RE: USD Wiper with DoD 5220.22-M 04-30-2019, 04:47 PM
#12
Might be too late to write but windows stores process ids and thread ids as HANDLE even tho WINAPI uses ULONG ? So here is misuse of HANDLE and there is size difference ?
There is a lot of misuse i have seen, I just remembered this, and also HMODULE is ignored and threated as PVOID in most internal structures, and PE executables are threated as DLL's. LDR_DATA_TABLE_ENTRY is perfect example, LDR_DATA_TABLE_ENTRY is a list that stores information of all libraries and the current executable, The base address and name is stored as
EDIT: I might delete this whole post, this is never ending spam mess
Code:
typedef struct _CLIENT_ID {
HANDLE UniqueProcess;
HANDLE UniqueThread;
} CLIENT_ID;There is a lot of misuse i have seen, I just remembered this, and also HMODULE is ignored and threated as PVOID in most internal structures, and PE executables are threated as DLL's. LDR_DATA_TABLE_ENTRY is perfect example, LDR_DATA_TABLE_ENTRY is a list that stores information of all libraries and the current executable, The base address and name is stored as
Code:
PVOID DllBase;
PVOID EntryPoint;
ULONG SizeOfImage;
UNICODE_STRING FullDllName;
UNICODE_STRING BaseDllName;EDIT: I might delete this whole post, this is never ending spam mess
(This post was last modified: 04-30-2019, 04:57 PM by IsBadWritePtr.)
![[+]](https://sinister.ly/images/modern/collapse_collapsed.png)