Win32 programming
This presentation is the property of its rightful owner.
Sponsored Links
1 / 22

Win32 Programming PowerPoint PPT Presentation


  • 90 Views
  • Uploaded on
  • Presentation posted in: General

Win32 Programming. Lesson 7: Kernel Objects. Abstract. Many of the concepts we’ll look at today won’t make complete sense until you use them However, it’s impossible to talk about Windows without understanding how the API’s interact with Kernel Objects. What is a Kernel Object?.

Download Presentation

Win32 Programming

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Win32 programming

Win32 Programming

Lesson 7: Kernel Objects


Abstract

Abstract

  • Many of the concepts we’ll look at today won’t make complete sense until you use them

  • However, it’s impossible to talk about Windows without understanding how the API’s interact with Kernel Objects


What is a kernel object

What is a Kernel Object?

  • Any time you write Windows code you’re probably manipulating Kernel objects and you just don’t know it

  • Examples:

    • Access token objects

    • Event objects

    • File objects

    • File-mapping objects

    • The list goes on and on


Manipulation of kernel objects

Manipulation of Kernel Objects

  • Cannot be carried out directly from an application

    • Portability

    • Security

    • Consistency

  • Only manipulated via specific APIs

    • Via a HANDLE object


Handles

HANDLES

  • Each HANDLE is process relative

    • Huh?

    • If this is the case, how can we share objects across processes?

    • We’ll look at 3 mechanisms today


Usage tracking

Usage Tracking

  • Kernel objects are owned by the Kernel not the process

    • Not necessarily destroyed on process exit

    • Kernel tracks usage of the object when assigning handles to processes


Security

Security

  • Protected with a security descriptor

    • Who created the object

    • Who can access the object

    • Usually used for server applications, not client


Example

Example

  • HANDLE CreateFileMapping (    HANDLE hFile,    PSECURITY_ATTRIBUTES psa,     DWORD flProtect,    DWORD dwMaximumSizeHigh,     DWORD dwMaximumSizeLow,     PCTSTR pszName);


Security attributes

Security Attributes

  • typedef struct _SECURITY_ATTRIBUTES {DWORD nLength;    LPVOID lpSecurityDescriptor;    BOOL bInheritHandle; } SECURITY_ATTRIBUTES; 


Security attributes cntd

Security Attributes (cntd)

  • SECURITY_ATTRIBUTES sa; sa.nLength = sizeof(sa);      // Used for versioning sa.lpSecurityDescriptor = pSD;// Address of an initialized SD sa.bInheritHandle = FALSE;    // Discussed later HANDLE hFileMapping = CreateFileMapping(INVALID_HANDLE_VALUE, &sa, PAGE_READWRITE, 0, 1024, "MyFileMapping“);


Existing objects

Existing Objects

  • When you open an existing object, you must specify what access you want

    • HANDLE hFileMapping = OpenFileMapping(FILE_MAP_READ, FALSE,     "MyFileMapping");

  • FILE_MAP_READ allows the correct security check to be performed

  • If it fails, we can call…?

    • ERROR_ACCESS_DENIED


Kernel object handle table

Kernel Object Handle Table

  • Created when a process is created

  • Details are undocumented, but it gives you a feel for how it works


Failure

Failure!

  • Unfortunately, Windows isn’t 100% consistent

  • Failure usually returns:

    • 0 (NULL)

    • -1 (INVALID_HANDLE_VALUE)

    • You must check the actual API in question (sorry)


Closehandle

CloseHandle

  • Of course, we have to close the handles we open

    • BOOL CloseHandle (HANDLE hObj)

  • Sets GetLastError on failure

  • What happens if we don’t do this?


Sharing process objects

Sharing Process Objects

  • Object Handle Inheritance

  • Named Objects

  • Duplicating Objects


Inheritance

Inheritance

  • Used when we have a parent-child relationship between processes

  • Gives the Children controlled access to the parent’s handles

    • Create an Inheritable Handle

    • Spawn a new Process

    • Pass the inherited handle (often by command-line option)

    • The details are in the book – read them!


Named objects

Named Objects

  • Many Kernel Objects can be named

  • We can then use the name to access the object from another thread

  • See, for example, CreateMutex, CreateEvent etc.

  • All have the same parameter: pszName


Example createmutex

Example: CreateMutex

  • Process A:

    • HANDLE hMutexProcessA = CreateMutex(NULL, FALSE, “Panther”);

  • Process B:

    • HANDLE hMutexProcessB = CreateMutex(NULL, FALSE, “Panther”);

    • Now, checks for a Mutex with name Panther

    • If found, checks access rights; if allowed, creates entry in the Process’ Handle table


Alernative approach open

Alernative Approach: Open

  • Use OpenMutex instead of CreateMutex

  • Main difference: Open can only open an existing Mutex – it can never Create one

  • Often used to prevent multiple instances of the same application from running

  • See example: OneOnly


Duplicate object handles

Duplicate Object Handles

  • Final option is to create a duplicate copy of a handle, and use a regular IPC to pass the new handle through

  • The call is DuplicateHandle

    • Makes an entry in the handle table of another process


Example limiting access

Example: Limiting Access

  • Suppose we have a FileMapping object in our system.

  • We wish to pass READ ONLY access to this object to one of our functions

  • Would be nice if we could pass a read only handle… and we can, by using DuplicateHandle


Example1

Example

  • HANDLE hFileMapRW = CreateFileMapping(INVALID_HANDLE_VALUE, NULL, PAGE_READWRITE, 0, 10240, NULL);HANDLE hFileMapRO;DuplicateHandle(GetCurrentProcess(), hFileMapRW, GetCurrentProcess(), &hFileMapRO, FILE_MAP_READ, FALSE, 0);// Pass the RO handle…MyROFunction(hFileMapRO);CloseHandle(hFileMapRO);CloseHandle(hFileMapRW);


  • Login