怎么得到所有打开内核对象的对象

如何得到所有打开内核对象的对象
函数NtQueryObject可以得到一些内核对象信息，但是远远不够，

我想要知道都有谁打开了这个内核对象，《深入解析Windows操作系统》里面说，一个内核对象存在一个“已打开句柄的列表”，该列表记录了所有打开内核对象的对象的相关信息，可是如何得到他呢？

[解决办法]
vs2008 debug unicode（Use Unicode Character Set）

C/C++ code

#include "stdafx.h"#include <iostream>#include <wtypes.h>#include <NTSecAPI.h>#include <winbase.h>using namespace std;/*****************************************************************/typedef enum _SYSTEM_INFORMATION_CLASS {    SystemBasicInformation, // 0 Y N    SystemProcessorInformation, // 1 Y N    SystemPerformanceInformation, // 2 Y N    SystemTimeOfDayInformation, // 3 Y N    SystemNotImplemented1, // 4 Y N    SystemProcessesAndThreadsInformation, // 5 Y N    SystemCallCounts, // 6 Y N    SystemConfigurationInformation, // 7 Y N    SystemProcessorTimes, // 8 Y N    SystemGlobalFlag, // 9 Y Y    SystemNotImplemented2, // 10 Y N    SystemModuleInformation, // 11 Y N    SystemLockInformation, // 12 Y N    SystemNotImplemented3, // 13 Y N    SystemNotImplemented4, // 14 Y N    SystemNotImplemented5, // 15 Y N    SystemHandleInformation, // 16 Y N    SystemObjectInformation, // 17 Y N    SystemPagefileInformation, // 18 Y N    SystemInstructionEmulationCounts, // 19 Y N    SystemInvalidInfoClass1, // 20    SystemCacheInformation, // 21 Y Y    SystemPoolTagInformation, // 22 Y N    SystemProcessorStatistics, // 23 Y N    SystemDpcInformation, // 24 Y Y    SystemNotImplemented6, // 25 Y N    SystemLoadImage, // 26 N Y    SystemUnloadImage, // 27 N Y    SystemTimeAdjustment, // 28 Y Y    SystemNotImplemented7, // 29 Y N    SystemNotImplemented8, // 30 Y N    SystemNotImplemented9, // 31 Y N    SystemCrashDumpInformation, // 32 Y N    SystemExceptionInformation, // 33 Y N    SystemCrashDumpStateInformation, // 34 Y Y/N    SystemKernelDebuggerInformation, // 35 Y N    SystemContextSwitchInformation, // 36 Y N    SystemRegistryQuotaInformation, // 37 Y Y    SystemLoadAndCallImage, // 38 N Y    SystemPrioritySeparation, // 39 N Y    SystemNotImplemented10, // 40 Y N    SystemNotImplemented11, // 41 Y N    SystemInvalidInfoClass2, // 42    SystemInvalidInfoClass3, // 43    SystemTimeZoneInformation, // 44 Y N    SystemLookasideInformation, // 45 Y N    SystemSetTimeSlipEvent, // 46 N Y    SystemCreateSession, // 47 N Y    SystemDeleteSession, // 48 N Y    SystemInvalidInfoClass4, // 49    SystemRangeStartInformation, // 50 Y N    SystemVerifierInformation, // 51 Y Y    SystemAddVerifier, // 52 N Y    SystemSessionProcessesInformation // 53 Y N}SYSTEM_INFORMATION_CLASS, *PSYSTEM_INFORMATION_CLASS;/***********************************************************************        Members        ProcessId        The process identifier of the owner of the handle.        ObjectTypeNumber        A number which identifies the type of object to which the handle refers.The number        can be translated to a name by using the information returned by ZwQueryObject.        Flags        A bit array of flags that specify properties of the handle.        Handle        The numeric value of the handle.        Object        The address of the kernel object to which the handle refers.