I will explain what the handle is such as HgDiobj1. Structure: It is a 32 value, its structure is: 8BITS UNKNOWN | 1 Bit Stock Object Marker | 7 Bits Object Type | 4 Bits Unused | 12 Bits Index.
Did you see the index of 12bits? 2. Object Handle Table. We just saw the index, where is the index pointing, it is to point to this object handle table, this is a table of system maintenance. One of the objects in Object Handle Table is the following Typedef struct {void * pkernel; unsigned short nprocess; unsigned short ncount; unsigned short nupper; unsigned short ntype; void * publeCell;
We can see two pointers, these two pointers are pointing to true objects. For example, DC_ATTR, DCOBJ, etc. true objects. What is the object, I want you to know.
