Skip to main content

WindowsHandleTable

vmi_os_windows

Struct WindowsHandleTable 

Source 
pub struct WindowsHandleTable<'a, Driver>
where
    Driver: VmiRead,
    Driver::Architecture: ArchAdapter<Driver>,
{ /* private fields */ }
Expand description

A Windows handle table.

A handle table in Windows tracks handles to kernel objects for a specific process, allowing access control and management.

§Implementation Details

Corresponds to _HANDLE_TABLE.

Implementations§

Source§

impl<'a, Driver> WindowsHandleTable<'a, Driver>
where Driver: VmiRead, Driver::Architecture: ArchAdapter<Driver>,

Source

pub fn new(vmi: VmiState<'a, WindowsOs<Driver>>, va: Va) -> Self

Creates a new Windows module object.

Source

pub fn table_code(&self) -> Result<u64, VmiError>

Returns the table code of the handle table.

§Notes

This value is cached after the first read.

§Implementation Details

Corresponds to _HANDLE_TABLE.TableCode.

Source

pub fn next_handle_needing_pool(&self) -> Result<u64, VmiError>

Returns the next handle needing pool.

This value tracks the next handle slot that requires additional pool allocation.

§Notes

This value is cached after the first read.

§Implementation Details

Corresponds to _HANDLE_TABLE.NextHandleNeedingPool.

Source

pub fn iter( &self, ) -> Result<impl Iterator<Item = Result<(u64, WindowsHandleTableEntry<'a, Driver>), VmiError>> + use<'a, Driver>, VmiError>

Iterates over all handle table entries.

Returns an iterator over all handle table entries that have a valid object pointer. The iterator yields a tuple containing the handle value and the handle table entry.

§Implementation Details

The functionality is similar to the Windows kernel’s internal ExpSnapShotHandleTables() function.

Source

pub fn lookup( &self, handle: u64, ) -> Result<Option<WindowsHandleTableEntry<'a, Driver>>, VmiError>

Performs a lookup in the handle table to find the address of a handle table entry.

Implements the multi-level handle table lookup algorithm used by Windows. Returns the virtual address of the handle table entry.

§Implementation Details

The functionality is similar to the Windows kernel’s internal ExpLookupHandleTableEntry() function.

Trait Implementations§

Source§

impl<Driver> VmiVa for WindowsHandleTable<'_, Driver>
where Driver: VmiRead, Driver::Architecture: ArchAdapter<Driver>,

Source§

fn va(&self) -> Va

Returns the virtual address.

Auto Trait Implementations§

§

impl<'a, Driver> !Freeze for WindowsHandleTable<'a, Driver>

§

impl<'a, Driver> !RefUnwindSafe for WindowsHandleTable<'a, Driver>

§

impl<'a, Driver> !Send for WindowsHandleTable<'a, Driver>

§

impl<'a, Driver> !Sync for WindowsHandleTable<'a, Driver>

§

impl<'a, Driver> !UnwindSafe for WindowsHandleTable<'a, Driver>

§

impl<'a, Driver> Unpin for WindowsHandleTable<'a, Driver>

§

impl<'a, Driver> UnsafeUnpin for WindowsHandleTable<'a, Driver>

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> ArchivePointee for T

Source§

type ArchivedMetadata = ()

The archived version of the pointer metadata for this type.
Source§

fn pointer_metadata( _: &<T as ArchivePointee>::ArchivedMetadata, ) -> <T as Pointee>::Metadata

Converts some archived metadata to the pointer metadata for itself.
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<ST, DT> CastableFrom<ST, Initialized, Initialized> for DT
where ST: ?Sized, DT: ?Sized,

Source§

impl<ST, DT> CastableFrom<ST, Uninit, Uninit> for DT
where ST: ?Sized, DT: ?Sized,

Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T> Instrument for T

Source§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more
Source§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> LayoutRaw for T

Source§

fn layout_raw(_: <T as Pointee>::Metadata) -> Result<Layout, LayoutError>

Returns the layout of the type.
Source§

impl<T, N1, N2> Niching<NichedOption<T, N1>> for N2
where T: SharedNiching<N1, N2>, N1: Niching<T>, N2: Niching<T>,

Source§

unsafe fn is_niched(niched: *const NichedOption<T, N1>) -> bool

Returns whether the given value has been niched. Read more
Source§

fn resolve_niched(out: Place<NichedOption<T, N1>>)

Writes data to out indicating that a T is niched.
Source§

impl<T> Pointee for T

Source§

type Metadata = ()

The metadata type for pointers and references to this type.
Source§

impl<T> PolicyExt for T
where T: ?Sized,

Source§

fn and<P, B, E>(self, other: P) -> And<T, P>
where T: Sized + Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns Action::Follow only if self and other return Action::Follow. Read more
Source§

fn or<P, B, E>(self, other: P) -> Or<T, P>
where T: Sized + Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns Action::Follow if either self or other returns Action::Follow. Read more
Source§

impl<T> Read<Exclusive, BecauseExclusive> for T
where T: ?Sized,

Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<T> WithSubscriber for T

Source§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more