Win 32 Programming Lesson 7 Kernel Objects Abstract

Win 32 Programming Lesson 7: Kernel Objects

Abstract o o Many of the concepts we’ll look at today won’t make complete sense until you use them However, it’s impossible to talk about Windows without understanding how the API’s interact with Kernel Objects

What is a Kernel Object? o o Any time you write Windows code you’re probably manipulating Kernel objects and you just don’t know it Examples: n n n Access token objects Event objects File-mapping objects The list goes on and on

Manipulation of Kernel Objects o Cannot be carried out directly from an application n o Portability Security Consistency Only manipulated via specific APIs n Via a HANDLE object

HANDLES o Each HANDLE is process relative n n n Huh? If this is the case, how can we share objects across processes? We’ll look at 3 mechanisms today

Usage Tracking o Kernel objects are owned by the Kernel not the process n n Not necessarily destroyed on process exit Kernel tracks usage of the object when assigning handles to processes

Security o Protected with a security descriptor n n n Who created the object Who can access the object Usually used for server applications, not client

Example o HANDLE Create. File. Mapping ( HANDLE h. File, PSECURITY_ATTRIBUTES psa, DWORD fl. Protect, DWORD dw. Maximum. Size. High, DWORD dw. Maximum. Size. Low, PCTSTR psz. Name );

$Security Attributes o typedef struct _SECURITY_ATTRIBUTES { DWORD n. Length; LPVOID lp. Security. Descriptor;$

Security Attributes o typedef struct _SECURITY_ATTRIBUTES { DWORD n. Length; LPVOID lp. Security. Descriptor; BOOL b. Inherit. Handle; } SECURITY_ATTRIBUTES;

Security Attributes (cntd) o SECURITY_ATTRIBUTES sa; sa. n. Length = sizeof(sa); // Used for versioning sa. lp. Security. Descriptor = p. SD; // Address of an initialized SD sa. b. Inherit. Handle = FALSE; // Discussed later HANDLE h. File. Mapping = Create. File. Mapping( INVALID_HANDLE_VALUE, &sa, PAGE_READWRITE, 0, 1024, "My. File. Mapping“ );

Existing Objects o When you open an existing object, you must specify what access you want n o o HANDLE h. File. Mapping = Open. File. Mapping(FI LE_MAP_READ, FALSE, "My. File. Mapping"); FILE_MAP_READ allows the correct security check to be performed If it fails, we can call…? n ERROR_ACCESS_DENIED

Kernel Object Handle Table o o Created when a process is created Details are undocumented, but it gives you a feel for how it works Index Pointer to Kernel Memory Block Access Mask Flags (DWORD) 1 0 x? ? ? ? 0 x? ? ? ? 2 0 x? ? ? ? 0 x? ? ? ? … …

Failure! o o Unfortunately, Windows isn’t 100% consistent Failure usually returns: n n n 0 (NULL) -1 (INVALID_HANDLE_VALUE) You must check the actual API in question (sorry)

Close. Handle o Of course, we have to close the handles we open n o o BOOL Close. Handle (HANDLE h. Obj) Sets Get. Last. Error on failure What happens if we don’t do this?

Sharing Process Objects o o o Object Handle Inheritance Named Objects Duplicating Objects

Inheritance o o Used when we have a parent-child relationship between processes Gives the Children controlled access to the parent’s handles n n Create an Inheritable Handle Spawn a new Process Pass the inherited handle (often by command-line option) The details are in the book – read them!

Named Objects o o Many Kernel Objects can be named We can then use the name to access the object from another thread See, for example, Create. Mutex, Create. Event etc. All have the same parameter: psz. Name

Example: Create. Mutex o Process A: n o HANDLE h. Mutex. Process. A = Create. Mutex(NULL, FALSE, “Panther”); Process B: n n n HANDLE h. Mutex. Process. B = Create. Mutex(NULL, FALSE, “Panther”); Now, checks for a Mutex with name Panther If found, checks access rights; if allowed, creates entry in the Process’ Handle table

Alernative Approach: Open o o Use Open. Mutex instead of Create. Mutex Main difference: Open can only open an existing Mutex – it can never Create one Often used to prevent multiple instances of the same application from running See example: One. Only

Duplicate Object Handles o o Final option is to create a duplicate copy of a handle, and use a regular IPC to pass the new handle through The call is Duplicate. Handle n Makes an entry in the handle table of another process

Example: Limiting Access o o o Suppose we have a File. Mapping object in our system. We wish to pass READ ONLY access to this object to one of our functions Would be nice if we could pass a read only handle… and we can, by using Duplicate. Handle

Example o HANDLE h. File. Map. RW = Create. File. Mapping( INVALID_HANDLE_VALUE, NULL, PAGE_READWRITE, 0, 10240, NULL); HANDLE h. File. Map. RO; Duplicate. Handle( Get. Current. Process(), h. File. Map. RW, Get. Current. Process(), &h. File. Map. RO, FILE_MAP_READ, FALSE, 0); // Pass the RO handle… My. ROFunction(h. File. Map. RO); Close. Handle(h. File. Map. RW);