#include <HANDLE_TABLE.hh>

Public Member Functions
virtual std::unique_ptr< const HANDLE_TABLE_ENTRY >	Handle (uint64_t handle) const =0

virtual std::unique_ptr< HANDLE_TABLE_ENTRY >	Handle (uint64_t handle)=0

virtual std::shared_ptr< const DEVICE_OBJECT >	DeviceObject (uint64_t handle) const =0

virtual std::shared_ptr< DEVICE_OBJECT >	DeviceObject (uint64_t handle)=0

virtual std::shared_ptr< const OBJECT_DIRECTORY >	DirectoryObject (uint64_t handle) const =0

virtual std::shared_ptr< OBJECT_DIRECTORY >	DirectoryObject (uint64_t handle)=0

virtual std::shared_ptr< const DRIVER_OBJECT >	DriverObject (uint64_t handle) const =0

virtual std::shared_ptr< DRIVER_OBJECT >	DriverObject (uint64_t handle)=0

virtual std::shared_ptr< const KEVENT >	EventObject (uint64_t handle) const =0

virtual std::shared_ptr< KEVENT >	EventObject (uint64_t handle)=0

virtual std::shared_ptr< const FILE_OBJECT >	FileObject (uint64_t handle) const =0

virtual std::shared_ptr< FILE_OBJECT >	FileObject (uint64_t handle)=0

virtual std::shared_ptr< const CM_KEY_BODY >	KeyObject (uint64_t handle) const =0

virtual std::shared_ptr< CM_KEY_BODY >	KeyObject (uint64_t handle)=0

virtual std::shared_ptr< const PROCESS >	ProcessObject (uint64_t handle) const =0

virtual std::shared_ptr< PROCESS >	ProcessObject (uint64_t handle)=0

virtual std::shared_ptr< const SECTION >	SectionObject (uint64_t handle) const =0

virtual std::shared_ptr< SECTION >	SectionObject (uint64_t handle)=0

virtual std::shared_ptr< const OBJECT_SYMBOLIC_LINK >	SymbolicLinkObject (uint64_t handle) const =0

virtual std::shared_ptr< OBJECT_SYMBOLIC_LINK >	SymbolicLinkObject (uint64_t handle)=0

virtual std::shared_ptr< const THREAD >	ThreadObject (uint64_t handle) const =0

virtual std::shared_ptr< THREAD >	ThreadObject (uint64_t handle)=0

virtual std::shared_ptr< const TOKEN >	TokenObject (uint64_t handle) const =0

virtual std::shared_ptr< TOKEN >	TokenObject (uint64_t handle)=0

virtual std::shared_ptr< const OBJECT_TYPE >	TypeObject (uint64_t handle) const =0

virtual std::shared_ptr< OBJECT_TYPE >	TypeObject (uint64_t handle)=0

virtual std::shared_ptr< const OBJECT >	Object (uint64_t handle) const =0

virtual std::shared_ptr< OBJECT >	Object (uint64_t handle)=0

virtual std::vector< std::unique_ptr< const HANDLE_TABLE_ENTRY > >	open_handles () const =0

virtual int32_t	HandleCount () const =0

virtual uint32_t	NextHandleNeedingPool () const =0

virtual	~HANDLE_TABLE ()=default

Detailed Description

Window's uses handle tables to store references to kernel objects

Constructor & Destructor Documentation

◆ ~HANDLE_TABLE()

virtual introvirt::windows::nt::HANDLE_TABLE::~HANDLE_TABLE ( )

virtualdefault

Member Function Documentation

◆ DeviceObject() [1/2]

virtual std::shared_ptr< const DEVICE_OBJECT > introvirt::windows::nt::HANDLE_TABLE::DeviceObject ( uint64_t handle ) const

pure virtual

Lookup a DEVICE_OBJECT by handle number

Returns: The DEVICE_OBJECT, or nullptr if the handle was invalid.

◆ DeviceObject() [2/2]

virtual std::shared_ptr< DEVICE_OBJECT > introvirt::windows::nt::HANDLE_TABLE::DeviceObject ( uint64_t handle )

pure virtual

◆ DirectoryObject() [1/2]

virtual std::shared_ptr< const OBJECT_DIRECTORY > introvirt::windows::nt::HANDLE_TABLE::DirectoryObject ( uint64_t handle ) const

pure virtual

Lookup an OBJECT_DIRECTORY by handle number

Returns: The OBJECT_DIRECTORY, or nullptr if the handle was invalid.

