Jump to content
Aerosol

Windows Object Explorer 64-bit (WinObjEx64)

Recommended Posts

Posted

Windows Object Explorer 64-bit (WinObjEx64)

WinObjEx64 is an advanced utility that lets you explore the Windows Object Manager namespace. For certain object types, you can double-click on it or use the "Properties..." toolbar button to get more information, such as description, attributes, resource usage etc. WinObjEx64 let you view and edit object-related security information if you have required access rights.

System Requirements

WinObjEx64 does not require administrative privileges. However administrative privilege is required to view much of the namespace and to edit object-related security information.

WinObjEx64 works only on the following x64 Windows: Windows 7, Windows 8, Windows 8.1 and Windows 10, including Server variants.

WinObjEx64 does not work on Windows XP, Windows Vista is partially supported. We have no plans of their full support.

In order to use all program features Windows must be booted in the DEBUG mode.

Build

WinObjEx64 comes with full source code.

In order to build from source you need Microsoft Visual Studio 2013 U4 and later versions.

Authors

© 2015 WinObjEx64 Project

Original WinObjEx © 2003 - 2005 Four-F

Acknowledgements

We would like to thanks the following people for their contributions (in the alphabetical order):

Andrew Ivlev aka Four-F - author of the original x86-32 WinObjEx

Giuseppe Bonfa aka Evilcry - KDSubmarine author

Mark Russinovich - author of the original proof-of-concept tool WinObj

Microsoft WinDBG developers team

Source and compiled binary here

https://github.com/hfiref0x/WinObjEx64

Project files SHA1: https://github.com/hfiref0x/WinObjEx64/blob/master/Source/SHA1.hash

Copy:

