flat assembler
Message board for the users of flat assembler.

flat assembler > Windows > What open handles your hello world has?

Author
Thread Post new topic Reply to topic
vivik



Joined: 29 Oct 2016
Posts: 405
Hello. Can you please open the hello world example from fasm in ollydbg v1.10, and copypaste all handles in this thread?

Go to view->handles, right click the table, select "Copy to clipboard->Whole table", and then copypaste it here
Code:
inside the [code] [/code] tags


Here are mine, just checking if having all those BaseNamedObjects is normal. Also please say your windows version.

Code:
Handles Handle Type Refs Access T Info Name 00000024 ALPC Port 4. 001F0001 S 00000028 ALPC Port 4. 001F0001 S 00000054 Desktop 2280. 000F01FF W \Default 00000008 Directory 91. 00000003 Q \KnownDlls 0000000C Directory 55. 00000003 Q \KnownDlls32 00000018 Directory 55. 00000003 Q \KnownDlls32 00000078 Directory 2461. 0000000F Q \Sessions\1\BaseNamedObjects 00000020 Event 3. 001F0003 S 00000044 Event 2. 001F0003 S 0000004C Event 3. 001F0003 S 00000060 Event 2. 001F0003 S 00000064 Event 2. 001F0003 S 00000068 Event 2. 001F0003 S 0000006C Event 2. 001F0003 S 00000070 Event 2. 001F0003 S 00000074 Event 2. 001F0003 S 00000084 File (dev) 2. 00100003 S \FileSystem\Filters\FltMgrMsg 00000010 File (dir) 2. 00100020 S \Device\HarddiskVolume1\Windows 0000001C File (dir) 2. 00100020 S \Device\HarddiskVolume1\_codeblocks\hello-freestanding\bin\Release 00000004 Key 2. 00000009 Q \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options 00000014 Key 2. 00000009 Q \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options 0000002C Key 2. 00020019 R \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Versions 00000030 Key 2. 00000001 Q \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SESSION MANAGER 00000040 Key 2. 000F003F W \REGISTRY\MACHINE 0000003C Mutant 2. 001F0001 S 00000088 Section 3. 000F0007 W \Sessions\1\BaseNamedObjects\mchLLEW2$c30 0000008C Section 3. 000F0007 W \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000c30, API $77a5f9e0 00000090 Section 3. 000F0007 W \Sessions\1\BaseNamedObjects\AutoUnhookMap$00000c30$73ec0000 00000094 Section 3. 000F0007 W \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000c30, API $71ac0000 0000009C Section 3. 000F0007 W \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000c30, API $77a7dffe 000000A0 Section 3. 000F0007 W \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000c30, API $73e812c6 000000A4 Section 3. 000F0007 W \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000c30, API $73e82384 000000A8 Section 3. 000F0007 W \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000c30, API $76fef792 000000AC Section 3. 000F0007 W \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000c30, API $75db3be3 000000B0 Section 3. 000F0007 W \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000c30, API $76e69d0b 000000B4 Section 3. 000F0007 W \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000c30, API $75b77ba4 000000B8 Section 3. 000F0007 W \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000c30, API $75b7ea03 000000BC Section 3. 000F0007 W \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000c30, API $75b7b986 000000C0 Section 3. 000F0007 W \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000c30, API $75b758b3 000000C4 Section 3. 000F0007 W \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000c30, API $75dccd11 000000C8 Section 3. 000F0007 W \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000c30, API $75db9ae4 000000CC Section 3. 000F0007 W \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000c30, API $75e1dd76 000000D0 Section 3. 000F0007 W \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000c30, API $75e1de19 000000D4 Section 3. 000F0007 W \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000c30, API $75dc3baa 000000D8 Section 3. 000F0007 W \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000c30, API $75b75ea5 000000DC Section 3. 000F0007 W \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000c30, API $75b7cc01 000000E0 Section 3. 000F0007 W \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000c30, API $75ba4969 000000E4 Section 3. 000F0007 W \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000c30, API $75b7ba5f 000000E8 Section 3. 000F0007 W \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000c30, API $75f202bf 000000EC Section 3. 000F0007 W \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000c30, API $75f2027b 000000F0 Section 3. 000F0007 W \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000c30, API $75ed835c 000000F4 Section 3. 000F0007 W \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000c30, API $75ed7603 000000F8 Section 3. 000F0007 W \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000c30, API $75ecee09 000000FC Section 3. 000F0007 W \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000c30, API $75ed6110 00000100 Section 3. 000F0007 W \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000c30, API $75ec8332 00000104 Section 3. 000F0007 W \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000c30, API $75ed3baa 00000108 Section 3. 000F0007 W \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000c30, API $75ed12a5 0000010C Section 3. 000F0007 W \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000c30, API $75ed3c61 00000110 Section 3. 000F0007 W \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000c30, API $75ec8bff 00000114 Section 3. 000F0007 W \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000c30, API $75ed612e 00000118 Section 3. 