Process Hacker and Windows discussion

 
Tony

Getting Handle table from device driver in Windows 10 Aniversary

02 Oct 2016, 19:46

I have noticed in the source code that there is no logic to get the handle table for a process in Windows 10.
Can someone confirm that this is intentional due to Microsoft hardening the kernel or has it just not yet been implemented?
Thanks in advance.
Tony
 
User avatar
dmex
Admin
Posts: 1258
Location: Australia

Re: Getting Handle table from device driver in Windows 10 Aniversary

02 Oct 2016, 22:17

Tony wrote:
there is no logic to get the handle table for a process in Windows 10
Handle tables work fine for me on Windows 10?
handle_table.PNG
You will get an empty handle table if you're using nightly builds of Process Hacker. You need to disable the kernel driver via Options window > Advanced tab > Untick the "Enable kernel-mode driver" option.
 
Tony

Re: Getting Handle table from device driver in Windows 10 Aniversary

04 Oct 2016, 17:57

Sorry, my bad, I was not specific.
I was looking at the source code you wrote for the driver (processhacker-nightly-src\KProcessHacker).
I was curious if getting the handle table in kernel mode has stopped working because of Microsoft tightening security in kernel mode.
Thanks for all your great work!
Tony
 
User avatar
dmex
Admin
Posts: 1258
Location: Australia

Re: Getting Handle table from device driver in Windows 10 Aniversary

05 Oct 2016, 20:12

Tony wrote:
I was curious if getting the handle table in kernel mode has stopped working because of Microsoft tightening security in kernel mode.
No.

The only issue is with KPH needing to be updated with handle table offsets for the latest build of Windows 10 (14393).
 
Tony

Re: Getting Handle table from device driver in Windows 10 Aniversary

08 Oct 2016, 16:23

If it is not too much trouble.
It is just nice to have the code always hit the same logic for each version of Windows.
I appreciate all your great work.
Thanks!
 
mgrzeg
Member
Posts: 5
OS: Windows 7 64bit

Re: Getting Handle table from device driver in Windows 10 Aniversary

12 Oct 2016, 16:05

+1. The names of the ETW registrations disappeared, if it's not a problem, I'd love to see them back :)
Thanks!
 
Tony

Re: Getting Handle table from device driver in Windows 10 Aniversary

24 Oct 2016, 17:00

Hi,

I there a scheduled date for the next release?
I see the code for the device driver is in for Windows 10 1607 (anniversary update).
However, the driver from the nightly build versions is not signed so not available to the user level code.
Thanks for all the great work!

Who is online

Users browsing this forum: Yahoo and 8 guests