818bf9f0d4189347e9bd157a2810615109423e62 *Release\WinObjEx64.chm
957157318a64482f446b97c82afe786444b1b2ff *Release\WinObjEx64.exe
6f4df146c341d7f2dafbe5e3d1aee5f2c7b3488b *WinObjAdv\aboutDlg.c
d0e500c0092000d73fd711a5d20c35b69f4ac447 *WinObjAdv\aboutDlg.h
74fcc74b3d7d7a4467869a888dcd4f67797ca156 *WinObjAdv\excepth.c
2ba8ded754090338b733797accdb696162866e75 *WinObjAdv\excepth.h
fbad8de8cbc2eb1ed7612a495ac5e0206210d241 *WinObjAdv\findDlg.c
68449112b665b763729ef78fec2d7e2dd2bca653 *WinObjAdv\findDlg.h
08f9599cc724cda5a8148a09dc31655e1eefe345 *WinObjAdv\global.h
80c6e0253371e8debbf7389ffe954231ad5bf705 *WinObjAdv\instdrv.c
2a943159f01da7516f1a49c5bd1407a69835bbce *WinObjAdv\instdrv.h
0f68ede96ad12ad93f594525b98b3daf25e2383a *WinObjAdv\kldbg.c
1892a89b673214b71d08854f39ee55342ae72c88 *WinObjAdv\kldbg.h
37814686c9a82fdfdc568f2759cea117fc2a9952 *WinObjAdv\list.c
f26030f75546ec594fd5a87ee2fc82796480599d *WinObjAdv\list.h
9f98dd38d9b13f7572f59589973d3033d7d34fcb *WinObjAdv\main.c
e9cf1468a3ebcb67fcea1b86730a25e6669b096b *WinObjAdv\minirtl.c
500a94a62e9ba78c38833670302537cf6fb0e3d0 *WinObjAdv\minirtl.h
ef02d79e830000af6efbd0cb527eaa7a60efa917 *WinObjAdv\ntos.h
4c1698b624baaa52f6b2ff2c536b9df644e52820 *WinObjAdv\obex.manifest
92c7dfb2face6bc570fb63ee123702ebf30764f4 *WinObjAdv\propBasic.c
ff406cb1a50504533e367eca67e759f044ddd5ab *WinObjAdv\propBasic.h
a00e7fa470faad601bde2219e596c20c2294acd0 *WinObjAdv\propBasicConsts.h
4328cb76fcb70930fe8be27e7c89ad768273224f *WinObjAdv\propDesktop.c
cf5e6d7616c776aff3bcf6ec7698fb18bfd76950 *WinObjAdv\propDesktop.h
9364e13a1eb1c2c8062ce1002fcbf7d5dfba344c *WinObjAdv\propDlg.c
bdc4258b60a8c512c487cfd6c726caa0ff3b0976 *WinObjAdv\propDlg.h
72cb46536bd855f9ee2b6be32bd097ec48267909 *WinObjAdv\propDriver.c
d4bf75d244002db8da4cd5314ea757896bbcbd3e *WinObjAdv\propDriver.h
b72b9ee8ccfbbd78844548e40d6bebf42d497a67 *WinObjAdv\propDriverConsts.h
a82596fc8914f384049c68469eb45c0468866c44 *WinObjAdv\propObjectDump.c
df95b45770b80b5e88fd5cfea593eb51790222a2 *WinObjAdv\propObjectDump.h
f4de0f1071031d2ae108a683ca9deb5066a9f3a3 *WinObjAdv\propObjectDumpConsts.h
1e3d3e0747dd2bf464f9351018309e78fe02870e *WinObjAdv\propProcess.c
4a050a42f7bf083fafe23f0fe94bf34d45287559 *WinObjAdv\propProcess.h
0325abb4e9bf8867eea50fdb7f508b010d702d70 *WinObjAdv\propSecurity.c
ac8356ce68b06cbd917bd54ed463d3ea15f06856 *WinObjAdv\propSecurity.h
aefd3c0d9ea1a5506cafa3425fbb6128aab132d4 *WinObjAdv\propSecurityConsts.h
7513279bf1104150e0a1608176b899f2b5073fa3 *WinObjAdv\propType.c
b01ee5835191e2e2e47106630f5f42fcab789b92 *WinObjAdv\propType.h
565a332243f0beb23970bf4e0180c9607bd7a246 *WinObjAdv\propTypeConsts.h
21028096ddc34328c1c098ca3de2de59aa6e9075 *WinObjAdv\resource.h
4d063a98918873efcc86682d31c18aeb821e2367 *WinObjAdv\Resource.rc
f2c93d88f1a5dbfa8cafa1c31e02c866dc975371 *WinObjAdv\rsrc\100.ico
69a5a4ed71a85e99b4806563a2739d7de5dc2e38 *WinObjAdv\rsrc\101.ico
fd979dd62fdbeba6298ac1dabbc678fe0dbb0ae5 *WinObjAdv\rsrc\102.ico
c16779a0fef28aab679eda6c18e7c6f5e68a5c20 *WinObjAdv\rsrc\103.ico
bcd4d1222ebdcf1545209451c5247cb61549ec23 *WinObjAdv\rsrc\104.ico
a0b22a0e9ab1401926aef939df99acc1a7a7d9ad *WinObjAdv\rsrc\105.ico
e94d7aad576eccad0d8d8c52249700230dab76c8 *WinObjAdv\rsrc\106.ico
824001cd7bae24b7217b075d32da7618c93bdd00 *WinObjAdv\rsrc\107.ico
c5c1a26d3e2bab8086d663ce2326f476e73f0f08 *WinObjAdv\rsrc\108.ico
65f8d9d565b00930920fbff580c87d399b90f9cc *WinObjAdv\rsrc\109.ico
56c27e823eb044da4d7726f0d35d98822bd79344 *WinObjAdv\rsrc\110.ico
08b8573a1efd1803099698a011f3c3d6eb00d3da *WinObjAdv\rsrc\111.ico
f9ea074c8c152d30af74f4b266ab80aaf10a2821 *WinObjAdv\rsrc\112.ico
13e524fbc7b803ab711e11fb61f1014641cff8b6 *WinObjAdv\rsrc\113.ico
69a5a4ed71a85e99b4806563a2739d7de5dc2e38 *WinObjAdv\rsrc\114.ico
