├── HijackBase
    ├── HijackBase.h
    ├── HijackBase.vcxproj.filters
    ├── main.cpp
    ├── HijackBase.vcxproj
    └── main.h
├── .gitattributes
├── HijackTest
    ├── HijackTest.vcxproj.filters
    ├── main.cpp
    └── HijackTest.vcxproj
├── .gitignore
└── HandleHijack.sln


/HijackBase/HijackBase.h:
--------------------------------------------------------------------------------
 1 | #pragma once
 2 | 
 3 | #include <SDKDDKVer.h>
 4 | #define WIN32_LEAN_AND_MEAN
 5 | 
 6 | 
 7 | namespace HandleHijack
 8 | {
 9 | 	class CHandleHijack
10 | 	{
11 | 		public:
12 | 			CHandleHijack();
13 | 
14 | 			int FindHandle(DWORD dwTargetProcessId, LPDWORD pLastErr, LPHANDLE phHandle);
15 | 	};
16 | }
17 | 
18 | 


--------------------------------------------------------------------------------
/.gitattributes:
--------------------------------------------------------------------------------
 1 | # Auto detect text files and perform LF normalization
 2 | * text=auto
 3 | 
 4 | # Custom for Visual Studio
 5 | *.cs     diff=csharp
 6 | 
 7 | # Standard to msysgit
 8 | *.doc	 diff=astextplain
 9 | *.DOC	 diff=astextplain
10 | *.docx diff=astextplain
11 | *.DOCX diff=astextplain
12 | *.dot  diff=astextplain
13 | *.DOT  diff=astextplain
14 | *.pdf  diff=astextplain
15 | *.PDF	 diff=astextplain
16 | *.rtf	 diff=astextplain
17 | *.RTF	 diff=astextplain
18 | 


--------------------------------------------------------------------------------
/HijackTest/HijackTest.vcxproj.filters:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="utf-8"?>
 2 | <Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
 3 |   <ItemGroup>
 4 |     <Filter Include="Source Files">
 5 |       <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
 6 |       <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
 7 |     </Filter>
 8 |   </ItemGroup>
 9 |   <ItemGroup>
10 |     <ClCompile Include="main.cpp">
11 |       <Filter>Source Files</Filter>
12 |     </ClCompile>
13 |   </ItemGroup>
14 | </Project>


--------------------------------------------------------------------------------
/HijackBase/HijackBase.vcxproj.filters:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="utf-8"?>
 2 | <Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
 3 |   <ItemGroup>
 4 |     <Filter Include="Source Files">
 5 |       <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
 6 |       <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
 7 |     </Filter>
 8 |     <Filter Include="Header Files">
 9 |       <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
10 |       <Extensions>h;hh;hpp;hxx;hm;inl;inc;xsd</Extensions>
11 |     </Filter>
12 |   </ItemGroup>
13 |   <ItemGroup>
14 |     <ClInclude Include="HijackBase.h">
15 |       <Filter>Header Files</Filter>
16 |     </ClInclude>
17 |     <ClInclude Include="main.h">
18 |       <Filter>Header Files</Filter>
19 |     </ClInclude>
20 |   </ItemGroup>
21 |   <ItemGroup>
22 |     <ClCompile Include="main.cpp">
23 |       <Filter>Source Files</Filter>
24 |     </ClCompile>
25 |   </ItemGroup>
26 | </Project>


--------------------------------------------------------------------------------
/HijackTest/main.cpp:
--------------------------------------------------------------------------------
 1 | #include <Windows.h>
 2 | #include <iostream>
 3 | 
 4 | #include "../HijackBase/HijackBase.h"
 5 | #ifdef _DEBUG
 6 | #pragma comment( lib, "../Debug/HijackBase.lib" )
 7 | #else
 8 | #pragma comment( lib, "../Release/HijackBase.lib" )
 9 | #endif
10 | using namespace HandleHijack;
11 | static CHandleHijack handleHijack;
12 | 
13 | 
14 | int main()
15 | {
16 | 	typedef NTSTATUS(NTAPI* lpRtlAdjustPrivilege)(ULONG Privilege, BOOLEAN Enable, BOOLEAN CurrentThread, PBOOLEAN Enabled);
17 | 	auto RtlAdjustPrivilege = (lpRtlAdjustPrivilege)GetProcAddress(LoadLibraryA("ntdll"), "RtlAdjustPrivilege");
18 | 	
19 | 	BOOLEAN boAdjustPrivRet;
20 | 	RtlAdjustPrivilege(20, TRUE, FALSE, &boAdjustPrivRet);
21 | 
22 | 
23 | 	printf("Target: ");
24 | 	DWORD dwTargetPID = 0;
25 | 	std::cin >> dwTargetPID;
26 | 
27 | 	DWORD dwLastErr = 0;
28 | 	HANDLE hHandle = nullptr;
29 | 	int iFindRet = handleHijack.FindHandle(dwTargetPID, &dwLastErr, &hHandle);
30 | 
31 | 
32 | 	printf("FindHandle completed! Result: %d Handle: %p\n", iFindRet, hHandle);
33 | 
34 | 	if (hHandle)
35 | 		printf("Handle created! Handle: %p\n", hHandle);
36 | 	else
37 | 		printf("Handle can not created! Last error: %u\n", dwLastErr);
38 | 
39 | 
40 | 	while (1)
41 | 		Sleep(1000);
42 | 	return 0;
43 | }


--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
 1 | # Compiled Object files
 2 | *.slo
 3 | *.lo
 4 | *.o
 5 | *.obj
 6 | 
 7 | # Precompiled Headers
 8 | *.gch
 9 | *.pch
10 | 
11 | # Compiled Dynamic libraries
12 | *.so
13 | *.dylib
14 | *.dll
15 | 
16 | # Fortran module files
17 | *.mod
18 | 
19 | # Compiled Static libraries
20 | *.lai
21 | *.la
22 | *.a
