Chapter III, a kernel object, a kernel object is a memory block allocated by the kernel, which is a data structure and can only be accessed by the kernel. Its members are responsible for maintaining the various information of the object, and some data members are the same in all object types, but most data members belong to a specific object type. For example, access symbol objects, event objects, file objects, file mapping objects, I / O completion port objects, job objects, mailbox objects, mutually exclusive objects, pipe objects, process objects, beacon objects, thread objects, and waiting timer objects Wait. These are all kernel objects. Since the data structure of the kernel object can only be accessed by kernel, the application cannot find these data structures in memory and directly changing their content, and can only treat these structures through a set of functions provided by Windows.
The use of kernel objects The count kernel object is owned by the kernel, not by the process. In other words, the kernel objects are not necessarily undo due to the termination of the process of creating it. The existence time of the kernel object can be more than the process of creating the object. The kernel confirms how many processes are using a kernel object by using a data member that is commonly used by each object type. When an object is just created, the usage count of the object is set to 1, followed by increment with the process, as the process is decremented. If the usage count of the kernel object is reduced to 0, the kernel undo the object to ensure that any kernel objects are not retained in the system when there is no process references the object.
Security kernel objects can be protected by security descriptors. The security descriptor is used to describe who created the object, who can access or use the object, who is not entitled to access the object. Security descriptors are usually used when writing server applications, and if you write a client-end application, you can ignore this feature of kernel objects. Functions for creating kernel objects have almost a pointer to the security_attributes structure as its parameters. Most applications only pass NULL for this parameter so that you can create kernel objects with default security. Default security means that any member of the object's management team and the creator of the object have all accessions to the object, while all others have no right to access the object. However, you can specify a S EcURity_ Attributes structure, initialize it, and deliver the address of the structure for this parameter. SECU RITY_ATTRIBUTES look similar to the following structure: typedef struct_SECURITY_ATTRIBUTES {DWORD nLength; LPVOID lpSecurityDescriptor; BOOL bInheritHandle;} SECURITY_ATTRIBUTES; included in the structure of related members of the security is really only one, i.e. lpSecurityDescriptor.
