Handle is an small application designed to analyze your system searching for global objects related to running proccess and display information for every found object, like tokens, semaphores, ports, files,..

Using this tool runs in user mode and allows you to check what resources are being used by user and system process.
This tool was originally released at the NoConName Security congress (Spanish paper)



This tool will list all the system objects like the sysinternals pshandle

Handle enumerator includes the source code that can be used as an example to learn how several undocumented internal functions, like NtQuerySystemInformation works.



Handle calls NtQuerySysteminformation() and NtQueryObject() to extract information from the system.
You can browse online the source code.



Download (Windows executable + Source code)