23 | *.lib
24 | 
25 | # Executables
26 | *.exe
27 | *.out
28 | *.app
29 | 
30 | # =========================
31 | # Operating System Files
32 | # =========================
33 | 
34 | # OSX
35 | # =========================
36 | 
37 | .DS_Store
38 | .AppleDouble
39 | .LSOverride
40 | 
41 | # Thumbnails
42 | ._*
43 | 
44 | # Files that might appear in the root of a volume
45 | .DocumentRevisions-V100
46 | .fseventsd
47 | .Spotlight-V100
48 | .TemporaryItems
49 | .Trashes
50 | .VolumeIcon.icns
51 | 
52 | # Directories potentially created on remote AFP share
53 | .AppleDB
54 | .AppleDesktop
55 | Network Trash Folder
56 | Temporary Items
57 | .apdisk
58 | 
59 | # Windows
60 | # =========================
61 | 
62 | # Windows image file caches
63 | Thumbs.db
64 | ehthumbs.db
65 | 
66 | # Folder config file
67 | Desktop.ini
68 | 
69 | # Recycle Bin used on file shares
70 | $RECYCLE.BIN/
71 | 
72 | # Windows Installer files
73 | *.cab
74 | *.msi
75 | *.msm
76 | *.msp
77 | 
78 | # Windows shortcuts
79 | *.lnk
80 | 


--------------------------------------------------------------------------------
/HandleHijack.sln:
--------------------------------------------------------------------------------
 1 | 
 2 | Microsoft Visual Studio Solution File, Format Version 12.00
 3 | # Visual Studio 14
 4 | VisualStudioVersion = 14.0.25420.1
 5 | MinimumVisualStudioVersion = 10.0.40219.1
 6 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "HijackBase", "HijackBase\HijackBase.vcxproj", "{44B1CDF3-E3D8-4EFF-8FC8-1C7D5A27E944}"
 7 | EndProject
 8 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "HijackTest", "HijackTest\HijackTest.vcxproj", "{684CA95C-3E4D-427C-92A3-31C6178138F9}"
 9 | EndProject
10 | Global
11 | 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
12 | 		Debug|x64 = Debug|x64
13 | 		Debug|x86 = Debug|x86
14 | 		Release|x64 = Release|x64
15 | 		Release|x86 = Release|x86
16 | 	EndGlobalSection
17 | 	GlobalSection(ProjectConfigurationPlatforms) = postSolution
18 | 		{44B1CDF3-E3D8-4EFF-8FC8-1C7D5A27E944}.Debug|x64.ActiveCfg = Debug|x64
19 | 		{44B1CDF3-E3D8-4EFF-8FC8-1C7D5A27E944}.Debug|x64.Build.0 = Debug|x64
20 | 		{44B1CDF3-E3D8-4EFF-8FC8-1C7D5A27E944}.Debug|x86.ActiveCfg = Debug|Win32
21 | 		{44B1CDF3-E3D8-4EFF-8FC8-1C7D5A27E944}.Debug|x86.Build.0 = Debug|Win32
22 | 		{44B1CDF3-E3D8-4EFF-8FC8-1C7D5A27E944}.Release|x64.ActiveCfg = Release|x64
23 | 		{44B1CDF3-E3D8-4EFF-8FC8-1C7D5A27E944}.Release|x64.Build.0 = Release|x64
24 | 		{44B1CDF3-E3D8-4EFF-8FC8-1C7D5A27E944}.Release|x86.ActiveCfg = Release|Win32
25 | 		{44B1CDF3-E3D8-4EFF-8FC8-1C7D5A27E944}.Release|x86.Build.0 = Release|Win32
26 | 		{684CA95C-3E4D-427C-92A3-31C6178138F9}.Debug|x64.ActiveCfg = Debug|x64
27 | 		{684CA95C-3E4D-427C-92A3-31C6178138F9}.Debug|x64.Build.0 = Debug|x64
28 | 		{684CA95C-3E4D-427C-92A3-31C6178138F9}.Debug|x86.ActiveCfg = Debug|Win32
29 | 		{684CA95C-3E4D-427C-92A3-31C6178138F9}.Debug|x86.Build.0 = Debug|Win32
30 | 		{684CA95C-3E4D-427C-92A3-31C6178138F9}.Release|x64.ActiveCfg = Release|x64
31 | 		{684CA95C-3E4D-427C-92A3-31C6178138F9}.Release|x64.Build.0 = Release|x64
32 | 		{684CA95C-3E4D-427C-92A3-31C6178138F9}.Release|x86.ActiveCfg = Release|Win32
33 | 		{684CA95C-3E4D-427C-92A3-31C6178138F9}.Release|x86.Build.0 = Release|Win32
34 | 	EndGlobalSection
35 | 	GlobalSection(SolutionProperties) = preSolution
36 | 		HideSolutionNode = FALSE
37 | 	EndGlobalSection
38 | EndGlobal
39 | 


--------------------------------------------------------------------------------
/HijackBase/main.cpp:
--------------------------------------------------------------------------------
  1 | #include <Windows.h>
  2 | #include <iostream>
  3 | 
  4 | #include "main.h"
  5 | #include "HijackBase.h"
  6 | 
  7 | 
  8 | static void SafeCloseHandle(HANDLE processHandle)
  9 | {
 10 | 	__try {
 11 | 		if (processHandle)
 12 | 			CloseHandle(processHandle);
 13 | 	}
 14 | 	__except (EXCEPTION_EXECUTE_HANDLER) {
 15 | 	}
 16 | }
 17 | 
 18 | 
 19 | static HMODULE hNtdll = nullptr;
 20 | static lpNtQuerySystemInformation NtQuerySystemInformation = nullptr;
 21 | static lpNtDuplicateObject NtDuplicateObject = nullptr;
 22 | 
 23 | HandleHijack::CHandleHijack::CHandleHijack()
 24 | {
 25 | 	hNtdll = LoadLibraryA("ntdll");
 26 | 
 27 | 	NtQuerySystemInformation = (lpNtQuerySystemInformation)GetProcAddress(hNtdll, "NtQuerySystemInformation");
 28 | 	NtDuplicateObject = (lpNtDuplicateObject)GetProcAddress(hNtdll, "NtDuplicateObject");
 29 | }
 30 | 
 31 | int HandleHijack::CHandleHijack::FindHandle(DWORD dwTargetProcessId, LPDWORD pLastErr, LPHANDLE phHandle)
 32 | {
 33 | 	HANDLE hProcess = nullptr;
 34 | 	NTSTATUS status = 0;
 35 | 	ULONG handleInfoSize = 0x10000;
 36 | 	PSYSTEM_HANDLE_INFORMATION handleInfo = 0;
 37 | 	HANDLE processHandle = nullptr;
 38 | 
 39 | 
 40 | 	handleInfo = (PSYSTEM_HANDLE_INFORMATION)malloc(handleInfoSize);
 41 | 	ZeroMemory(handleInfo, handleInfoSize);
