Windows core programming Chapter 3-kernel objects

Each kernel object is only a memory block allocated by the kernel and can only be accessed by this kernel. This memory block is a data structure.

For Kernel Object operations, wi n d o w s provides a set of functions to operate these structures. These kernel objects can always be accessed through these functions.

When a function is called to create a kernel object, the function returns a handle to identify the object. This handle can be regarded as an opaque value, which can be used by any thread in your process. Pass the handle to all functions of Wi n d o w s, so that the system can know which kernel object you want to operate.

The kernel object is owned by the kernel, not by the process. It must be remembered that the existence time of the kernel object can be longer than the process for creating the object.

When a process is initialized, the system assigns a handle table to it. The handle table is only used for kernel objects, not for user objects or G d I objects. The handle table is only an array of data structures. Each structure contains a pointer to the kernel object, an access shield, and some signs. When a process is initialized for the first time, its handle table is empty. Then, when the thread in the process calls the function that creates the kernel object, such as C r e a t e f I e m a p I n g, the kernel allocates a memory block for the object and initializes it. At this time, the kernel scans the process handle table to find an empty entry. Because the handle table is empty, the kernel finds the structure at Index 1 and initializes it. The pointer member will be set as the memory address of the data structure of the kernel object, access blocking is set to all access permissions, and each flag is also set. finally, no matter how you create a kernel object, you must specify to the system that the operation on the object will be terminated by calling c l o s e h a n d l e.

Sharing kernel objects across process boundaries

Method 1: inheritance of object handle

The inheritance of object handles can be used only when a process has a parent-child relationship.

Remember that although the kernel object handle is inherited, the kernel object itself is not inherited.

Method 2: Object Name

The second method for sharing kernel objects that span process boundaries is to name the objects. Many (though not all) kernel objects can be named.

Method 3: copy the handle

The last way to share the kernel objects that span process boundaries is to use the d u p l I C A T E h a n d l e function: