Object Management for Windows systems

objects in Windows and the objects in the high-level programming language are also different, and to be precise, objects in Windows actually refer to a data structure and are a data structure with the object head.

so the objects in Windows can be basically divided into three parts: Object header, basic object structure, optional parts! object data structures can beobjectheader Structure Definition

1Lkd>DT _object_header2Nt!_object_header3+0x000pointercount:int4b4+0x004handlecount:int4b5+0x004Nexttofree:ptr32 Void6+0x008Lock: _ex_push_lock7+0x00cTypeindex:uchar8+0x00dTraceflags:uchar9+0x00eInfomask:ucharTen+0x00fFlags:uchar One+0x010Objectcreateinfo:ptr32 _object_create_information A+0x010Quotablockcharged:ptr32 Void -+0x014Securitydescriptor:ptr32 Void -+0x018Body: _quad

A handle is returned after the object is created, and the associated process can use the object through a handle, so the object can be known and nameless. But in most cases, the object still needs a name, and the organization of the famous object becomes a problem! manage items in Windows through the Object_directory directory! let's look at the object_directory structure:

1Lkd>DT _object_directory2Nt!_object_directory3+0x000Hashbuckets: [Panax Notoginseng] Ptr32 _object_directory_entry4+0x094Lock: _ex_push_lock5+0x098Devicemap:ptr32 _device_map6+0x09csessionid:uint4b7+0x0a0Namespaceentry:ptr32 Void8+0x0a4flags:uint4b

The object directory is a tree structure (regardless of symbolic connections) that is connected by multiple nodes, and the root of the tree is a directory object, and each node in the tree is an object. Root nodes, all intermediate nodes must be directory objects or symbolic link objects (Object_symbolic_link objects), and normal objects can only be leaf nodeslook at the first element in the object_directory structure, an array of pointers to object_directory_entry structures, a queue that holds pointers to maintain a directory entry structure, note that, outside the root node, Every object needs to use the directory entry structure to insert a directory!

1 lkd> DT nt! _object_directory_entry 2 +0x000  chainlink:ptr32 _object_directory_entry3 +0x004  OBJECT: Ptr32 Void4 +0x008 hashvalue:uint4b

The first element still points to a object_directory_entry structure, and object is its connected objects.                 

You can see that the catalog item can be inserted into the object directory in conjunction with a specific normal object, or you can combine it with a Directory node object to form a directory. analysis of the above diagram:The root node is a directory object, the body is a hash table, here only shows the two of the queue, each queue of directory items (objects) have the same hash value, combined with the specific file can be easily understood!

Object Management for Windows systems