 42 | 
 43 | 	while ((status = NtQuerySystemInformation(SystemHandleInformation, handleInfo, handleInfoSize, NULL)) == STATUS_INFO_LENGTH_MISMATCH)
 44 | 	{
 45 | 		handleInfoSize *= 2;
 46 | 		handleInfo = (PSYSTEM_HANDLE_INFORMATION)realloc(handleInfo, handleInfoSize);
 47 | 	}
 48 | 
 49 | 	if (!NT_SUCCESS(status)) {
 50 | 		free(handleInfo);
 51 | 		*pLastErr = GetLastError();
 52 | 		return -1;
 53 | 	}
 54 | 
 55 | 	for (ULONG i = 0; i < handleInfo->HandleCount; i++)
 56 | 	{
 57 | 		auto handle = handleInfo->Handles[i];
 58 | 		HANDLE dupHandle = NULL;
 59 | 
 60 | 		if (handle.ObjectTypeNumber != 0x5 && handle.ObjectTypeNumber != 0x7) /* Just process handles */
 61 | 			continue;
 62 | 
 63 | 
 64 | 		SafeCloseHandle(processHandle);
 65 | 
 66 | 		processHandle = OpenProcess(PROCESS_DUP_HANDLE, FALSE, handle.ProcessId);
 67 | 		if (!processHandle || processHandle == INVALID_HANDLE_VALUE)
 68 | 			continue;
 69 | 
 70 | 
 71 | 		status = NtDuplicateObject(processHandle, (HANDLE)handle.Handle, NtCurrentProcess, &dupHandle, PROCESS_ALL_ACCESS, 0, 0);
 72 | 		if (!NT_SUCCESS(status))
 73 | 		{
 74 | 			*pLastErr = GetLastError();		
 75 | 			continue;
 76 | 		}
 77 | 
 78 | 
 79 | 		if (GetProcessId(dupHandle) != dwTargetProcessId) {
 80 | 			SafeCloseHandle(dupHandle);
 81 | 			continue;
 82 | 		}
 83 | 
 84 | 
 85 | 		hProcess = dupHandle;
 86 | 		printf("Available handle found on: %u\n", handle.ProcessId);
 87 | 		break;
 88 | 	}
 89 | 
 90 | 	free(handleInfo);
 91 | 	SafeCloseHandle(processHandle);
 92 | 
 93 | 	if (!hProcess)
 94 | 		return -2;
 95 | 
 96 | 	SetLastError(ERROR_SUCCESS);
 97 | 	*phHandle = hProcess;
 98 | 
 99 | 	return 0;
100 | }
101 | 
102 | 


--------------------------------------------------------------------------------
/HijackTest/HijackTest.vcxproj:
--------------------------------------------------------------------------------
  1 | <?xml version="1.0" encoding="utf-8"?>
  2 | <Project DefaultTargets="Build" ToolsVersion="14.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
  3 |   <ItemGroup Label="ProjectConfigurations">
  4 |     <ProjectConfiguration Include="Debug|Win32">
  5 |       <Configuration>Debug</Configuration>
  6 |       <Platform>Win32</Platform>
  7 |     </ProjectConfiguration>
  8 |     <ProjectConfiguration Include="Release|Win32">
  9 |       <Configuration>Release</Configuration>
 10 |       <Platform>Win32</Platform>
 11 |     </ProjectConfiguration>
 12 |     <ProjectConfiguration Include="Debug|x64">
 13 |       <Configuration>Debug</Configuration>
 14 |       <Platform>x64</Platform>
 15 |     </ProjectConfiguration>
 16 |     <ProjectConfiguration Include="Release|x64">
 17 |       <Configuration>Release</Configuration>
 18 |       <Platform>x64</Platform>
 19 |     </ProjectConfiguration>
 20 |   </ItemGroup>
 21 |   <PropertyGroup Label="Globals">
 22 |     <ProjectGuid>{684CA95C-3E4D-427C-92A3-31C6178138F9}</ProjectGuid>
 23 |     <Keyword>Win32Proj</Keyword>
 24 |     <RootNamespace>HijackTest</RootNamespace>
 25 |     <WindowsTargetPlatformVersion>8.1</WindowsTargetPlatformVersion>
 26 |   </PropertyGroup>
 27 |   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
 28 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
 29 |     <ConfigurationType>Application</ConfigurationType>
 30 |     <UseDebugLibraries>true</UseDebugLibraries>
 31 |     <PlatformToolset>v140</PlatformToolset>
 32 |     <CharacterSet>MultiByte</CharacterSet>
 33 |   </PropertyGroup>
 34 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
 35 |     <ConfigurationType>Application</ConfigurationType>
 36 |     <UseDebugLibraries>false</UseDebugLibraries>
 37 |     <PlatformToolset>v140</PlatformToolset>
 38 |     <WholeProgramOptimization>true</WholeProgramOptimization>
 39 |     <CharacterSet>MultiByte</CharacterSet>
 40 |   </PropertyGroup>
 41 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
 42 |     <ConfigurationType>Application</ConfigurationType>
 43 |     <UseDebugLibraries>true</UseDebugLibraries>
 44 |     <PlatformToolset>v140</PlatformToolset>
 45 |     <CharacterSet>MultiByte</CharacterSet>
 46 |   </PropertyGroup>
 47 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
 48 |     <ConfigurationType>Application</ConfigurationType>
 49 |     <UseDebugLibraries>false</UseDebugLibraries>
 50 |     <PlatformToolset>v140</PlatformToolset>
 51 |     <WholeProgramOptimization>true</WholeProgramOptimization>
 52 |     <CharacterSet>MultiByte</CharacterSet>
 53 |   </PropertyGroup>
 54 |   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
 55 |   <ImportGroup Label="ExtensionSettings">
 56 |   </ImportGroup>
 57 |   <ImportGroup Label="Shared">
 58 |   </ImportGroup>
 59 |   <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
 60 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
 61 |   </ImportGroup>
 62 |   <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
