win32 programming
DESCRIPTION
Win32 Programming. Lesson 7: Kernel Objects. Abstract. Many of the concepts we’ll look at today won’t make complete sense until you use them However, it’s impossible to talk about Windows without understanding how the API’s interact with Kernel Objects. What is a Kernel Object?. - PowerPoint PPT PresentationTRANSCRIPT
Win32 ProgrammingLesson 7: Kernel Objects
Abstract Many of the concepts we’ll look at today
won’t make complete sense until you use them
However, it’s impossible to talk about Windows without understanding how the API’s interact with Kernel Objects
What is a Kernel Object? Any time you write Windows code you’re
probably manipulating Kernel objects and you just don’t know it
Examples: Access token objects Event objects File objects File-mapping objects The list goes on and on
Manipulation of Kernel Objects Cannot be carried out directly from an
application Portability Security Consistency
Only manipulated via specific APIs Via a HANDLE object
HANDLES Each HANDLE is process relative
Huh? If this is the case, how can we share objects
across processes? We’ll look at 3 mechanisms today
Usage Tracking Kernel objects are owned by the Kernel not
the process Not necessarily destroyed on process exit Kernel tracks usage of the object when assigning
handles to processes
Security Protected with a security descriptor
Who created the object Who can access the object Usually used for server applications, not client
Example HANDLE CreateFileMapping (
HANDLE hFile, PSECURITY_ATTRIBUTES psa, DWORD flProtect, DWORD dwMaximumSizeHigh, DWORD dwMaximumSizeLow, PCTSTR pszName
);
Security Attributes typedef struct _SECURITY_ATTRIBUTES {
DWORD nLength; LPVOID lpSecurityDescriptor;
BOOL bInheritHandle; } SECURITY_ATTRIBUTES;
Security Attributes (cntd) SECURITY_ATTRIBUTES sa;
sa.nLength = sizeof(sa); // Used for versioning
sa.lpSecurityDescriptor = pSD;// Address of an initialized SD
sa.bInheritHandle = FALSE; // Discussed later
HANDLE hFileMapping = CreateFileMapping(INVALID_HANDLE_VALUE, &sa, PAGE_READWRITE, 0, 1024, "MyFileMapping“
);
Existing Objects When you open an existing object, you must
specify what access you want HANDLE hFileMapping = OpenFileMapping(FI
LE_MAP_READ, FALSE, "MyFileMapping"); FILE_MAP_READ allows the correct
security check to be performed If it fails, we can call…?
ERROR_ACCESS_DENIED
Kernel Object Handle Table Created when a process is created Details are undocumented, but it gives you a feel for
how it worksIndex Pointer to Kernel
Memory BlockAccess Mask (DWORD)
Flags
1 0x???????? 0x???????? 0x????????
2 0x???????? 0x???????? 0x????????
… … … …
Failure! Unfortunately, Windows isn’t 100%
consistent Failure usually returns:
0 (NULL) -1 (INVALID_HANDLE_VALUE) You must check the actual API in question (sorry)
CloseHandle Of course, we have to close the handles we
open BOOL CloseHandle (HANDLE hObj)
Sets GetLastError on failure What happens if we don’t do this?
Sharing Process Objects Object Handle Inheritance Named Objects Duplicating Objects
Inheritance Used when we have a parent-child
relationship between processes Gives the Children controlled access to the
parent’s handles Create an Inheritable Handle Spawn a new Process Pass the inherited handle (often by command-line
option) The details are in the book – read them!
Named Objects Many Kernel Objects can be named We can then use the name to access the object
from another thread See, for example, CreateMutex, CreateEvent
etc. All have the same parameter: pszName
Example: CreateMutex Process A:
HANDLE hMutexProcessA = CreateMutex(NULL, FALSE, “Panther”);
Process B: HANDLE hMutexProcessB =
CreateMutex(NULL, FALSE, “Panther”); Now, checks for a Mutex with name Panther If found, checks access rights; if allowed, creates
entry in the Process’ Handle table
Alernative Approach: Open Use OpenMutex instead of CreateMutex Main difference: Open can only open an
existing Mutex – it can never Create one Often used to prevent multiple instances of
the same application from running See example: OneOnly
Duplicate Object Handles Final option is to create a duplicate copy of a
handle, and use a regular IPC to pass the new handle through
The call is DuplicateHandle Makes an entry in the handle table of another
process
Example: Limiting Access Suppose we have a FileMapping object in our
system. We wish to pass READ ONLY access to this
object to one of our functions Would be nice if we could pass a read only
handle… and we can, by using DuplicateHandle
Example HANDLE hFileMapRW = CreateFileMapping(
INVALID_HANDLE_VALUE, NULL, PAGE_READWRITE, 0, 10240, NULL);
HANDLE hFileMapRO;DuplicateHandle(
GetCurrentProcess(), hFileMapRW, GetCurrentProcess(), &hFileMapRO, FILE_MAP_READ, FALSE, 0);
// Pass the RO handle…MyROFunction(hFileMapRO);CloseHandle(hFileMapRO);CloseHandle(hFileMapRW);