process

More documents

Recommendations

Info

Objects and Handles When a process creates or opens an object, it receives a handle (or access) to the object Processes can also acquire handles by inheritance Benefits of handles: Faster – no name lookups Indirect pointers to objects – prevents direct fiddling with the system data structures No difference between file handle, process handle or event handle – a consistent interface to reference all objects All handle creation done by object manager – has exclusive rights to scrutinize every user action 12
13 Handles and Security Process handle table Is unique for each process But is in system address space, hence cannot be modified from user mode Hence, is trusted Security checks are made when handle table entry is created i.e. at CreateXXX time Handle table entry indicates the “validated” access rights to the object Read, Write, Delete, Terminate, etc. APIs that take an “already-opened” handle look in the handle table entry before performing the function For example: TerminateProcess checks to see if the handle was opened for Terminate access No need to check file ACL, process or thread access token, etc., on every write request---checking is done at file handle creation, i.e. “file open”, time
Page 1 and 2: Core System Mechanisms and Windows
Page 3 and 4: 3 Object Manager (I) Executive comp
Page 5 and 6: 5 Executive Objects vs. Kernel Obje
Page 7 and 8: 7 Executive Objects (contd.) Object
Page 9 and 10: 9 Object Header Field Handle count
Page 11: 11 Object Methods Method Open Close
Page 15 and 16: 15 Handle and Reference Count handl
Page 17 and 18: 17 Interesting Object Directories i
Page 19 and 20: 19 System Worker Threads Created at
Page 21 and 22: 21 Port Objects ALPC exports port o
Page 23 and 24: 23 Wow64 Allows execution of Win32
Page 25 and 26: 25 Wow64 File Locations Location of
Page 27 and 28: 27 Example: Cmd.exe on 64-bit Syste
Page 29 and 30: 29 Windows API - Overview APIs to W
Page 31 and 32: 31 Windows API Principles System re
Page 33 and 34: 33 Windows API Naming Conventions P
Page 35 and 36: 35 Differences from UNIX HANDLEs ar
Page 37 and 38: 37 Example Application Sequential f
Page 39 and 40: 39 Basic cp file copy program. UNIX
Page 41 and 42: 41 Basic cp file copy program. C li
Page 43 and 44: 43 Basic cp file copy program. Wind
Page 45 and 46: 45 Further Reading Mark E. Russinov
Page 47 and 48: Lab: 2013-9-23 Handles & ALPC
Page 49: ALPC Port Objects Use Winobj.exe to

process

Create successful ePaper yourself

Delete template?

Save as template?