 63 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
 64 |   </ImportGroup>
 65 |   <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
 66 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
 67 |   </ImportGroup>
 68 |   <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
 69 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
 70 |   </ImportGroup>
 71 |   <PropertyGroup Label="UserMacros" />
 72 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
 73 |     <LinkIncremental>true</LinkIncremental>
 74 |   </PropertyGroup>
 75 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
 76 |     <LinkIncremental>true</LinkIncremental>
 77 |     <OutDir>$(SolutionDir)$(Configuration)\</OutDir>
 78 |     <IntDir>$(Configuration)\</IntDir>
 79 |   </PropertyGroup>
 80 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
 81 |     <LinkIncremental>false</LinkIncremental>
 82 |   </PropertyGroup>
 83 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
 84 |     <LinkIncremental>false</LinkIncremental>
 85 |     <OutDir>$(SolutionDir)$(Configuration)\</OutDir>
 86 |     <IntDir>$(Configuration)\</IntDir>
 87 |   </PropertyGroup>
 88 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
 89 |     <ClCompile>
 90 |       <PrecompiledHeader>
 91 |       </PrecompiledHeader>
 92 |       <WarningLevel>Level3</WarningLevel>
 93 |       <Optimization>Disabled</Optimization>
 94 |       <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
 95 |       <SDLCheck>true</SDLCheck>
 96 |     </ClCompile>
 97 |     <Link>
 98 |       <SubSystem>Console</SubSystem>
 99 |       <GenerateDebugInformation>true</GenerateDebugInformation>
100 |     </Link>
101 |   </ItemDefinitionGroup>
102 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
103 |     <ClCompile>
104 |       <PrecompiledHeader>
105 |       </PrecompiledHeader>
106 |       <WarningLevel>Level3</WarningLevel>
107 |       <Optimization>Disabled</Optimization>
108 |       <PreprocessorDefinitions>_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
109 |       <SDLCheck>true</SDLCheck>
110 |     </ClCompile>
111 |     <Link>
112 |       <SubSystem>Console</SubSystem>
113 |       <GenerateDebugInformation>true</GenerateDebugInformation>
114 |     </Link>
115 |   </ItemDefinitionGroup>
116 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
117 |     <ClCompile>
118 |       <WarningLevel>Level3</WarningLevel>
119 |       <PrecompiledHeader>
120 |       </PrecompiledHeader>
121 |       <Optimization>MaxSpeed</Optimization>
122 |       <FunctionLevelLinking>true</FunctionLevelLinking>
123 |       <IntrinsicFunctions>true</IntrinsicFunctions>
124 |       <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
125 |       <SDLCheck>true</SDLCheck>
126 |     </ClCompile>
127 |     <Link>
128 |       <SubSystem>Console</SubSystem>
129 |       <EnableCOMDATFolding>true</EnableCOMDATFolding>
130 |       <OptimizeReferences>true</OptimizeReferences>
131 |       <GenerateDebugInformation>true</GenerateDebugInformation>
132 |     </Link>
133 |   </ItemDefinitionGroup>
134 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
135 |     <ClCompile>
136 |       <WarningLevel>Level3</WarningLevel>
137 |       <PrecompiledHeader>
138 |       </PrecompiledHeader>
139 |       <Optimization>MaxSpeed</Optimization>
140 |       <FunctionLevelLinking>true</FunctionLevelLinking>
141 |       <IntrinsicFunctions>true</IntrinsicFunctions>
142 |       <PreprocessorDefinitions>NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
143 |       <SDLCheck>true</SDLCheck>
144 |     </ClCompile>
145 |     <Link>
146 |       <SubSystem>Console</SubSystem>
147 |       <EnableCOMDATFolding>true</EnableCOMDATFolding>
148 |       <OptimizeReferences>true</OptimizeReferences>
149 |       <GenerateDebugInformation>true</GenerateDebugInformation>
150 |     </Link>
151 |   </ItemDefinitionGroup>
152 |   <ItemGroup>
153 |     <ClCompile Include="main.cpp" />
154 |   </ItemGroup>
155 |   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
156 |   <ImportGroup Label="ExtensionTargets">
157 |   </ImportGroup>
158 | </Project>


--------------------------------------------------------------------------------
/HijackBase/HijackBase.vcxproj:
--------------------------------------------------------------------------------
  1 | <?xml version="1.0" encoding="utf-8"?>
  2 | <Project DefaultTargets="Build" ToolsVersion="14.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
  3 |   <ItemGroup Label="ProjectConfigurations">
  4 |     <ProjectConfiguration Include="Debug|Win32">
  5 |       <Configuration>Debug</Configuration>
  6 |       <Platform>Win32</Platform>
  7 |     </ProjectConfiguration>
  8 |     <ProjectConfiguration Include="Release|Win32">
  9 |       <Configuration>Release</Configuration>
 10 |       <Platform>Win32</Platform>
 11 |     </ProjectConfiguration>
