The kernel object is the basic interface provided by the system for interaction between code in user mode and code in kernel mode.
The data structures of kernel objects can only be accessed by the kernel, so applications cannot find these data structures in memory and directly change their contents。Microsoft has specified this restriction to ensure that the kernel object structure remains consistent.This restriction also enables Microsoft toapplication programTo add, delete, and modify data members in these structures.
When a function is called to create a kernel object, the function returns ahandle。If the handle value is passed to a thread in another process, the call made by that other process using your process's handle value will fail.If you want to share kernel objects in multiple processes, you need to use a certain mechanism.
Such as inheritance of object handles, naming objects, and copying object handles.
In addition to kernel objects, your application can also use other types of objects, such as menus, windows, mouse cursors, brushes and fonts.These objects belong toUser ObjectorGraphics Device Interface(GDI) Object, not the kernel object.
To determine whether an object belongs to a kernel object, the easiest way is to observe the function used to create the object.
Data operation
Announce
edit
As a software developer, you often need to create, open and manipulate various kernel objects.The system needs to create and operate several types of kernel objects, such as access symbol objectsEvent object, file object, file mapping object, I/OCompletion portObject, operation object, mailbox objectMutually exclusive object, pipeline object, process object, beacon object, thread object, wait timer object, etc.These objects are created by calling functions.Each kernel object is only a memory block allocated by the kernel and can only be accessed by the kernel.The memory block is a data structure, and its members are responsible for maintaining various information of the object.SomeData member(such as security descriptor, usage count, etc.) is the same in all object types, but most data members belong to specific object types.For example, a process object has a process ID, a basic priority, and an exit code, while a file object has a byte shift, a shared mode, and an open mode.
This constraint ensures that the kernel object structure remains consistent.This restriction also enables the kernel to add, delete, and modify these structures without destroying any applicationsData member。
If we cannot directly change these data structures, how can our applications operate on these kernel objects?The solution is to provide a set of functions to operate on these structures in a well-defined way.These kernel objects are always accessible through these functions.ThishandleIt can be regarded as an opaque value, which can be used by any thread in your process.Pass this handle to various functions of the kernel, so that the system can know which kernel object you want to operate on.
To make the operating system more robust, these handle values are closely related to the process.Therefore, if the handle value is passed to a thread in another process (using some form of interprocess communication), the other process uses your process'shandleValue will fail.
Kernel Object Classification
Announce
edit
As follows: access symbol objectEvent object, file object, file mapping object, I/OCompletion portObject, job object, mailbox object, mutex object, pipeline object, process object, beacon object, thread object, wait timer object, etc.These objects are created by calling functions.
Security
Announce
edit
The kernel object can use aSecurity Descriptors (security descriptor, SD).The security descriptor describes who owns the object;Which groups and users are allowed to access or use this object;Which groups and users are denied access to this object.Security descriptors are usually used when writing server applications.