000F0007 W \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000c30, API $75ec9679 0000011C Section 3. 000F0007 W \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000c30, API $75ed781f 00000120 Section 3. 000F0007 W \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000c30, API $75ec97d2 00000124 Section 3. 000F0007 W \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000c30, API $75f26cfc 00000128 Section 3. 000F0007 W \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000c30, API $75ed76e0 0000012C Section 3. 000F0007 W \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000c30, API $75f26d5d 00000130 Section 3. 000F0007 W \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000c30, API $75ed7668 00000134 Section 3. 000F0007 W \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000c30, API $75eec112 00000138 Section 3. 000F0007 W \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000c30, API $75eed0f5 0000013C Section 3. 000F0007 W \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000c30, API $75eeff4a 00000140 Section 3. 000F0007 W \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000c30, API $75eeec68 00000144 Section 3. 000F0007 W \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000c30, API $75ed291f 00000148 Section 3. 000F0007 W \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000c30, API $75eeeb96 0000014C Section 3. 000F0007 W \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000c30, API $75f288eb 00000150 Section 3. 000F0007 W \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000c30, API $75ed2d64 00000154 Section 3. 000F0007 W \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000c30, API $75ed3698 00000158 Section 3. 000F0007 W \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000c30, API $75edc4b6 0000015C Section 3. 000F0007 W \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000c30, API $75f27dd7 00000160 Section 3. 000F0007 W \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000c30, API $75f09f1d 00000164 Section 3. 000F0007 W \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000c30, API $75ecefc9 00000168 Section 3. 000F0007 W \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000c30, API $75ed6c30 0000016C Section 3. 000F0007 W \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000c30, API $75ec90d3 00000170 Section 3. 000F0007 W \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000c30, API $75ed2da4 00000174 Section 3. 000F0007 W \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000c30, API $75f11497 00000178 Section 3. 000F0007 W \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000c30, API $77a60550 0000017C Section 3. 000F0007 W \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000c30, API $77a603d0 00000180 Section 3. 000F0007 W \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000c30, API $77a6079c 00000184 Section 3. 000F0007 W \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000c30, API $77a5ff74 00000188 Section 3. 000F0007 W \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000c30, API $77a606f4 0000018C Section 3. 000F0007 W \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000c30, API $77a60874 00000190 Section 3. 000F0007 W \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000c30, API $77a607e4 00000194 Section 3. 000F0007 W \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000c30, API $77a60004 00000198 Section 3. 000F0007 W \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000c30, API $77a60084 0000019C Section 3. 000F0007 W \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000c30, API $77a61cb4 000001A0 Section 3. 000F0007 W \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000c30, API $77a61d8c 000001A4 Section 3. 000F0007 W \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000c30, API $77a5fcb0 000001A8 Section 3. 000F0007 W \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000c30, API $77a60694 000001AC Section 3. 000F0007 W \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000c30, API $77a60df4 000001B0 Section 3. 000F0007 W \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000c30, API $77a61be4 000001B4 Section 3. 000F0007 W \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000c30, API $77a5ffa4 000001B8 Section 3. 000F0007 W \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000c30, API $77a5fdc8 000001BC Section 3. 000F0007 W \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000c30, API $77a600b4 000001C0 Section 3. 000F0007 W \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000c30, API $77a5fd64 000001C4 Section 3. 000F0007 W \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000c30, API $77a5fec0 000001C8 Section 3. 000F0007 W \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000c30, API $77a6088c 000001CC Section 3. 000F0007 W \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000c30, API $77a60ed8 000001D0 Section 3. 000F0007 W \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000c30, API $77a5fb28 000001D4 Section 3. 000F0007 W \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000c30, API $77a608a4 000001D8 Section 3. 000F0007 W \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000c30, API $77a603b8 00000034 Semaphore 2. 00100003 S Count 0. of 00000038 Semaphore 2. 00100003 S Count 0. of 00000050 WindowStation 91. 000F037F W \Sessions\1\Windows\WindowStations\WinSta0 00000058 WindowStation 91. 000F037F W \Sessions\1\Windows\WindowStations\WinSta0
Post 29 Sep 2017, 12:44
View user's profile Send private message Reply with quote
Furs