 12 |     <ProjectConfiguration Include="Debug|x64">
 13 |       <Configuration>Debug</Configuration>
 14 |       <Platform>x64</Platform>
 15 |     </ProjectConfiguration>
 16 |     <ProjectConfiguration Include="Release|x64">
 17 |       <Configuration>Release</Configuration>
 18 |       <Platform>x64</Platform>
 19 |     </ProjectConfiguration>
 20 |   </ItemGroup>
 21 |   <PropertyGroup Label="Globals">
 22 |     <ProjectGuid>{44B1CDF3-E3D8-4EFF-8FC8-1C7D5A27E944}</ProjectGuid>
 23 |     <Keyword>Win32Proj</Keyword>
 24 |     <RootNamespace>HijackBase</RootNamespace>
 25 |     <WindowsTargetPlatformVersion>8.1</WindowsTargetPlatformVersion>
 26 |   </PropertyGroup>
 27 |   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
 28 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
 29 |     <ConfigurationType>StaticLibrary</ConfigurationType>
 30 |     <UseDebugLibraries>true</UseDebugLibraries>
 31 |     <PlatformToolset>v140</PlatformToolset>
 32 |     <CharacterSet>MultiByte</CharacterSet>
 33 |   </PropertyGroup>
 34 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
 35 |     <ConfigurationType>StaticLibrary</ConfigurationType>
 36 |     <UseDebugLibraries>false</UseDebugLibraries>
 37 |     <PlatformToolset>v140</PlatformToolset>
 38 |     <WholeProgramOptimization>true</WholeProgramOptimization>
 39 |     <CharacterSet>MultiByte</CharacterSet>
 40 |   </PropertyGroup>
 41 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
 42 |     <ConfigurationType>StaticLibrary</ConfigurationType>
 43 |     <UseDebugLibraries>true</UseDebugLibraries>
 44 |     <PlatformToolset>v140</PlatformToolset>
 45 |     <CharacterSet>MultiByte</CharacterSet>
 46 |   </PropertyGroup>
 47 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
 48 |     <ConfigurationType>StaticLibrary</ConfigurationType>
 49 |     <UseDebugLibraries>false</UseDebugLibraries>
 50 |     <PlatformToolset>v140</PlatformToolset>
 51 |     <WholeProgramOptimization>true</WholeProgramOptimization>
 52 |     <CharacterSet>MultiByte</CharacterSet>
 53 |   </PropertyGroup>
 54 |   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
 55 |   <ImportGroup Label="ExtensionSettings">
 56 |   </ImportGroup>
 57 |   <ImportGroup Label="Shared">
 58 |   </ImportGroup>
 59 |   <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
 60 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
 61 |   </ImportGroup>
 62 |   <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
 63 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
 64 |   </ImportGroup>
 65 |   <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
 66 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
 67 |   </ImportGroup>
 68 |   <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
 69 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
 70 |   </ImportGroup>
 71 |   <PropertyGroup Label="UserMacros" />
 72 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
 73 |     <IntDir>$(Configuration)\</IntDir>
 74 |     <OutDir>$(SolutionDir)$(Configuration)\</OutDir>
 75 |   </PropertyGroup>
 76 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
 77 |     <IntDir>$(Configuration)\</IntDir>
 78 |     <OutDir>$(SolutionDir)$(Configuration)\</OutDir>
 79 |   </PropertyGroup>
 80 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
 81 |     <ClCompile>
 82 |       <PrecompiledHeader>Create</PrecompiledHeader>
 83 |       <WarningLevel>Level3</WarningLevel>
 84 |       <Optimization>Disabled</Optimization>
 85 |       <PreprocessorDefinitions>WIN32;_DEBUG;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
 86 |       <SDLCheck>true</SDLCheck>
 87 |       <PrecompiledHeaderFile>HijackBase.h</PrecompiledHeaderFile>
 88 |     </ClCompile>
 89 |     <Link>
 90 |       <SubSystem>Windows</SubSystem>
 91 |     </Link>
 92 |   </ItemDefinitionGroup>
 93 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
 94 |     <ClCompile>
 95 |       <PrecompiledHeader>Create</PrecompiledHeader>
 96 |       <WarningLevel>Level3</WarningLevel>
 97 |       <Optimization>Disabled</Optimization>
 98 |       <PreprocessorDefinitions>_DEBUG;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
 99 |       <SDLCheck>true</SDLCheck>
100 |       <PrecompiledHeaderFile>HijackBase.h</PrecompiledHeaderFile>
101 |     </ClCompile>
102 |     <Link>
103 |       <SubSystem>Windows</SubSystem>
104 |     </Link>
105 |   </ItemDefinitionGroup>
106 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
107 |     <ClCompile>
108 |       <WarningLevel>Level3</WarningLevel>
109 |       <PrecompiledHeader>Create</PrecompiledHeader>
110 |       <Optimization>MaxSpeed</Optimization>
111 |       <FunctionLevelLinking>true</FunctionLevelLinking>
112 |       <IntrinsicFunctions>true</IntrinsicFunctions>
113 |       <PreprocessorDefinitions>WIN32;NDEBUG;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
114 |       <SDLCheck>true</SDLCheck>
