On Sat Mar 8 03:53:34 2025 +0000, Jinoh Kang wrote:
(For objects w/o a user handle, the locator itself won't go away unless we figure out the format Windows uses for them)
The question is also whether we want to use that windows internal structure for our implementation. I'm not convinced that it is a good idea. The structure is completely undocumented, it is different between 32bit and 64bit kernels, and has changed already since Windows 8.1 as tests can attest.
If we ever need to expose a compatible handle table in the shared memory, which I doubt given the above, I believe we can always emulate it as needed.
If we want to use out shared memory objects directly on the PE side, we can always expose locator query functions through NtUser calls, like gSharedInfo would require to be initialized anyway.