PHANDLE_TABLE_ENTRY
NTAPI
ExpLookupHandleTableEntry(IN PHANDLE_TABLE HandleTable,
IN EXHANDLE LookupHandle)
{
ULONG i, j, k, TableLevel, NextHandle;
ULONG_PTR TableBase;
PHANDLE_TABLE_ENTRY Entry = NULL;
EXHANDLE Handle = LookupHandle;
PUCHAR Level1, Level2, Level3;
/* Clear the tag bits and check what the next handle is */
Handle.TagBits = 0;
NextHandle = HandleTable->NextHandleNeedingPool;
if (Handle.Value >= NextHandle) return NULL;
/* Get the table code */
TableBase = (ULONG_PTR)HandleTable->TableCode;
/* Extract the table level and actual table base */
TableLevel = (ULONG)(TableBase & 3);
TableBase = TableBase - TableLevel;
/* Check what level we're running at */
switch (TableLevel)
{
/* Direct index */
case 0:
/* Use level 1 and just get the entry directlry */
Level1 = (PUCHAR)TableBase;
Entry = (PVOID)&Level1[Handle.Value *
(sizeof(HANDLE_TABLE_ENTRY) /
SizeOfHandle(1))];
break;
/* Nested index into mid level */
case 1:
/* Get the second table and index into it */
Level2 = (PUCHAR)TableBase;
i = Handle.Value % SizeOfHandle(LOW_LEVEL_ENTRIES);
/* Substract this index, and get the next one */
Handle.Value -= i;
j = Handle.Value /
(SizeOfHandle(LOW_LEVEL_ENTRIES) / sizeof(PHANDLE_TABLE_ENTRY));
/* Now get the next table and get the entry from it */
Level1 = (PUCHAR)*(PHANDLE_TABLE_ENTRY*)&Level2[j];
Entry = (PVOID)&Level1[i *
(sizeof(HANDLE_TABLE_ENTRY) /
SizeOfHandle(1))];
break;
/* Nested index into high level */
case 2:
/* Start with the 3rd level table */
Level3 = (PUCHAR)TableBase;
i = Handle.Value % SizeOfHandle(LOW_LEVEL_ENTRIES);
/* Subtract this index and get the index for the next lower table */
Handle.Value -= i;
k = Handle.Value /
(SizeOfHandle(LOW_LEVEL_ENTRIES) / sizeof(PHANDLE_TABLE_ENTRY));
/* Get the remaining index in the 2nd level table */
j = k % (MID_LEVEL_ENTRIES * sizeof(PHANDLE_TABLE_ENTRY));
/* Get the remaining index, which is in the third table */
k -= j;
k /= MID_LEVEL_ENTRIES;
/* Extract the table level for the handle in each table */
Level2 = (PUCHAR)*(PHANDLE_TABLE_ENTRY*)&Level3[k];
Level1 = (PUCHAR)*(PHANDLE_TABLE_ENTRY*)&Level2[j];
/* Get the handle table entry */
Entry = (PVOID)&Level1[i *
(sizeof(HANDLE_TABLE_ENTRY) /
SizeOfHandle(1))];
default:
/* All done */
break;
}
/* Return the handle entry */
return Entry;
}
TableLevel = (ULONG)(TableBase & 3);
이것을 보면 Handle Layer가 몇개인지를 알 수 있는가 보다.
TableBase = TableBase - TableLevel;
출처 : http://www.koders.com/c/fid3668283AE73B5414C9A800CD8C95E2502B552E8A.aspx?s=worker_main
NTAPI
ExpLookupHandleTableEntry(IN PHANDLE_TABLE HandleTable,
IN EXHANDLE LookupHandle)
{
ULONG i, j, k, TableLevel, NextHandle;
ULONG_PTR TableBase;
PHANDLE_TABLE_ENTRY Entry = NULL;
EXHANDLE Handle = LookupHandle;
PUCHAR Level1, Level2, Level3;
/* Clear the tag bits and check what the next handle is */
Handle.TagBits = 0;
NextHandle = HandleTable->NextHandleNeedingPool;
if (Handle.Value >= NextHandle) return NULL;
/* Get the table code */
TableBase = (ULONG_PTR)HandleTable->TableCode;
/* Extract the table level and actual table base */
TableLevel = (ULONG)(TableBase & 3);
TableBase = TableBase - TableLevel;
/* Check what level we're running at */
switch (TableLevel)
{
/* Direct index */
case 0:
/* Use level 1 and just get the entry directlry */
Level1 = (PUCHAR)TableBase;
Entry = (PVOID)&Level1[Handle.Value *
(sizeof(HANDLE_TABLE_ENTRY) /
SizeOfHandle(1))];
break;
/* Nested index into mid level */
case 1:
/* Get the second table and index into it */
Level2 = (PUCHAR)TableBase;
i = Handle.Value % SizeOfHandle(LOW_LEVEL_ENTRIES);
/* Substract this index, and get the next one */
Handle.Value -= i;
j = Handle.Value /
(SizeOfHandle(LOW_LEVEL_ENTRIES) / sizeof(PHANDLE_TABLE_ENTRY));
/* Now get the next table and get the entry from it */
Level1 = (PUCHAR)*(PHANDLE_TABLE_ENTRY*)&Level2[j];
Entry = (PVOID)&Level1[i *
(sizeof(HANDLE_TABLE_ENTRY) /
SizeOfHandle(1))];
break;
/* Nested index into high level */
case 2:
/* Start with the 3rd level table */
Level3 = (PUCHAR)TableBase;
i = Handle.Value % SizeOfHandle(LOW_LEVEL_ENTRIES);
/* Subtract this index and get the index for the next lower table */
Handle.Value -= i;
k = Handle.Value /
(SizeOfHandle(LOW_LEVEL_ENTRIES) / sizeof(PHANDLE_TABLE_ENTRY));
/* Get the remaining index in the 2nd level table */
j = k % (MID_LEVEL_ENTRIES * sizeof(PHANDLE_TABLE_ENTRY));
/* Get the remaining index, which is in the third table */
k -= j;
k /= MID_LEVEL_ENTRIES;
/* Extract the table level for the handle in each table */
Level2 = (PUCHAR)*(PHANDLE_TABLE_ENTRY*)&Level3[k];
Level1 = (PUCHAR)*(PHANDLE_TABLE_ENTRY*)&Level2[j];
/* Get the handle table entry */
Entry = (PVOID)&Level1[i *
(sizeof(HANDLE_TABLE_ENTRY) /
SizeOfHandle(1))];
default:
/* All done */
break;
}
/* Return the handle entry */
return Entry;
}
TableLevel = (ULONG)(TableBase & 3);
이것을 보면 Handle Layer가 몇개인지를 알 수 있는가 보다.
TableBase = TableBase - TableLevel;
출처 : http://www.koders.com/c/fid3668283AE73B5414C9A800CD8C95E2502B552E8A.aspx?s=worker_main
최근 덧글