#ifndef _NTPSAPI_H
#if (PHNT_MODE != PHNT_MODE_KERNEL)

/**
 * The PROCESS_HANDLE_TRACING_ENTRY structure contains information about the handle operation associated with the event.
 */
typedef struct _PROCESS_HANDLE_TRACING_ENTRY
{
    HANDLE Handle;          // The handle associated with the event.
    CLIENT_ID ClientId;     // The process and thread associated with the event.
    ULONG Type;             // The type of handle operation associated with the event.
    PVOID Stacks[16];
} PROCESS_HANDLE_TRACING_ENTRY, *PPROCESS_HANDLE_TRACING_ENTRY;

#endif
#endif
View code on GitHub

This structure contains a single process handle tracing entry.

Applicable to

PROCESS_HANDLE_TRACING_QUERY

Members

Handle

The handle value on which the operation happened.

ClientId

The pair of process and thread IDs that identifies the thread that performed the operation.

Type

The type of the handle operation.

Known values

PROCESS_HANDLE_TRACE_TYPE_OPEN - the handle was opened.
PROCESS_HANDLE_TRACE_TYPE_CLOSE - the handle was closed.
PROCESS_HANDLE_TRACE_TYPE_BADREF - the caller attempted to reference an object using the specified invalid handle value.

Stacks

The stack trace of the operation.