I'm digging around in my process's PEB and I came across the so-called ConsoleHandle HANDLE in the nested RTL_USER_PROCESS_PARAMETERS struct. So far, I've compared this HANDLE to the standard input, output, and error HANDLEs and the console HWND. It matches none of them and I'm at a loss for what this HANDLE is or represents.
I've also stumbled upon the fact that all these handles (minus the HWND) point to \Devices\ConDrv, so I'm also befuddled as to why CompareObjectHandles() only returns true for the pair of stdout and stderr. This makes intuitive sense from my normal understanding but now that I've found out about \Devices\ConDrv being the true backing kernel object for all these HANDLEs, I'm left wondering why this function doesn't return true in more cases.
- What is this unknown
ConsoleHandleHANDLE? Is it the default console screen buffer? In particular, what functions can be called with this HANDLE as a parameter? - If stdin, stdout, stderr, and this unknown
ConsoleHandleHANDLE are all backed by\Devices\ConDrv, how comeCompareObjectHandles()doesn't return true for any pairing of them? Any insight from kernel-land would be appreciated.