-
Notifications
You must be signed in to change notification settings - Fork 157
/
SharedInfoHandleTable.cpp
56 lines (49 loc) · 1.26 KB
/
SharedInfoHandleTable.cpp
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
// SharedInfoHandleTable.cpp : Defines the entry point for the console application.
//
#include "stdafx.h"
#include <Windows.h>
typedef struct _HANDLEENTRY {
PVOID phead;
PVOID pOwner;
BYTE bType;
BYTE bFlags;
WORD wUniq;
}HANDLEENTRY, *PHANDLEENTRY;
typedef struct _SERVERINFO {
#ifdef _WIN64
UINT64 dwSRVIFlags;
UINT64 cHandleEntries;
#else
DWORD dwSRVIFlags;
DWORD cHandleEntries;
#endif
WORD wSRVIFlags;
WORD wRIPPID;
WORD wRIPError;
}SERVERINFO, *PSERVERINFO;
typedef struct _SHAREDINFO {
PSERVERINFO psi;
PHANDLEENTRY aheList;
ULONG HeEntrySize;
ULONG_PTR pDispInfo;
ULONG_PTR ulSharedDelta;
ULONG_PTR awmControl;
ULONG_PTR DefWindowMsgs;
ULONG_PTR DefWindowSpecMsgs;
}SHAREDINFO, *PSHAREDINFO;
int main()
{
HMODULE hUser32 = LoadLibraryA("user32.dll");
PSHAREDINFO gSharedInfo = (PSHAREDINFO)GetProcAddress(hUser32, "gSharedInfo");
for (unsigned int i = 0; i < gSharedInfo->psi->cHandleEntries; i++) {
HANDLEENTRY entry = gSharedInfo->aheList[i];
if (entry.bType != 0) { //ignore free entries
#ifdef _WIN64
printf("Head: 0x%llx, Owner: 0x%llx, Type: 0x%X\r\n", entry.phead, entry.pOwner, entry.bType);
#else
printf("Head: 0x%X, Owner: 0x%X, Type: 0x%X\r\n", entry.phead, entry.pOwner, entry.bType);
#endif
}
}
return 0;
}