flat assembler
Message board for the users of flat assembler.

Index > Windows > What open handles your hello world has?

Author
Thread Post new topic Reply to topic
vivik



Joined: 29 Oct 2016
Posts: 671
vivik 29 Sep 2017, 12:44
Hello. Can you please open the hello world example from fasm in ollydbg v1.10, and copypaste all handles in this thread?

Go to view->handles, right click the table, select "Copy to clipboard->Whole table", and then copypaste it here
Code:
 inside the [code] [/code] tags     


Here are mine, just checking if having all those BaseNamedObjects is normal. Also please say your windows version.

Code:
Handles
Handle     Type             Refs    Access      T    Info          Name
00000024   ALPC Port           4.   001F0001 S
00000028   ALPC Port           4.   001F0001 S
00000054   Desktop          2280.   000F01FF W                     \Default
00000008   Directory          91.   00000003 Q                     \KnownDlls
0000000C   Directory          55.   00000003 Q                     \KnownDlls32
00000018   Directory          55.   00000003 Q                     \KnownDlls32
00000078   Directory        2461.   0000000F Q                     \Sessions\1\BaseNamedObjects
00000020   Event               3.   001F0003 S
00000044   Event               2.   001F0003 S
0000004C   Event               3.   001F0003 S
00000060   Event               2.   001F0003 S
00000064   Event               2.   001F0003 S
00000068   Event               2.   001F0003 S
0000006C   Event               2.   001F0003 S
00000070   Event               2.   001F0003 S
00000074   Event               2.   001F0003 S
00000084   File (dev)          2.   00100003 S                     \FileSystem\Filters\FltMgrMsg
00000010   File (dir)          2.   00100020 S                     \Device\HarddiskVolume1\Windows
0000001C   File (dir)          2.   00100020 S                     \Device\HarddiskVolume1\_codeblocks\hello-freestanding\bin\Release
00000004   Key                 2.   00000009 Q                     \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
00000014   Key                 2.   00000009 Q                     \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
0000002C   Key                 2.   00020019 R                     \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Versions
00000030   Key                 2.   00000001 Q                     \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SESSION MANAGER
00000040   Key                 2.   000F003F W                     \REGISTRY\MACHINE
0000003C   Mutant              2.   001F0001 S
00000088   Section             3.   000F0007 W                     \Sessions\1\BaseNamedObjects\mchLLEW2$c30
0000008C   Section             3.   000F0007 W                     \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000c30, API $77a5f9e0
00000090   Section             3.   000F0007 W                     \Sessions\1\BaseNamedObjects\AutoUnhookMap$00000c30$73ec0000
00000094   Section             3.   000F0007 W                     \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000c30, API $71ac0000
0000009C   Section             3.   000F0007 W                     \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000c30, API $77a7dffe
000000A0   Section             3.   000F0007 W                     \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000c30, API $73e812c6
000000A4   Section             3.   000F0007 W                     \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000c30, API $73e82384
000000A8   Section             3.   000F0007 W                     \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000c30, API $76fef792
000000AC   Section             3.   000F0007 W                     \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000c30, API $75db3be3
000000B0   Section             3.   000F0007 W                     \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000c30, API $76e69d0b
000000B4   Section             3.   000F0007 W                     \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000c30, API $75b77ba4
000000B8   Section             3.   000F0007 W                     \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000c30, API $75b7ea03
000000BC   Section             3.   000F0007 W                     \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000c30, API $75b7b986
000000C0   Section             3.   000F0007 W                     \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000c30, API $75b758b3
000000C4   Section             3.   000F0007 W                     \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000c30, API $75dccd11
000000C8   Section             3.   000F0007 W                     \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000c30, API $75db9ae4
000000CC   Section             3.   000F0007 W                     \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000c30, API $75e1dd76
000000D0   Section             3.   000F0007 W                     \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000c30, API $75e1de19
000000D4   Section             3.   000F0007 W                     \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000c30, API $75dc3baa
000000D8   Section             3.   000F0007 W                     \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000c30, API $75b75ea5
000000DC   Section             3.   000F0007 W                     \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000c30, API $75b7cc01
000000E0   Section             3.   000F0007 W                     \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000c30, API $75ba4969
000000E4   Section             3.   000F0007 W                     \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000c30, API $75b7ba5f
000000E8   Section             3.   000F0007 W                     \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000c30, API $75f202bf
000000EC   Section             3.   000F0007 W                     \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000c30, API $75f2027b
000000F0   Section             3.   000F0007 W                     \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000c30, API $75ed835c
000000F4   Section             3.   000F0007 W                     \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000c30, API $75ed7603
000000F8   Section             3.   000F0007 W                     \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000c30, API $75ecee09
000000FC   Section             3.   000F0007 W                     \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000c30, API $75ed6110
00000100   Section             3.   000F0007 W                     \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000c30, API $75ec8332
00000104   Section             3.   000F0007 W                     \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000c30, API $75ed3baa
00000108   Section             3.   000F0007 W                     \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000c30, API $75ed12a5
0000010C   Section             3.   000F0007 W                     \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000c30, API $75ed3c61
00000110   Section             3.   000F0007 W                     \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000c30, API $75ec8bff
00000114   Section             3.   000F0007 W                     \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000c30, API $75ed612e