3a9b58b48fd4dfcb356abfd915036d7195c3c29c *WinObjAdv\rsrc\115.ico
335fd760d495b9a68ccafbcfb52f4f1ddc90b3fc *WinObjAdv\rsrc\116.ico
2d9b7e5622ef1c6f96cf85d344a989df7d129530 *WinObjAdv\rsrc\117.ico
aa221c069f9a53f9afa7fbccb4465ce4da6baf58 *WinObjAdv\rsrc\118.ico
530ac9c2d277d9908decb955618ab2b43995cd1f *WinObjAdv\rsrc\119.ico
4ef03bb6bbc10b1723770a03b6fd899d3be1044a *WinObjAdv\rsrc\120.ico
d84cd22bab028700050a644be5c2a7dafcc4553a *WinObjAdv\rsrc\121.ico
557be784a62110a81aa0f4b620c210e165857905 *WinObjAdv\rsrc\122.ico
674f4875596c907ee8da940edff1e98401e8b7fa *WinObjAdv\rsrc\123.ico
041a38d1522858aaede0df6d42b2479c8300c988 *WinObjAdv\rsrc\124.ico
c0832fe5bf96f11a8133bbed66449574a3fd9089 *WinObjAdv\rsrc\125.ico
0a2aeedde4dc3934e28d727396c1ff93fddf6a6e *WinObjAdv\rsrc\126.ico
56d12ceb51825d502ba3a096396404af56b8f817 *WinObjAdv\rsrc\127.ico
b7c0bf31dd02382e151e4d62fc078bc292303ff9 *WinObjAdv\rsrc\128.ico
267f398bd643e7c1591412b2c7538b79e1159ca9 *WinObjAdv\rsrc\129.ico
1be3fd5b055f60b2c2357e9cb87dddad22542a95 *WinObjAdv\rsrc\130.ico
8b725d0d5552061a6cd88e17eda3d580c4fa7fde *WinObjAdv\rsrc\131.ico
9e89e0564daacd2bb36f906e4754d3a3b95141d7 *WinObjAdv\rsrc\132.ico
f57a70dbb02c43ffcf8b6d028f775606a2be5d91 *WinObjAdv\rsrc\133.ico
863ce1668eccc967273a8fbaff5e29db81d4d047 *WinObjAdv\rsrc\134.ico
d9bb1b62d374b1cfb0892d5e1437342701db2a1f *WinObjAdv\rsrc\135.ico
8c64531a70ad2bf61c050fd1e69a9d7e87549c35 *WinObjAdv\rsrc\136.ico
34356dcf20c4dd0adc3d363d25dcd7ed4e98bfa9 *WinObjAdv\rsrc\137.ico
656ccfe0b2a147b61b16321e14516e0c2dccbd57 *WinObjAdv\rsrc\138.ico
1721fe712b75808604318f015c09f6b2b469baf7 *WinObjAdv\rsrc\6001.ico
68b25362609b6db97c40b375e2497e2db4f5ee48 *WinObjAdv\rsrc\6002.ico
8f4a9ec169d9c6e80ae2a8ee1947dab63665337d *WinObjAdv\rsrc\Bitmap_125.bmp
6f5b29fffb021bf80ca91d6d67cfc019d63f7175 *WinObjAdv\rsrc\kldbgdrv.sys
da3fa9f3a72da9bde1d73dd4b5f7d93b909fe3d6 *WinObjAdv\sup.c
38c463dcf6a834eea357bc766135dfa5210ba99c *WinObjAdv\sup.h
09ca1ed7f052113f24bf2f11c877538b772701a3 *WinObjAdv\supConsts.h
e87a6e82d41f9b065e58fdc5a2acf362ca6969cb *WinObjAdv\treelist.c
7d5d97dcc923a87d5f6064fe1b9fdba5e04674fe *WinObjAdv\treelist.h
a99d9f26e6df31641a6780993b96b76d0e0ce088 *WinObjAdv\ui.h
e78a55a5c4a562c54d77b16f24b88c42fd6b3816 *WinObjAdv\WinObjAdv.vcxproj
e9ba01dd003e20ab20191dabbebde20921abe3f6 *FILELIST.txt
5eedad7ce5b95dd191d1556072481e18295676fd *README.md
0d66462034a77394dc5272acdb8d13758f448b19 *TODO.txt
16ee9f3cf034a76595910177b911832de6a4081c *WinObjAdv.sln

In attach compiled version.

SHA1

818bf9f0d4189347e9bd157a2810615109423e62 *WinObjEx64.chm
957157318a64482f446b97c82afe786444b1b2ff *WinObjEx64.exe

Copyrights

WinObjEx64 developed by WinObjEx64 Project group, in the alphabetical order:

EP_X0FF

MP_ART

This program uses Windows Debugger Local Kernel Debugging Driver © Microsoft Corporation.

Please use this thread for bugreports. Also take a note that Windows 10 is supported *AS IS* since it wasn't released yet, official support will be added after official release.

Download

Source

Posted

1.1 released

1.1 in attach, git updated.

Kinda fast, but we just finished what we wanted to put in release, but missed to do this in deadline.

changelog

added popup menu for Process page 
added file properties dialog for Process page
added descriptions for more object types
added named pipes dialog (menu -> extras)
added information for IoCompletion object type, including structured object body dump
some code revision and corrections

sha1 for attached files

20436c56cbb40c3c0b0078b375ae6f8fe0723ab7 *WinObjEx64.chm
6386213cabe7cca553b2a6eb20e06a147e159cce *WinObjEx64.exe

Do not expect new versions soon, well except maybe serious bugfixes if they will be.

Download

Source

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...