SYSTEM_HANDLE_INFORMATION
is an undocumented structure used to retrieve information about open
handles in a Windows system. This structure is utilized by the
NtQuerySystemInformation() function.
typedef struct _SYSTEM_HANDLE_INFORMATION {
ULONG NumberOfHandles; // number of handles
SYSTEM_HANDLE_TABLE_ENTRY_INFO Handles[1]; // array of SYSTEM_HANDLE_TABLE_ENTRY_INFO structures describing each handle
} SYSTEM_HANDLE_INFORMATION, *PSYSTEM_HANDLE_INFORMATION;NtQuerySystemInformation()
retrieves specified system information such as CPU count, code integrity
status, process details, etc. It’s located in the
ntdll.dll.
NTSTATUS NtQuerySystemInformation(
SYSTEM_INFORMATION_CLASS SystemInformationClass, // the kind of system info to retrieve
PVOID SystemInformation, // buffer for the returned info
ULONG SystemInformationLength, // size of the buffer in bytes
PULONG ReturnLength // optional: receives the size of the returned data
);Return Value:
Returns an NTSTATUS success or error code.
RtlGetNtVersionNumbers()
fetches the Windows version numbers directly from NTDLL. Also located in
ntdll.dll.
VOID RtlGetNtVersionNumbers(
DWORD * MajorVersion, // Windows major number, e.g., 10
DWORD * MinorVersion, // Windows minor number, e.g., 0
DWORD * BuildNumber // Build number, e.g., 17763
);