Win32 Programming Lesson 7: Kernel Objects

Abstract  Many of the concepts we’ll look at today won’t make complete sense until you use them  However, it’s impossible to talk about Windows without understanding how the API’s interact with Kernel Objects

What is a Kernel Object?  Any time you write Windows code you’re probably manipulating Kernel objects and you just don’t know it  Examples: Access token objects Event objects File objects File-mapping objects The list goes on and on

Manipulation of Kernel Objects  Cannot be carried out directly from an application Portability Security Consistency  Only manipulated via specific APIs Via a HANDLE object

HANDLES  Each HANDLE is process relative Huh? If this is the case, how can we share objects across processes? We’ll look at 3 mechanisms today

Usage Tracking  Kernel objects are owned by the Kernel not the process Not necessarily destroyed on process exit Kernel tracks usage of the object when assigning handles to processes

Security  Protected with a security descriptor Who created the object Who can access the object Usually used for server applications, not client

Example  HANDLE CreateFileMapping ( HANDLE hFile, PSECURITY_ATTRIBUTES psa, DWORD flProtect, DWORD dwMaximumSizeHigh, DWORD dwMaximumSizeLow, PCTSTR pszName );

Security Attributes  typedef struct _SECURITY_ATTRIBUTES { DWORD nLength; LPVOID lpSecurityDescriptor; BOOL bInheritHandle; } SECURITY_ATTRIBUTES;

Security Attributes (cntd)  SECURITY_ATTRIBUTES sa; sa.nLength = sizeof(sa); // Used for versioning sa.lpSecurityDescriptor = pSD; // Address of an initialized SD sa.bInheritHandle = FALSE; // Discussed later HANDLE hFileMapping = CreateFileMapping( INVALID_HANDLE_VALUE, &sa, PAGE_READWRITE, 0, 1024, "MyFileMapping“ );

Existing Objects  When you open an existing object, you must specify what access you want HANDLE hFileMapping = OpenFileMapping(FI LE_MAP_READ, FALSE, "MyFileMapping") ;  FILE_MAP_READ allows the correct security check to be performed  If it fails, we can call…? ERROR_ACCESS_DENIED

Kernel Object Handle Table  Created when a process is created  Details are undocumented, but it gives you a feel for how it works IndexPointer to Kernel Memory Block Access Mask (DWORD) Flags 10x???????? 2 …………

Failure!  Unfortunately, Windows isn’t 100% consistent  Failure usually returns: 0 (NULL) -1 (INVALID_HANDLE_VALUE) You must check the actual API in question (sorry)

CloseHandle  Of course, we have to close the handles we open BOOL CloseHandle (HANDLE hObj)  Sets GetLastError on failure  What happens if we don’t do this?

Sharing Process Objects  Object Handle Inheritance  Named Objects  Duplicating Objects

Inheritance  Used when we have a parent-child relationship between processes  Gives the Children controlled access to the parent’s handles Create an Inheritable Handle Spawn a new Process Pass the inherited handle (often by command-line option) The details are in the book – read them!

Named Objects  Many Kernel Objects can be named  We can then use the name to access the object from another thread  See, for example, CreateMutex, CreateEvent etc.  All have the same parameter: pszName

Example: CreateMutexCreateMutex  Process A: HANDLE hMutexProcessA = CreateMutex(NULL, FALSE, “Panther”);  Process B: HANDLE hMutexProcessB = CreateMutex(NULL, FALSE, “Panther”); Now, checks for a Mutex with name Panther If found, checks access rights; if allowed, creates entry in the Process’ Handle table

Alernative Approach: Open  Use OpenMutex instead of CreateMutex  Main difference: Open can only open an existing Mutex – it can never Create one  Often used to prevent multiple instances of the same application from running  See example: OneOnly

Duplicate Object Handles  Final option is to create a duplicate copy of a handle, and use a regular IPC to pass the new handle through  The call is DuplicateHandle Makes an entry in the handle table of another process

Example: Limiting Access  Suppose we have a FileMapping object in our system.  We wish to pass READ ONLY access to this object to one of our functions  Would be nice if we could pass a read only handle… and we can, by using DuplicateHandle

Example  HANDLE hFileMapRW = CreateFileMapping( INVALID_HANDLE_VALUE, NULL, PAGE_READWRITE, 0, 10240, NULL); HANDLE hFileMapRO; DuplicateHandle( GetCurrentProcess(), hFileMapRW, GetCurrentProcess(), &hFileMapRO, FILE_MAP_READ, FALSE, 0); // Pass the RO handle… MyROFunction(hFileMapRO); CloseHandle(hFileMapRO); CloseHandle(hFileMapRW);