Windows core programming-kernel objects

Simply put:

A kernel object is a type of system resource. Once a system object is generated, any applicationProgramYou can enable and use this object. The system only provides a Count value for the kernel object for Management. The kernel objects include:
Event, mutex, semaphore, file, file-mapping, preocess, thread.

Each time these kernel objects are generated, a handle is returned as the identifier. Each time they are used, the corresponding Count value is increased by 1. Calling closehandle can end the use of kernel objects.

Details:

1. kernel object:
1). symbol object
2). event object
3). File object
4). File image object
5). I/O completion object
6). Job object
7). Mailbox object
8). mutex object
9). MPS queue object
10). Process object
11). Beacon object
12). thread object
13). Waiting for timer object
And so on

2. the kernel object can only be owned by the kernel, not by the process. (that is to say, the process is gone and the kernel can be used by other processes)

3. there is a counter in the data structure of the kernel object. When a process is called, the counter is increased by 1, the call ends, the counter is reduced by 1, and the kernel object counter is set to zero. This kernel object is destroyed. (The system manages kernel objects)

4. kernel security: the permission used by the process to call the kernel object, which is specified by the data structure of the security_attributes structure. almost all functions that call kernel objects contain pointer parameters in the security_attributes structure. (This parameter can be used to determine whether it is a kernel object)
Typedef struct _ security_attributes {
DWORD nlength; // struct Length
Lpvoid lpsecuritydescriptor; // Security Settings
Bool binherithandle; // It can be inherited.
} Security_attributes, * psecurity_attributes;

5. the process's kernel object handle table. When a process calls a kernel object, it creates a kernel object handle table, which is the index of the kernel object in the process, the index value is the handle returned by calling the kernel object function. close all kernel objects and use closehandle ();

6. Sharing kernel objects across process boundaries
Microsoft designs a Process Handle instead of a system handle to ensure the robustness and security of the handle.
1) Inheritance of the kernel object handle. (To share multiple processes in the kernel)
Purpose: To access the kernel objects created by the parent process for the child process.
Step: first, when the parent process creates a kernel object, it initializes the security_attributes structure object and sets the member variable binherithandle of the security_attributes structure to true.
After the child process is created, it generates its own handle table. The handle table traverses the handle table of the parent process, finds the inherited handle, and copies it to the handle table of the child process, the kernel object of the sub-process uses the same memory block pointer as the kernel object of the parent process. The Kernel Object counter creates a kernel object in the sub-process and adds one. The parent process calls closehandle () does not affect the use of the kernel object by sub-processes.
2) Change the HANDLE flag
Bool sethandleinformation (
Handle hobject, // handle to object
DWORD dwmask, // flags to change
DWORD dwflags // new values for flags
);

Enable the inheritance flag of the kernel
Sethandleinformation (hobj, handle_flag_inherit, handle_flag_inherit );
Indicates the inheritance flag for disabling the kernel.
Sethandleinformation (hobj, handle_flag_inherit, 0 );
To disable the kernel object, set handle_flag_protect_from_close.

Function for obtaining HANDLE flag
Bool gethandleinformation (
Handle hobject, // handle to object
Lpdword lpdwflags // Handle Properties
);

3) named object
Purpose: Share the kernel objects in a process so that other processes can access the kernel objects of the process through namespaces across processes.
Create objects and access objects using functions
Create *: If the named kernel object already exists and has security access permissions, the parameter is ignored, the process handle table copies the pointer and flag of the kernel object to the Process Handle table. If it does not exist, the kernel object will be created immediately.
Example:
Handle createmutex (
Lpsecurity_attributes lpmutexattributes, // SD
Bool binitialowner, // initial owner
Lptstr lpname // Object Name
);

Open object open *: If the named kernel object already exists and has the security access permission, the Process Handle table copies the pointer and flag of the kernel object to the Process Handle table. If it does not exist, the return value is null. getlasserror () is used to obtain the return value 2.

4) Terminal Service namespace
Each client program session has its own service namespace. One session cannot access the objects of another session, even though they have the same object name.
Service Program namespace objects are always placed in the global namespace.

5) copy the object handle
The duplicatehandle function is used to copy the handle of another process object to the Process Handle table that calls this function to share kernel objects between processes.
Bool duplicatehandle (
Handle hsourceprocesshandle, // handle to source process
Handle hsourcehandle, // handle to duplicate
Handle htargetprocesshandle, // handle to target process
Lphandle lptargethandle, // duplicate handle
DWORD dwdesiredaccess, // requested access
Bool binherithandle, // handle inheritance Option
DWORD dwoptions // optional actions
);