115 |       <PrecompiledHeaderFile>HijackBase.h</PrecompiledHeaderFile>
116 |     </ClCompile>
117 |     <Link>
118 |       <SubSystem>Windows</SubSystem>
119 |       <EnableCOMDATFolding>true</EnableCOMDATFolding>
120 |       <OptimizeReferences>true</OptimizeReferences>
121 |     </Link>
122 |   </ItemDefinitionGroup>
123 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
124 |     <ClCompile>
125 |       <WarningLevel>Level3</WarningLevel>
126 |       <PrecompiledHeader>Create</PrecompiledHeader>
127 |       <Optimization>MaxSpeed</Optimization>
128 |       <FunctionLevelLinking>true</FunctionLevelLinking>
129 |       <IntrinsicFunctions>true</IntrinsicFunctions>
130 |       <PreprocessorDefinitions>NDEBUG;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
131 |       <SDLCheck>true</SDLCheck>
132 |       <PrecompiledHeaderFile>HijackBase.h</PrecompiledHeaderFile>
133 |     </ClCompile>
134 |     <Link>
135 |       <SubSystem>Windows</SubSystem>
136 |       <EnableCOMDATFolding>true</EnableCOMDATFolding>
137 |       <OptimizeReferences>true</OptimizeReferences>
138 |     </Link>
139 |   </ItemDefinitionGroup>
140 |   <ItemGroup>
141 |     <ClInclude Include="HijackBase.h" />
142 |     <ClInclude Include="main.h" />
143 |   </ItemGroup>
144 |   <ItemGroup>
145 |     <ClCompile Include="main.cpp">
146 |       <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">Create</PrecompiledHeader>
147 |       <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">Create</PrecompiledHeader>
148 |       <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">Create</PrecompiledHeader>
149 |       <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Release|x64'">Create</PrecompiledHeader>
150 |     </ClCompile>
151 |   </ItemGroup>
152 |   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
153 |   <ImportGroup Label="ExtensionTargets">
154 |   </ImportGroup>
155 | </Project>


--------------------------------------------------------------------------------
/HijackBase/main.h:
--------------------------------------------------------------------------------
  1 | #pragma once
  2 | 
  3 | #define STATUS_INFO_LENGTH_MISMATCH ((NTSTATUS) 0xC0000004)
  4 | #define NT_SUCCESS(Status)			(((NTSTATUS)(Status)) >= 0)
  5 | #define NtCurrentProcess			((HANDLE)(LONG_PTR)-1)
  6 | 
  7 | typedef enum _SYSTEM_INFORMATION_CLASS
  8 | {
  9 | 	SystemBasicInformation, // q: SYSTEM_BASIC_INFORMATION
 10 | 	SystemProcessorInformation, // q: SYSTEM_PROCESSOR_INFORMATION
 11 | 	SystemPerformanceInformation, // q: SYSTEM_PERFORMANCE_INFORMATION
 12 | 	SystemTimeOfDayInformation, // q: SYSTEM_TIMEOFDAY_INFORMATION
 13 | 	SystemPathInformation, // not implemented
 14 | 	SystemProcessInformation, // q: SYSTEM_PROCESS_INFORMATION
 15 | 	SystemCallCountInformation, // q: SYSTEM_CALL_COUNT_INFORMATION
 16 | 	SystemDeviceInformation, // q: SYSTEM_DEVICE_INFORMATION
 17 | 	SystemProcessorPerformanceInformation, // q: SYSTEM_PROCESSOR_PERFORMANCE_INFORMATION
 18 | 	SystemFlagsInformation, // q: SYSTEM_FLAGS_INFORMATION
 19 | 	SystemCallTimeInformation, // 10, not implemented
 20 | 	SystemModuleInformation, // q: RTL_PROCESS_MODULES
 21 | 	SystemLocksInformation,
 22 | 	SystemStackTraceInformation,
 23 | 	SystemPagedPoolInformation, // not implemented
 24 | 	SystemNonPagedPoolInformation, // not implemented
 25 | 	SystemHandleInformation, // q: SYSTEM_HANDLE_INFORMATION
 26 | 	SystemObjectInformation, // q: SYSTEM_OBJECTTYPE_INFORMATION mixed with SYSTEM_OBJECT_INFORMATION
 27 | 	SystemPageFileInformation, // q: SYSTEM_PAGEFILE_INFORMATION
 28 | 	SystemVdmInstemulInformation, // q
 29 | 	SystemVdmBopInformation, // 20, not implemented
 30 | 	SystemFileCacheInformation, // q: SYSTEM_FILECACHE_INFORMATION; s (requires SeIncreaseQuotaPrivilege) (info for WorkingSetTypeSystemCache)
 31 | 	SystemPoolTagInformation, // q: SYSTEM_POOLTAG_INFORMATION
 32 | 	SystemInterruptInformation, // q: SYSTEM_INTERRUPT_INFORMATION
 33 | 	SystemDpcBehaviorInformation, // q: SYSTEM_DPC_BEHAVIOR_INFORMATION; s: SYSTEM_DPC_BEHAVIOR_INFORMATION (requires SeLoadDriverPrivilege)
 34 | 	SystemFullMemoryInformation, // not implemented
 35 | 	SystemLoadGdiDriverInformation, // s (kernel-mode only)
 36 | 	SystemUnloadGdiDriverInformation, // s (kernel-mode only)
 37 | 	SystemTimeAdjustmentInformation, // q: SYSTEM_QUERY_TIME_ADJUST_INFORMATION; s: SYSTEM_SET_TIME_ADJUST_INFORMATION (requires SeSystemtimePrivilege)
 38 | 	SystemSummaryMemoryInformation, // not implemented
 39 | 	SystemMirrorMemoryInformation, // 30, s (requires license value "Kernel-MemoryMirroringSupported") (requires SeShutdownPrivilege)
 40 | 	SystemPerformanceTraceInformation, // s
 41 | 	SystemObsolete0, // not implemented
 42 | 	SystemExceptionInformation, // q: SYSTEM_EXCEPTION_INFORMATION
 43 | 	SystemCrashDumpStateInformation, // s (requires SeDebugPrivilege)
 44 | 	SystemKernelDebuggerInformation, // q: SYSTEM_KERNEL_DEBUGGER_INFORMATION