◆ DirectoryObject() [2/2]

virtual std::shared_ptr< OBJECT_DIRECTORY > introvirt::windows::nt::HANDLE_TABLE::DirectoryObject ( uint64_t handle )

pure virtual

◆ DriverObject() [1/2]

virtual std::shared_ptr< const DRIVER_OBJECT > introvirt::windows::nt::HANDLE_TABLE::DriverObject ( uint64_t handle ) const

pure virtual

Lookup a DRIVER_OBJECT by handle number

Returns: The DRIVER_OBJECT, or nullptr if the handle was invalid.

◆ DriverObject() [2/2]

virtual std::shared_ptr< DRIVER_OBJECT > introvirt::windows::nt::HANDLE_TABLE::DriverObject ( uint64_t handle )

pure virtual

◆ EventObject() [1/2]

virtual std::shared_ptr< const KEVENT > introvirt::windows::nt::HANDLE_TABLE::EventObject ( uint64_t handle ) const

pure virtual

Lookup a KEVENT by handle number

Returns: The KEVENT, or nullptr if the handle was invalid.

◆ EventObject() [2/2]

virtual std::shared_ptr< KEVENT > introvirt::windows::nt::HANDLE_TABLE::EventObject ( uint64_t handle )

pure virtual

◆ FileObject() [1/2]

virtual std::shared_ptr< const FILE_OBJECT > introvirt::windows::nt::HANDLE_TABLE::FileObject ( uint64_t handle ) const

pure virtual

Lookup a FILE_OBJECT by handle number

Returns: The FILE_OBJECT, or nullptr if the handle was invalid.

◆ FileObject() [2/2]

virtual std::shared_ptr< FILE_OBJECT > introvirt::windows::nt::HANDLE_TABLE::FileObject ( uint64_t handle )

pure virtual

◆ Handle() [1/2]

virtual std::unique_ptr< const HANDLE_TABLE_ENTRY > introvirt::windows::nt::HANDLE_TABLE::Handle ( uint64_t handle ) const

pure virtual

Lookup a handle by number

Parameters

handle A handle number to retrieve

Returns: A HANDLE_TABLE_ENTRY value. Can be used to create an OBJECT_HEADER.

◆ Handle() [2/2]

virtual std::unique_ptr< HANDLE_TABLE_ENTRY > introvirt::windows::nt::HANDLE_TABLE::Handle ( uint64_t handle )

pure virtual

◆ HandleCount()

virtual int32_t introvirt::windows::nt::HANDLE_TABLE::HandleCount ( ) const

pure virtual

Returns: The number of open handles.

◆ KeyObject() [1/2]

virtual std::shared_ptr< const CM_KEY_BODY > introvirt::windows::nt::HANDLE_TABLE::KeyObject ( uint64_t handle ) const

pure virtual

Lookup a CM_KEY_BODY by handle number

Returns: The CM_KEY_BODY, or nullptr if the handle was invalid.

◆ KeyObject() [2/2]

virtual std::shared_ptr< CM_KEY_BODY > introvirt::windows::nt::HANDLE_TABLE::KeyObject ( uint64_t handle )

pure virtual

◆ NextHandleNeedingPool()

virtual uint32_t introvirt::windows::nt::HANDLE_TABLE::NextHandleNeedingPool ( ) const

pure virtual

Returns: The next handle that would require additional memory allocation

◆ Object() [1/2]

virtual std::shared_ptr< const OBJECT > introvirt::windows::nt::HANDLE_TABLE::Object ( uint64_t handle ) const

pure virtual

Lookup an object by handle number

Parameters

handle A handle number to retrieve

Returns: A pointer to an OBJECT object. Do not delete.

◆ Object() [2/2]

virtual std::shared_ptr< OBJECT > introvirt::windows::nt::HANDLE_TABLE::Object ( uint64_t handle )

pure virtual

◆ open_handles()

virtual std::vector< std::unique_ptr< const HANDLE_TABLE_ENTRY > > introvirt::windows::nt::HANDLE_TABLE::open_handles ( ) const

pure virtual

Returns: The list of open handles.

◆ ProcessObject() [1/2]

virtual std::shared_ptr< const PROCESS > introvirt::windows::nt::HANDLE_TABLE::ProcessObject ( uint64_t handle ) const

pure virtual

Lookup a PROCESS by handle number

Returns: The PROCESS, or nullptr if the handle was invalid.

