package documentation
Package related to Windows utilities.
Provide multiple utilities:
- Retrieving of the current `EPROCESS` and `ETHREAD`
- Retrieving
Handlefrom handle values and listing the accessible ones - Parsing the
Objectassociated with the handles
The entry point is Context that can be constructed from a reven2.trace.Context and contains methods to retrieve those information.
Known limitations
Those utilities could partially work on older Windows version but are mainly built for Windows 10 (x86 and x64).
| Module | context |
A wrapper above reven2.trace.Context to add more utilities method to it for Windows 10. |
| Module | handle |
Parsing of Windows 10 handles from handle tables |
| Module | object |
Parsing of Windows 10 objects with header and optional headers |
| Module | utils |
Some general utilities for Windows |