Each kernel object is only a memory block allocated by the kernel and can only be accessed by the kernel. the memory block is a data structure. Its members are responsible for maintaining various information about the object, because the object type is the same, but most of them are different. For example, a process object has a process ID and a basic priority, one exitCodeThe file object has a byte displacement, a shared mode, and an open mode.
If the Kernel Handle is passed to another process, the call of the handle value used by the other process will become invalid.
The kernel object is owned by the kernel, not the memory, so the Process Termination kernel object is not necessarily revoked.
Kernel Security
Typedef struct _ security_attributes
{
DWORD nlength;
Lpvoid lpsecuritydesriptor;
Bool binherihandle; // true indicates that the property can be inherited, and false indicates that the property cannot be inherited.
} Security_attributes;
SA. nlength = sizeof (SA );
SA. lpsecuritydesriptor = PSD;
SA. binherithandle = false;