 45 | 	SystemContextSwitchInformation, // q: SYSTEM_CONTEXT_SWITCH_INFORMATION
 46 | 	SystemRegistryQuotaInformation, // q: SYSTEM_REGISTRY_QUOTA_INFORMATION; s (requires SeIncreaseQuotaPrivilege)
 47 | 	SystemExtendServiceTableInformation, // s (requires SeLoadDriverPrivilege) // loads win32k only
 48 | 	SystemPrioritySeperation, // s (requires SeTcbPrivilege)
 49 | 	SystemVerifierAddDriverInformation, // 40, s (requires SeDebugPrivilege)
 50 | 	SystemVerifierRemoveDriverInformation, // s (requires SeDebugPrivilege)
 51 | 	SystemProcessorIdleInformation, // q: SYSTEM_PROCESSOR_IDLE_INFORMATION
 52 | 	SystemLegacyDriverInformation, // q: SYSTEM_LEGACY_DRIVER_INFORMATION
 53 | 	SystemCurrentTimeZoneInformation, // q
 54 | 	SystemLookasideInformation, // q: SYSTEM_LOOKASIDE_INFORMATION
 55 | 	SystemTimeSlipNotification, // s (requires SeSystemtimePrivilege)
 56 | 	SystemSessionCreate, // not implemented
 57 | 	SystemSessionDetach, // not implemented
 58 | 	SystemSessionInformation, // not implemented
 59 | 	SystemRangeStartInformation, // 50, q
 60 | 	SystemVerifierInformation, // q: SYSTEM_VERIFIER_INFORMATION; s (requires SeDebugPrivilege)
 61 | 	SystemVerifierThunkExtend, // s (kernel-mode only)
 62 | 	SystemSessionProcessInformation, // q: SYSTEM_SESSION_PROCESS_INFORMATION
 63 | 	SystemLoadGdiDriverInSystemSpace, // s (kernel-mode only) (same as SystemLoadGdiDriverInformation)
 64 | 	SystemNumaProcessorMap, // q
 65 | 	SystemPrefetcherInformation, // q: PREFETCHER_INFORMATION; s: PREFETCHER_INFORMATION // PfSnQueryPrefetcherInformation
 66 | 	SystemExtendedProcessInformation, // q: SYSTEM_PROCESS_INFORMATION
 67 | 	SystemRecommendedSharedDataAlignment, // q
 68 | 	SystemComPlusPackage, // q; s
 69 | 	SystemNumaAvailableMemory, // 60
 70 | 	SystemProcessorPowerInformation, // q: SYSTEM_PROCESSOR_POWER_INFORMATION
 71 | 	SystemEmulationBasicInformation, // q
 72 | 	SystemEmulationProcessorInformation,
 73 | 	SystemExtendedHandleInformation, // q: SYSTEM_HANDLE_INFORMATION_EX
 74 | 	SystemLostDelayedWriteInformation, // q: ULONG
 75 | 	SystemBigPoolInformation, // q: SYSTEM_BIGPOOL_INFORMATION
 76 | 	SystemSessionPoolTagInformation, // q: SYSTEM_SESSION_POOLTAG_INFORMATION
 77 | 	SystemSessionMappedViewInformation, // q: SYSTEM_SESSION_MAPPED_VIEW_INFORMATION
 78 | 	SystemHotpatchInformation, // q; s
 79 | 	SystemObjectSecurityMode, // 70, q
 80 | 	SystemWatchdogTimerHandler, // s (kernel-mode only)
 81 | 	SystemWatchdogTimerInformation, // q (kernel-mode only); s (kernel-mode only)
 82 | 	SystemLogicalProcessorInformation, // q: SYSTEM_LOGICAL_PROCESSOR_INFORMATION
 83 | 	SystemWow64SharedInformationObsolete, // not implemented
 84 | 	SystemRegisterFirmwareTableInformationHandler, // s (kernel-mode only)
 85 | 	SystemFirmwareTableInformation, // not implemented
 86 | 	SystemModuleInformationEx, // q: RTL_PROCESS_MODULE_INFORMATION_EX
 87 | 	SystemVerifierTriageInformation, // not implemented
 88 | 	SystemSuperfetchInformation, // q: SUPERFETCH_INFORMATION; s: SUPERFETCH_INFORMATION // PfQuerySuperfetchInformation
 89 | 	SystemMemoryListInformation, // 80, q: SYSTEM_MEMORY_LIST_INFORMATION; s: SYSTEM_MEMORY_LIST_COMMAND (requires SeProfileSingleProcessPrivilege)
 90 | 	SystemFileCacheInformationEx, // q: SYSTEM_FILECACHE_INFORMATION; s (requires SeIncreaseQuotaPrivilege) (same as SystemFileCacheInformation)
 91 | 	SystemThreadPriorityClientIdInformation, // s: SYSTEM_THREAD_CID_PRIORITY_INFORMATION (requires SeIncreaseBasePriorityPrivilege)
 92 | 	SystemProcessorIdleCycleTimeInformation, // q: SYSTEM_PROCESSOR_IDLE_CYCLE_TIME_INFORMATION[]
 93 | 	SystemVerifierCancellationInformation, // not implemented // name:wow64:whNT32QuerySystemVerifierCancellationInformation
 94 | 	SystemProcessorPowerInformationEx, // not implemented
 95 | 	SystemRefTraceInformation, // q; s // ObQueryRefTraceInformation
 96 | 	SystemSpecialPoolInformation, // q; s (requires SeDebugPrivilege) // MmSpecialPoolTag, then MmSpecialPoolCatchOverruns != 0
 97 | 	SystemProcessIdInformation, // q: SYSTEM_PROCESS_ID_INFORMATION
 98 | 	SystemErrorPortInformation, // s (requires SeTcbPrivilege)
 99 | 	SystemBootEnvironmentInformation, // 90, q: SYSTEM_BOOT_ENVIRONMENT_INFORMATION
100 | 	SystemHypervisorInformation, // q; s (kernel-mode only)
101 | 	SystemVerifierInformationEx, // q; s
102 | 	SystemTimeZoneInformation, // s (requires SeTimeZonePrivilege)
103 | 	SystemImageFileExecutionOptionsInformation, // s: SYSTEM_IMAGE_FILE_EXECUTION_OPTIONS_INFORMATION (requires SeTcbPrivilege)
104 | 	SystemCoverageInformation, // q; s // name:wow64:whNT32QuerySystemCoverageInformation; ExpCovQueryInformation
105 | 	SystemPrefetchPatchInformation, // not implemented
106 | 	SystemVerifierFaultsInformation, // s (requires SeDebugPrivilege)
107 | 	SystemSystemPartitionInformation, // q: SYSTEM_SYSTEM_PARTITION_INFORMATION
