HandleHijack is a C++20 project that demonstrates how to hijack a handle to another process with desired access rights on Windows. This tool is intended for educational and research purposes, showcasing advanced Windows internals and handle manipulation techniques.
This will look for an exsiting open handle to the target process with the desired access flags, once found it duplicates the handle from the handle source process to our process bypassing any monitors on OpenProcess and avoiding using Microsoft Documented WinAPI
First this project will invoke kernel routines from usermode (ZwQuerySystemInformation, ZwDuplicateObject, ZwReadVirtualMemory). You have two options:
- Importing these form ntdll.dll exports (will require you to link ntdll.lib)
- Write your own syscall wrappers in assembly and link it to the project
It's all up to your preference, I will not include the assembly code so you have to handle this.
- Windows 11 23h2 or lower
- Visual Studio 2022 (or compatible C++20 compiler)
- Clone the repository:
- Open
HandleHijack.slnin Visual Studio 2022. - Ensure that folder headers is added to includes path (Project Properties -> C++ -> General -> Additional Include Directories = $(ProjectDir)headers).
- Ensure you link ntdll.lib if you want to use ntdll.dll exports (Project Properties -> Linker -> Input -> Additional Dependencies = ntdll.lib;%(AdditionalDependencies)).
- Build the solution in Release or Debug.
This project is for educational and research purposes only. Use responsibly. The author is not responsible for any misuse.
Rhaym (rhaym-tech) MIT License