HANDLE - File Handles and Directory Handles Structures


Language: C
OS: Windows

My application is framed with nt level apis and has to manipulate file and directory handles. On a Zwopenfile or zwcreate file, I get a HANDLE as a result. Usually the values for the HANDLE are like 0x00000024, 28,2c... etc. When I cast it as a LPBYTE to view the contents. Visual studio shows "Expression could not be evaluated". I understood from that the HANDLE returned from create/open file apis are not pointers to a memory location. However, windows uses the value and performing file operations. Ntquerydirectory object supplies me the infomation about handles. However, how windows have implemented this functionality is unknown. Can anyone throw light on it.

asked on Stack Overflow May 30, 2011 by Muthukumar Palaniappan • edited May 30, 2011 by cpx

4 Answers


That's a so-called "opaque value" which means "it's completely up to Windows how it is done inside. For example, it could be an index in some global table that is not accessible directly to your program - Windows just knows how to get there and you shouldn't even think of doing it.

answered on Stack Overflow May 30, 2011 by sharptooth

Handles are stored in a table accessible only from kernel code. If you are interested in how Windows kernel works, you may find Mark Russinovitch blog or driver development interesting.

answered on Stack Overflow May 30, 2011 by plodoc

The last book I know of that was a good reference for this kind of stuff was Inside Windows 2000 by Mark E. Russinovitch and David A. Solomon. While clearly out of date, a lot of that book is still relevant. Google for "Inside Windows 7" for links to videos of talks by Russinovitch and some other books that I can't vouch for, but seem on topic.

answered on Stack Overflow May 30, 2011 by Chris Becke

HANDLE is actually a pointer to a struct that contains various fields, often they point to some kernel object. HANDLES are generally used when programming in C to have a notion of object oriented programming.

When debugging with WinDbg you have an extension called !handle that can display various information about a given handle.

The book Windows Internals (by Mark Russinovich) goes into great detail about this and many other Windows' mechanisms.

Perhaps you will find this discussion useful: What is a Windows Handle?

Also check out this blog post by Mark: http://blogs.technet.com/b/markrussinovich/archive/2009/09/29/3283844.aspx. It contains alot of information which could help you answer your question.

answered on Stack Overflow May 30, 2011 by Grim • edited May 23, 2017 by Community

User contributions licensed under CC BY-SA 3.0