◆ ProcessObject() [2/2]

virtual std::shared_ptr< PROCESS > introvirt::windows::nt::HANDLE_TABLE::ProcessObject ( uint64_t handle )

pure virtual

◆ SectionObject() [1/2]

virtual std::shared_ptr< const SECTION > introvirt::windows::nt::HANDLE_TABLE::SectionObject ( uint64_t handle ) const

pure virtual

Lookup an SECTION by handle number

Returns: The SECTION, or nullptr if the handle was invalid.

◆ SectionObject() [2/2]

virtual std::shared_ptr< SECTION > introvirt::windows::nt::HANDLE_TABLE::SectionObject ( uint64_t handle )

pure virtual

◆ SymbolicLinkObject() [1/2]

virtual std::shared_ptr< const OBJECT_SYMBOLIC_LINK > introvirt::windows::nt::HANDLE_TABLE::SymbolicLinkObject ( uint64_t handle ) const

pure virtual

Lookup an OBJECT_SYMBOLIC_LINK by handle number

Returns: The OBJECT_SYMBOLIC_LINK, or nullptr if the handle was invalid.

◆ SymbolicLinkObject() [2/2]

virtual std::shared_ptr< OBJECT_SYMBOLIC_LINK > introvirt::windows::nt::HANDLE_TABLE::SymbolicLinkObject ( uint64_t handle )

pure virtual

◆ ThreadObject() [1/2]

virtual std::shared_ptr< const THREAD > introvirt::windows::nt::HANDLE_TABLE::ThreadObject ( uint64_t handle ) const

pure virtual

Lookup a THREAD by handle number

Returns: The THREAD, or nullptr if the handle was invalid.

◆ ThreadObject() [2/2]

virtual std::shared_ptr< THREAD > introvirt::windows::nt::HANDLE_TABLE::ThreadObject ( uint64_t handle )

pure virtual

◆ TokenObject() [1/2]

virtual std::shared_ptr< const TOKEN > introvirt::windows::nt::HANDLE_TABLE::TokenObject ( uint64_t handle ) const

pure virtual

Lookup a TOKEN by handle number

Returns: The TOKEN, or nullptr if the handle was invalid.

◆ TokenObject() [2/2]

virtual std::shared_ptr< TOKEN > introvirt::windows::nt::HANDLE_TABLE::TokenObject ( uint64_t handle )

pure virtual

◆ TypeObject() [1/2]

virtual std::shared_ptr< const OBJECT_TYPE > introvirt::windows::nt::HANDLE_TABLE::TypeObject ( uint64_t handle ) const

pure virtual

Lookup an OBJECT_TYPE by handle number

Returns: The OBJECT_TYPE, or nullptr if the handle was invalid.

◆ TypeObject() [2/2]

virtual std::shared_ptr< OBJECT_TYPE > introvirt::windows::nt::HANDLE_TABLE::TypeObject ( uint64_t handle )

pure virtual

The documentation for this class was generated from the following file:

/home/runner/work/IntroVirt/IntroVirt/include/introvirt/windows/kernel/nt/types/HANDLE_TABLE.hh

Public Member Functions

Detailed Description

Constructor & Destructor Documentation

◆ ~HANDLE_TABLE()

Member Function Documentation

◆ DeviceObject() [1/2]

◆ DeviceObject() [2/2]

◆ DirectoryObject() [1/2]

◆ DirectoryObject() [2/2]

◆ DriverObject() [1/2]

◆ DriverObject() [2/2]

◆ EventObject() [1/2]

◆ EventObject() [2/2]

◆ FileObject() [1/2]

◆ FileObject() [2/2]

◆ Handle() [1/2]

◆ Handle() [2/2]

◆ HandleCount()

◆ KeyObject() [1/2]

◆ KeyObject() [2/2]

◆ NextHandleNeedingPool()

◆ Object() [1/2]

◆ Object() [2/2]

◆ open_handles()

◆ ProcessObject() [1/2]

◆ ProcessObject() [2/2]

◆ SectionObject() [1/2]

◆ SectionObject() [2/2]

◆ SymbolicLinkObject() [1/2]

◆ SymbolicLinkObject() [2/2]

◆ ThreadObject() [1/2]

◆ ThreadObject() [2/2]

◆ TokenObject() [1/2]

◆ TokenObject() [2/2]

◆ TypeObject() [1/2]

◆ TypeObject() [2/2]