PROCESS_HANDLE_TRACING_QUERY - NtDoc

Native API online documentation, based on the System Informer (formerly Process Hacker) phnt headers 
#ifndef _NTPSAPI_H
#if (PHNT_MODE != PHNT_MODE_KERNEL)

/**
 * The PROCESS_HANDLE_TRACING_QUERY structure is used to query all handle events or a specific handle event for a process.
 */
typedef struct _PROCESS_HANDLE_TRACING_QUERY
{
    _In_opt_ HANDLE Handle;
    _Out_ ULONG TotalTraces;
    _Out_ _Field_size_(TotalTraces) PROCESS_HANDLE_TRACING_ENTRY HandleTrace[1];
} PROCESS_HANDLE_TRACING_QUERY, *PPROCESS_HANDLE_TRACING_QUERY;

#endif
#endif

View code on GitHub

NtDoc

This structure contains returned handle tracing records for the process.

Applicable to

Members

Handle

On input, specifies an optional handle value to filter the returned entries. Set this field to NULL to disable filtering.

TotalTraces

On output, contains the number of returned entries in the HandleTrace field.

HandleTrace

On output, contains an array of handle tracing entries. See PROCESS_HANDLE_TRACING_ENTRY for more details.

See also

Edit description on GitHub