Joined: 04 Mar 2016
Posts: 1175
Windows XP Service Pack 2 32-bit Virtual Machine:
Code:
Handles Handle Type Refs Access T Info Name 00000020 Desktop 810. 000F01FF \Default 00000008 Directory 58. 00000003 \KnownDlls 00000014 Directory 26. 000F000F \Windows 00000010 Event 3. 001F0003 0000000C File (???) 2. 00100020 \Device\hgfs\vmware-host\Shared Folders\Share 00000004 KeyedEvent 24. 000F0003 \KernelObjects\CritSecOutOfMemoryEvent 00000018 Port 3. 001F0001 0000001C WindowStation 34. 000F037F \Windows\WindowStations\WinSta0 00000024 WindowStation 34. 000F037F \Windows\WindowStations\WinSta0
Windows 7 Ultimate 32-bit Virtual Machine:
Code:
Handles Handle Type Refs Access T Info Name 00000018 ALPC Port 4. 001F0001 0000002C Desktop 665. 000F01FF \Default 00000008 Directory 77. 00000003 \KnownDlls 00000024 Event 3. 001F0003 0000000C File (???) 2. 00100020 \Device\Mup\vmware-host\Shared Folders\Share 00000004 Key 2. 00000009 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options 00000010 Key 2. 00000009 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DllNXOptions 00000014 Key 2. 00020019 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Versions 0000001C Key 2. 00000001 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager 00000034 Key 2. 000F003F HKEY_LOCAL_MACHINE 00000028 WindowStation 37. 000F037F \Sessions\1\Windows\WindowStations\WinSta0 00000030 WindowStation 37. 000F037F \Sessions\1\Windows\WindowStations\WinSta0
Windows 10 (without Anniversary Update, it's not updated since a long time) 64-bit Virtual Machine:
Code:
Handles Handle Type Refs Access T Info Name 00000038 ALPC Port 65538. 001F0001 000000AC Desktop 424861 000F01FF \Default 00000008 Directory 147256 00000003 \KnownDlls 0000000C Directory 229097 00000003 \KnownDlls32 00000020 Directory 229097 00000003 \KnownDlls32 0000007C Directory 423369 0000000F \Sessions\1\BaseNamedObjects 00000010 Event 65533. 001F0003 00000014 Event 65536. 001F0003 00000024 Event 65533. 001F0003 00000028 Event 65532. 001F0003 00000030 Event 65537. 001F0003 000000A4 Event 65536. 001F0003 0000002C File (???) 65536. 00100020 \Device\Mup\vmware-host\Shared Folders\Share 00000018 File (dir) 65536. 00100020 c:\Windows 0000003C IoCompletion 65537. 001F0003 00000078 IoCompletion 65537. 001F0003 00000044 IRTimer 65537. 00100002 0000004C IRTimer 65537. 00100002 00000084 IRTimer 65537. 00100002 0000008C IRTimer 65537. 00100002 00000004 Key 65535. 00000009 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options 0000001C Key 65527. 00000009 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options 00000070 Key 65534. 00000001 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale 00000094 Key 65535. 00000009 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DllNXOptions 00000098 Key 65535. 00020019 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Versions 000000B4 Key 65534. 00020019 HKEY_LOCAL_MACHINE 00000040 TpWorkerFactory 65536. 000F00FF 00000080 TpWorkerFactory 65525. 000F00FF 00000034 WaitCompletionP 65537. 00000001 00000048 WaitCompletionP 65537. 00000001 00000050 WaitCompletionP 65537. 00000001 00000088 WaitCompletionP 65537. 00000001 00000090 WaitCompletionP 65537. 00000001 000000A8 WindowStation 785997 000F037F \Sessions\1\Windows\WindowStations\WinSta0 000000B0 WindowStation 785997 000F037F \Sessions\1\Windows\WindowStations\WinSta0



So I guess the answer is no.
Post 29 Sep 2017, 19:33
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >

Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 2004-2018, Tomasz Grysztar.

Powered by rwasa.