***********************************************************************/typedef struct _SYSTEM_HANDLE_INFORMATION {ULONG ProcessId;UCHAR ObjectTypeNumber;UCHAR Flags;  USHORT Handle;PVOID Object;ACCESS_MASK GrantedAccess;} SYSTEM_HANDLE_INFORMATION, *PSYSTEM_HANDLE_INFORMATION;typedef enum _OBJECT_INFORMATION_CLASS {    ObjectBasicInformation,    ObjectNameInformation,    ObjectTypeInformation,    ObjectAllInformation,    ObjectDataInformation} OBJECT_INFORMATION_CLASS, *POBJECT_INFORMATION_CLASS;typedef enum _POOL_TYPE {  NonPagedPool,  PagedPool,  NonPagedPoolMustSucceed,  DontUseThisType,  NonPagedPoolCacheAligned,  PagedPoolCacheAligned,  NonPagedPoolCacheAlignedMustS} POOL_TYPE;typedef struct _OBJECT_TYPE_INFORMATION {    UNICODE_STRING TypeName;    ULONG TotalNumberOfHandles;    ULONG TotalNumberOfObjects;    WCHAR Unused1[8];    ULONG HighWaterNumberOfHandles;    ULONG HighWaterNumberOfObjects;    WCHAR Unused2[8];    ACCESS_MASK InvalidAttributes;    GENERIC_MAPPING GenericMapping;    ACCESS_MASK ValidAttributes;    BOOLEAN SecurityRequired;    BOOLEAN MaintainHandleCount;    USHORT MaintainTypeList;    POOL_TYPE PoolType;    ULONG DefaultPagedPoolCharge;    ULONG DefaultNonPagedPoolCharge;} OBJECT_TYPE_INFORMATION, *POBJECT_TYPE_INFORMATION;typedef struct _OBJECT_ALL_INFORMATION {    ULONG NumberOfObjectsTypes;    OBJECT_TYPE_INFORMATION ObjectTypeInformation[1];} OBJECT_ALL_INFORMATION, *POBJECT_ALL_INFORMATION;typedef struct _OBJECT_NAME_INFORMATION {    UNICODE_STRING Name;    WCHAR NameBuffer[0];} OBJECT_NAME_INFORMATION, *POBJECT_NAME_INFORMATION;typedef NTSTATUS (NTAPI *ZWQUERYSYSTEMINFORMATION )(    IN SYSTEM_INFORMATION_CLASS SystemInformationClass,    OUT PVOID SystemInformation,    IN ULONG SystemInformationLength,    OUT PULONG ReturnLength OPTIONAL );typedef NTSTATUS (NTAPI *NTQUERYOBJECT)(    IN HANDLE ObjectHandle,    IN OBJECT_INFORMATION_CLASS ObjectInformationClass,    OUT PVOID ObjectInformation,    IN ULONG Length,    OUT PULONG ResultLength ); /*****************************************************************/#define NT_SUCCESS(x) ((x)>=0)#define _UNICODEHANDLE GetProcessKernelObject(DWORD ProcessId){    HMODULE hNtDll = NULL;    ZWQUERYSYSTEMINFORMATION pfnZwQuerySystemInformation = NULL;    NTQUERYOBJECT pfnNtQueryObject = NULL;    PSYSTEM_HANDLE_INFORMATION pSysHandleInfo = NULL;    POBJECT_ALL_INFORMATION pAllInfo =NULL;    POBJECT_NAME_INFORMATION pNameInfo = NULL;    ULONG nNumberHandle =0;    NTSTATUS ntStatus = 0;    ULONG ulSize,ulCount;    char cInfoBuffer[0x10000];    char *cBuffer = new char[0x100000]; //这个需要足够大，否则会返回STATUS_INFO_LENGTH_MISMATCH(0xC0000004)    hNtDll = GetModuleHandle(TEXT("ntdll.dll"));    pfnZwQuerySystemInformation = (ZWQUERYSYSTEMINFORMATION)GetProcAddress(hNtDll,"ZwQuerySystemInformation");    pfnNtQueryObject = (NTQUERYOBJECT)GetProcAddress(hNtDll,"NtQueryObject");    ntStatus = pfnZwQuerySystemInformation(SystemHandleInformation,cBuffer,0x100000,&ulSize);    if(NT_SUCCESS(ntStatus))    {        DWORD n = ulSize/sizeof(SYSTEM_HANDLE_INFORMATION);        nNumberHandle = *(PULONG)cBuffer;        pSysHandleInfo = (PSYSTEM_HANDLE_INFORMATION)(cBuffer +4);        ulCount = 0;        for(ULONG i=0;i!=nNumberHandle;++i)        {            if(pSysHandleInfo[i].ProcessId != ProcessId)                continue;            //下面用ObjectNameInformation测试，根据需要你也可以使用ObjectAllInformation            //ntStatus = pfnNtQueryObject((HANDLE)pSysHandleInfo[i].Handle,ObjectAllInformation,cInfoBuffer,0x10000,&ulSize);            ntStatus = pfnNtQueryObject((HANDLE)pSysHandleInfo[i].Handle,ObjectNameInformation,cInfoBuffer,0x10000,&ulSize);            if(NT_SUCCESS(ntStatus))            {            //    pAllInfo = (POBJECT_ALL_INFORMATION)cInfoBuffer;                pNameInfo = (POBJECT_NAME_INFORMATION)cInfoBuffer;                if(_tcsstr(pNameInfo->NameBuffer, _T("TEST_SELF")) != 0)                {                    cout<<"get"<<endl;                    break;                }            }        }    }    return NULL;}int main(){    HANDLE hTest= CreateMutex(NULL, FALSE, _T("TEST_SELF"));    GetProcessKernelObject(GetCurrentProcessId());    getchar();    return 1;} 
 
[解决办法]
3楼又惊现语法高亮Bug！