits and check what the next handle is */
    Handle.TagBits = 0;
    NextHandle = HandleTable->NextHandleNeedingPool;
    if (Handle.Value >= NextHandle) return NULL;

    /* Get the table code */
    TableBase = (ULONG_PTR)HandleTable->TableCode;

    /* Extract the table level and actual table base */
    TableLevel = (ULONG)(TableBase & 3);
    TableBase = TableBase - TableLevel;

    /* Check what level we're running at */
    switch (TableLevel)
    {
        /* Direct index */
        case 0:

            /* Use level 1 and just get the entry directlry */
            Level1 = (PUCHAR)TableBase;
            Entry = (PVOID)&Level1[Handle.Value *
                                   (sizeof(HANDLE_TABLE_ENTRY) /
                                    SizeOfHandle(1))];
            break;

        /* Nested index into mid level */
        case 1:

            /* Get the second table and index into it */
            Level2 = (PUCHAR)TableBase;
            i = Handle.Value % SizeOfHandle(LOW_LEVEL_ENTRIES);

            /* Substract this index, and get the next one */
            Handle.Value -= i;
            j = Handle.Value /
                (SizeOfHandle(LOW_LEVEL_ENTRIES) / sizeof(PHANDLE_TABLE_ENTRY));

            /* Now get the next table and get the entry from it */
            Level1 = (PUCHAR)*(PHANDLE_TABLE_ENTRY*)&Level2[j];
            Entry = (PVOID)&Level1[i *
                                   (sizeof(HANDLE_TABLE_ENTRY) /
                                    SizeOfHandle(1))];
            break;

        /* Nested index into high level */
        case 2:

            /* Start with the 3rd level table */
            Level3 = (PUCHAR)TableBase;
            i = Handle.Value % SizeOfHandle(LOW_LEVEL_ENTRIES);

            /* Subtract this index and get the index for the next lower table */
            Handle.Value -= i;
            k = Handle.Value /
                (SizeOfHandle(LOW_LEVEL_ENTRIES) / sizeof(PHANDLE_TABLE_ENTRY));

            /* Get the remaining index in the 2nd level table */
            j = k % (MID_LEVEL_ENTRIES * sizeof(PHANDLE_TABLE_ENTRY));

            /* Get the remaining index, which is in the third table */
            k -= j;
            k /= MID_LEVEL_ENTRIES;

            /* Extract the table level for the handle in each table */
            Level2 = (PUCHAR)*(PHANDLE_TABLE_ENTRY*)&Level3[k];
            Level1 = (PUCHAR)*(PHANDLE_TABLE_ENTRY*)&Level2[j];

            /* Get the handle table entry */
            Entry = (PVOID)&Level1[i *
                                   (sizeof(HANDLE_TABLE_ENTRY) /
                                    SizeOfHandle(1))];

        default:

            /* All done */
            break;
    }

    /* Return the handle entry */
    return Entry;
}

    TableLevel = (ULONG)(TableBase & 3);
 이것을 보면 Handle Layer가 몇개인지를 알 수 있는가 보다.

    TableBase = TableBase - TableLevel;

출처 : http://www.koders.com/c/fid3668283AE73B5414C9A800CD8C95E2502B552E8A.aspx?s=worker_main