reven2.preview.windows.handle

Modules Classes Names

module documentation

Parsing of Windows 10 handles from handle tables

Some pointers to explanation of handles:

https://ntamonsec.blogspot.com/2020/06/journey-into-object-manager-executive-handles.html
https://eforensicsmag.com/windows-process-internals-a-few-concepts-to-know-before-jumping-on-memory-forensics-part-5-a-journey-in-to-the-undocumented-process-handle-structures-_handle_table-_handle_table_entry/

Class	`Handle`	A class representing a Windows handle at a specific context.
Class	`_CurrentProcessSpecialHandle`	Undocumented
Class	`_CurrentProcessTokenSpecialHandle`	Undocumented
Class	`_CurrentThreadEffectiveTokenSpecialHandle`	Undocumented
Class	`_CurrentThreadSpecialHandle`	Undocumented
Class	`_CurrentThreadTokenSpecialHandle`	Undocumented
Class	`_HandleIndexes`	Class built by reversing the function `ExpLookupHandleTableEntry` of the kernel
Class	`_SpecialHandle`	Undocumented
Function	`_negative_to_positive_two_complement`	Undocumented
Variable	`_special_handles`	Undocumented

def _negative_to_positive_two_complement(ctx, value):

Undocumented

Parameters
ctx:`reven2.trace.Context`	Undocumented
value:`int`	Undocumented
Returns
`int`	Undocumented

_special_handles: _List[_Type[_SpecialHandle]] =

Undocumented