108 | 	SystemSystemDiskInformation, // q: SYSTEM_SYSTEM_DISK_INFORMATION
109 | 	SystemProcessorPerformanceDistribution, // 100, q: SYSTEM_PROCESSOR_PERFORMANCE_DISTRIBUTION
110 | 	SystemNumaProximityNodeInformation, // q
111 | 	SystemDynamicTimeZoneInformation, // q; s (requires SeTimeZonePrivilege)
112 | 	SystemCodeIntegrityInformation, // q // SeCodeIntegrityQueryInformation
113 | 	SystemProcessorMicrocodeUpdateInformation, // s
114 | 	SystemProcessorBrandString, // q // HaliQuerySystemInformation -> HalpGetProcessorBrandString, info class 23
115 | 	SystemVirtualAddressInformation, // q: SYSTEM_VA_LIST_INFORMATION[]; s: SYSTEM_VA_LIST_INFORMATION[] (requires SeIncreaseQuotaPrivilege) // MmQuerySystemVaInformation
116 | 	SystemLogicalProcessorAndGroupInformation, // q: SYSTEM_LOGICAL_PROCESSOR_INFORMATION_EX // since WIN7 // KeQueryLogicalProcessorRelationship
117 | 	SystemProcessorCycleTimeInformation, // q: SYSTEM_PROCESSOR_CYCLE_TIME_INFORMATION[]
118 | 	SystemStoreInformation, // q; s // SmQueryStoreInformation
119 | 	SystemRegistryAppendString, // 110, s: SYSTEM_REGISTRY_APPEND_STRING_PARAMETERS
120 | 	SystemAitSamplingValue, // s: ULONG (requires SeProfileSingleProcessPrivilege)
121 | 	SystemVhdBootInformation, // q: SYSTEM_VHD_BOOT_INFORMATION
122 | 	SystemCpuQuotaInformation, // q; s // PsQueryCpuQuotaInformation
123 | 	SystemNativeBasicInformation, // not implemented
124 | 	SystemSpare1, // not implemented
125 | 	SystemLowPriorityIoInformation, // q: SYSTEM_LOW_PRIORITY_IO_INFORMATION
126 | 	SystemTpmBootEntropyInformation, // q: TPM_BOOT_ENTROPY_NT_RESULT // ExQueryTpmBootEntropyInformation
127 | 	SystemVerifierCountersInformation, // q: SYSTEM_VERIFIER_COUNTERS_INFORMATION
128 | 	SystemPagedPoolInformationEx, // q: SYSTEM_FILECACHE_INFORMATION; s (requires SeIncreaseQuotaPrivilege) (info for WorkingSetTypePagedPool)
129 | 	SystemSystemPtesInformationEx, // 120, q: SYSTEM_FILECACHE_INFORMATION; s (requires SeIncreaseQuotaPrivilege) (info for WorkingSetTypeSystemPtes)
130 | 	SystemNodeDistanceInformation, // q
131 | 	SystemAcpiAuditInformation, // q: SYSTEM_ACPI_AUDIT_INFORMATION // HaliQuerySystemInformation -> HalpAuditQueryResults, info class 26
132 | 	SystemBasicPerformanceInformation, // q: SYSTEM_BASIC_PERFORMANCE_INFORMATION // name:wow64:whNtQuerySystemInformation_SystemBasicPerformanceInformation
133 | 	SystemQueryPerformanceCounterInformation, // q: SYSTEM_QUERY_PERFORMANCE_COUNTER_INFORMATION // since WIN7 SP1
134 | 	SystemSessionBigPoolInformation, // since WIN8
135 | 	SystemBootGraphicsInformation,
136 | 	SystemScrubPhysicalMemoryInformation,
137 | 	SystemBadPageInformation,
138 | 	SystemProcessorProfileControlArea,
139 | 	SystemCombinePhysicalMemoryInformation, // 130
140 | 	SystemEntropyInterruptTimingCallback,
141 | 	SystemConsoleInformation,
142 | 	SystemPlatformBinaryInformation,
143 | 	SystemThrottleNotificationInformation,
144 | 	SystemHypervisorProcessorCountInformation,
145 | 	SystemDeviceDataInformation,
146 | 	SystemDeviceDataEnumerationInformation,
147 | 	SystemMemoryTopologyInformation,
148 | 	SystemMemoryChannelInformation,
149 | 	SystemBootLogoInformation, // 140
150 | 	SystemProcessorPerformanceInformationEx, // since WINBLUE
151 | 	SystemSpare0,
152 | 	SystemSecureBootPolicyInformation,
153 | 	SystemPageFileInformationEx,
154 | 	SystemSecureBootInformation,
155 | 	SystemEntropyInterruptTimingRawInformation,
156 | 	SystemPortableWorkspaceEfiLauncherInformation,
157 | 	SystemFullProcessInformation, // q: SYSTEM_PROCESS_INFORMATION with SYSTEM_PROCESS_INFORMATION_EXTENSION (requires admin)
158 | 	SystemKernelDebuggerInformationEx,
159 | 	SystemBootMetadataInformation, // 150
160 | 	SystemSoftRebootInformation,
161 | 	SystemElamCertificateInformation,
162 | 	SystemOfflineDumpConfigInformation,
163 | 	SystemProcessorFeaturesInformation,
164 | 	SystemRegistryReconciliationInformation,
165 | 	SystemEdidInformation,
166 | 	MaxSystemInfoClass
167 | } SYSTEM_INFORMATION_CLASS;
168 | 
169 | typedef struct _SYSTEM_HANDLE
170 | {
171 | 	ULONG ProcessId;
172 | 	BYTE ObjectTypeNumber;
173 | 	BYTE Flags;
174 | 	USHORT Handle;
175 | 	PVOID Object;
176 | 	ACCESS_MASK GrantedAccess;
177 | } SYSTEM_HANDLE, *PSYSTEM_HANDLE;
178 | 
179 | typedef struct _SYSTEM_HANDLE_INFORMATION
180 | {
181 | 	ULONG HandleCount;
182 | 	SYSTEM_HANDLE Handles[1];
183 | } SYSTEM_HANDLE_INFORMATION, *PSYSTEM_HANDLE_INFORMATION;
184 | 
185 | 
186 | typedef NTSTATUS(NTAPI* lpNtQuerySystemInformation)(SYSTEM_INFORMATION_CLASS SystemInformationClass, PVOID SystemInformation, ULONG SystemInformationLength, PULONG ReturnLength);
187 | typedef NTSTATUS(NTAPI* lpNtDuplicateObject)(HANDLE SourceProcessHandle, HANDLE SourceHandle, HANDLE TargetProcessHandle, PHANDLE TargetHandle, ACCESS_MASK DesiredAccess, ULONG Attributes, ULONG Options);
188 | 
189 | 


--------------------------------------------------------------------------------