Windows kernel objects

Kernel objects are mainly used to manage system resources for systems and applications, such as processes, threads, and files. The access symbol object, event object, file object, job object, mutex object, pipeline object, and wait timer object are all kernel objects. We often create, open, and operate on them during programming. The kernel object is created by calling a function. To create a file ing object, call the createfilemapping function. Each kernel object is allocated with a memory block and can only be accessed by its kernel. This memory block is a data structure used to manage various object information.

Our applications cannot directly access the data structure of kernel objects. You must use functions provided by windows.

The kernel object is owned by the kernel, not by the process. Each kernel object has a counter to store information about how many processes are using it.

Kernel objects are protected by security descriptors, which describe who created the object and who can use it. Almost all functions used to create kernel objects have a pointer to the SEC urity_attributes structure as its parameter. The code of the pointer to the createfilemapping function is as follows: 1 handle createfilemapping (
2 handle hfile.
3 psecurity_attributes PSA,
4 DWORD flprotect,
5 DWORD dwmaximumsizehigh,
6 DWORD dwmaximunisizelow,
7 pctstr psznarne );

Most applications create objects with default security by passing null values (all members and creators of the Object Management Group have full access permissions, while others do not have access)

. If you want to restrict access to objects, you need to create a security_attributes object and initialize it. The Code is as follows:

1 security_attributes SA;
2 SA. nlength = sizeof (SA); // used for Versioning
3 SA. lsf-cuntydescriptor = PSD, // address of an initialized SD
4 SA. binherithandle = false; // discussed later
5 handle hfilemapping = createfilemapping (invalid_handle_value,
6 & SA, page_reaowrite, 0, 1024, "myfilemapping ");

 

When a process is initialized, the system assigns a handle table to it. The handle table is used for kernel objects instead of user objects and GDI objects.
Table 3-1 Process Handle Structure

Index	Pointer to the memory block of the kernel object	Access shielding (d w o r d of the Flag)	Flag (d w o r d of the Flag position)
1	0 x? ? ? ? ? ? ? ?	0 x? ? ? ? ? ? ? ?	0 x? ? ? ? ? ? ? ?
2	0 x? ? ? ? ? ? ? ?	0 x? ? ? ? ? ? ? ?	0 x? ? ? ? ? ? ? ?
...	...	...	...

Create a kernel object
During initial initialization, the handle table is empty. When a thread in a process calls a function to create a kernel object, the kernel allocates a memory block for the corresponding Kernel Object and initializes it. Kernel

Scan the process handle table, find an empty item, and initialize it with the memory address of the object's data structure. The following are some functions used to create kernel objects:

1 handle createthread (
2 psecurity_attributes PSA,
3 DWORD dwstacksize,
4 pthread_start_routine pfnstartaddr,
5 pvoid pvparam,
6 DWORD dwcreationflags,
7 pdword pdwfhreadid );
8
9 handee createfile (
10 pctstr pszfilename,
11 DWORD dwdesiredaccebs,
12 DWORD dw1_mode,
13 psecurity_attributes PSA,
14 DWORD dwcreationdistribution,
15 DWORD dwflagsandattnbutes,
16 handee htemplatefile );

Disable kernel objects
No matter how you create a kernel object, you can call the closehandle method to end operations on the kernel object.
Bool closehandle (handle hobj );
Why can the process end to release all occupied resources? A memory leak may occur when a process is running. When a process stops running, the system automatically scans the process handle table. If the table has any invalid items (objects not closed before the process ends), the system will close the handles of these objects. If the counter of the object is set to 0, the kernel will undo these objects.

Sharing kernel objects across process boundaries
In many cases, threads of different processes need to share kernel objects. For example, the mailbox and the specified pipeline enable applications to send data blocks between different processes on networked computers.
Object handle compatibility: the inheritance of object handles can be used only when processes are in a parent-child relationship. In this case, the parent process can use one or more Kernel Object handles, and the parent process can decide to generate a child process to grant the child process access to the kernel object of the parent process.
Implementation process: 1. The parent process creates a kernel object and specifies that the object's handle is an inherited handle. Note that the kernel object itself is not inherited.
2. When the object handle is used for inheritance, the next step is to let the parent process generate a child process. This should be done using the CreateProcess function:

1 bool CreateProcess (
2 pctstr pszapplicationname,
3 ptstr pszcommandline,
4 psecurity_attributes psaprocess,
5 psecurity_attributes psathread,
6 bool binherithandles, // The True table can be inherited, and the false table cannot be inherited
7 DWORD fdwcreale,
8 pvoio pvenvironment,
9 pctstr pszcurdir,
10 pstartupinfo psistartinfo,
11 pprocess_information ppiprocinfo );

In this process, the system copies each item of the inherited handle to the sub-inherited handle table. And increments the counters corresponding to the kernel object. After the CreateProcess function returns, the parent process immediately closes the object's handle, without affecting the child process's operations on the object.
Named object: another way to share kernel objects that span process boundaries. Most kernel objects can be named. To share an object by name, you must assign the same name to the object. The code for creating a named kernel object is as follows:

1 handle createmutex (
2 pslcurity_attributes PSA,
3 bool binitialowner,
4 pctstr pszname );
5
6 handle createevent (
7 psecurity_attributes PSA,
8 bool bmanualreset,
9 bool binitialstate,
10 pctstr pszname );