00000118   Section             3.   000F0007 W                     \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000c30, API $75ec9679
0000011C   Section             3.   000F0007 W                     \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000c30, API $75ed781f
00000120   Section             3.   000F0007 W                     \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000c30, API $75ec97d2
00000124   Section             3.   000F0007 W                     \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000c30, API $75f26cfc
00000128   Section             3.   000F0007 W                     \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000c30, API $75ed76e0
0000012C   Section             3.   000F0007 W                     \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000c30, API $75f26d5d
00000130   Section             3.   000F0007 W                     \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000c30, API $75ed7668
00000134   Section             3.   000F0007 W                     \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000c30, API $75eec112
00000138   Section             3.   000F0007 W                     \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000c30, API $75eed0f5
0000013C   Section             3.   000F0007 W                     \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000c30, API $75eeff4a
00000140   Section             3.   000F0007 W                     \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000c30, API $75eeec68
00000144   Section             3.   000F0007 W                     \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000c30, API $75ed291f
00000148   Section             3.   000F0007 W                     \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000c30, API $75eeeb96
0000014C   Section             3.   000F0007 W                     \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000c30, API $75f288eb
00000150   Section             3.   000F0007 W                     \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000c30, API $75ed2d64
00000154   Section             3.   000F0007 W                     \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000c30, API $75ed3698
00000158   Section             3.   000F0007 W                     \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000c30, API $75edc4b6
0000015C   Section             3.   000F0007 W                     \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000c30, API $75f27dd7
00000160   Section             3.   000F0007 W                     \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000c30, API $75f09f1d
00000164   Section             3.   000F0007 W                     \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000c30, API $75ecefc9
00000168   Section             3.   000F0007 W                     \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000c30, API $75ed6c30
0000016C   Section             3.   000F0007 W                     \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000c30, API $75ec90d3
00000170   Section             3.   000F0007 W                     \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000c30, API $75ed2da4
00000174   Section             3.   000F0007 W                     \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000c30, API $75f11497
00000178   Section             3.   000F0007 W                     \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000c30, API $77a60550
0000017C   Section             3.   000F0007 W                     \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000c30, API $77a603d0
00000180   Section             3.   000F0007 W                     \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000c30, API $77a6079c
00000184   Section             3.   000F0007 W                     \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000c30, API $77a5ff74
00000188   Section             3.   000F0007 W                     \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000c30, API $77a606f4
0000018C   Section             3.   000F0007 W                     \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000c30, API $77a60874
00000190   Section             3.   000F0007 W                     \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000c30, API $77a607e4
00000194   Section             3.   000F0007 W                     \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000c30, API $77a60004
00000198   Section             3.   000F0007 W                     \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000c30, API $77a60084
0000019C   Section             3.   000F0007 W                     \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000c30, API $77a61cb4
000001A0   Section             3.   000F0007 W                     \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000c30, API $77a61d8c
000001A4   Section             3.   000F0007 W                     \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000c30, API $77a5fcb0
000001A8   Section             3.   000F0007 W                     \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000c30, API $77a60694
000001AC   Section             3.   000F0007 W                     \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000c30, API $77a60df4
000001B0   Section             3.   000F0007 W                     \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000c30, API $77a61be4
000001B4   Section             3.   000F0007 W                     \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000c30, API $77a5ffa4
000001B8   Section             3.   000F0007 W                     \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000c30, API $77a5fdc8
000001BC   Section             3.   000F0007 W                     \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000c30, API $77a600b4
000001C0   Section             3.   000F0007 W                     \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000c30, API $77a5fd64
000001C4   Section             3.   000F0007 W                     \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000c30, API $77a5fec0
000001C8   Section             3.   000F0007 W                     \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000c30, API $77a6088c
000001CC   Section             3.   000F0007 W                     \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000c30, API $77a60ed8
000001D0   Section             3.   000F0007 W                     \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000c30, API $77a5fb28
000001D4   Section             3.   000F0007 W                     \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000c30, API $77a608a4
000001D8   Section             3.   000F0007 W                     \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000c30, API $77a603b8
00000034   Semaphore           2.   00100003 S       Count 0. of
00000038   Semaphore           2.   00100003 S       Count 0. of
00000050   WindowStation      91.   000F037F W                     \Sessions\1\Windows\WindowStations\WinSta0
00000058   WindowStation      91.   000F037F W                     \Sessions\1\Windows\WindowStations\WinSta0    
Post 29 Sep 2017, 12:44
View user's profile Send private message Reply with quote
Furs



Joined: 04 Mar 2016
Posts: 2541
Furs 29 Sep 2017, 19:33
Windows XP Service Pack 2 32-bit Virtual Machine:
Code:
Handles
Handle     Type             Refs    Access     T    Info          Name
00000020   Desktop           810.   000F01FF                      \Default
00000008   Directory          58.   00000003                      \KnownDlls
00000014   Directory          26.   000F000F                      \Windows
00000010   Event               3.   001F0003
0000000C   File (???)          2.   00100020                      \Device\hgfs\vmware-host\Shared Folders\Share
00000004   KeyedEvent         24.   000F0003                      \KernelObjects\CritSecOutOfMemoryEvent
00000018   Port                3.   001F0001
0000001C   WindowStation      34.   000F037F                      \Windows\WindowStations\WinSta0
00000024   WindowStation      34.   000F037F                      \Windows\WindowStations\WinSta0    
Windows 7 Ultimate 32-bit Virtual Machine:
Code:
Handles
Handle     Type             Refs    Access     T    Info          Name
00000018   ALPC Port           4.   001F0001
0000002C   Desktop           665.   000F01FF                      \Default
00000008   Directory          77.   00000003                      \KnownDlls
00000024   Event               3.   001F0003
0000000C   File (???)          2.   00100020                      \Device\Mup\vmware-host\Shared Folders\Share
00000004   Key                 2.   00000009                      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
00000010   Key                 2.   00000009                      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DllNXOptions
00000014   Key                 2.   00020019                      HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Versions
0000001C   Key                 2.   00000001                      HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager
00000034   Key                 2.   000F003F                      HKEY_LOCAL_MACHINE
00000028   WindowStation      37.   000F037F                      \Sessions\1\Windows\WindowStations\WinSta0
00000030   WindowStation      37.   000F037F                      \Sessions\1\Windows\WindowStations\WinSta0    
Windows 10 (without Anniversary Update, it's not updated since a long time) 64-bit Virtual Machine:
Code:
Handles
Handle     Type             Refs    Access     T    Info          Name
00000038   ALPC Port        65538.  001F0001
000000AC   Desktop          424861  000F01FF                      \Default
00000008   Directory        147256  00000003                      \KnownDlls
0000000C   Directory        229097  00000003                      \KnownDlls32
00000020   Directory        229097  00000003                      \KnownDlls32
0000007C   Directory        423369  0000000F                      \Sessions\1\BaseNamedObjects
00000010   Event            65533.  001F0003
00000014   Event            65536.  001F0003
00000024   Event            65533.  001F0003
00000028   Event            65532.  001F0003
00000030   Event            65537.  001F0003
000000A4   Event            65536.  001F0003
0000002C   File (???)       65536.  00100020                      \Device\Mup\vmware-host\Shared Folders\Share
00000018   File (dir)       65536.  00100020                      c:\Windows
0000003C   IoCompletion     65537.  001F0003
00000078   IoCompletion     65537.  001F0003
00000044   IRTimer          65537.  00100002
0000004C   IRTimer          65537.  00100002
00000084   IRTimer          65537.  00100002
0000008C   IRTimer          65537.  00100002
00000004   Key              65535.  00000009                      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
0000001C   Key              65527.  00000009                      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
00000070   Key              65534.  00000001                      HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale
00000094   Key              65535.  00000009                      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DllNXOptions
00000098   Key              65535.  00020019                      HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Versions
000000B4   Key              65534.  00020019                      HKEY_LOCAL_MACHINE
00000040   TpWorkerFactory  65536.  000F00FF
00000080   TpWorkerFactory  65525.  000F00FF
00000034   WaitCompletionP  65537.  00000001
00000048   WaitCompletionP  65537.  00000001
00000050   WaitCompletionP  65537.  00000001
00000088   WaitCompletionP  65537.  00000001
00000090   WaitCompletionP  65537.  00000001
000000A8   WindowStation    785997  000F037F                      \Sessions\1\Windows\WindowStations\WinSta0
000000B0   WindowStation    785997  000F037F                      \Sessions\1\Windows\WindowStations\WinSta0    



So I guess the answer is no.
Post 29 Sep 2017, 19:33
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2024, Tomasz Grysztar. Also on GitHub, YouTube.

Website powered by rwasa.