Object Manager (Windows)
Encyclopedia
Object Manager is a subsystem implemented as part of the Windows Executive which manages Windows resources. Each resource, which are surfaced as logical objects, resides in a namespace for categorization. Resources can be physical devices, files or folders on volumes, Registry
entries or even running processes. All objects representing resources have an
line of Operating Systems, which keeps track of the resources allocated to processes. It is resource-agnostic and can manage any type of resource, including device and file handles. All resources are represented as objects, each belonging to a logical namespace for categorization and having a type that represents the type of the resource, which exposes the capabilities and functionalities via properties. An object is kept available until all processes are done with it; Object Manager maintains the record of which objects are currently in use via reference counting
, as well as the ownership information. Any system call
that changes the state of resource allocation to processes goes via the Object Manager.
Objects can either be Kernel objects or Executive objects. Kernel objects represents primitive resources such as physical devices, or services such as synchronization, which are required to implement any other type of OS service. Kernel objects are not exposed to user mode code, but are restricted to kernel code. Applications and services running outside the kernel use the Executive objects, which are exposed by the Windows Executive, along with its components such as the memory manager, scheduler and I/O subsystem. Executive objects encapsulate one or more kernel objects and exposes not only the kernel and kernel-mediated resources but also an expanded set of services than the kernel does. Applications themselves can wrap one or more Executive objects and surface objects that offer certain services. Executive objects are also used by the environment subsystems (such as the NT subsystem, the POSIX subsystem etc.) to implement the functionality of the respective environments.
Whenever an object is created or opened, a reference to the instance, called a handle, is created. Object Manager indexes the objects both by their names as well as the handles. But, referencing the objects by the handles is faster because the name translation can be skipped. Handles are associated with processes (by making an entry into the process' Handle table that lists the handles it owns), and can be transferred between processes as well. A process must own a handle to an object before using it. A process can own a maximum of 16,000,000 handles at one time. During creation, a process gains handles to a default set of objects. While there exists different types of handles - file handles, event handles and process handles - they only help in identifying the type of the target objects; not in distinguishing the operations that can be performed through them, thus providing consistency to how various object types are handled programmatically. Handle creation and resolution of objects from handles are solely mediated by Object Manager, so no resource usage goes unnoticed by it.
The types of Executive objects exposed by Windows NT are:
A
of the object),
ports),
OBJECT_ATTRIBUTES structure:
typedef struct _OBJECT_ATTRIBUTES{
ULONG Length;
HANDLE RootDirectory;
PUNICODE_STRING ObjectName;
ULONG Attributes;
PSECURITY_DESCRIPTOR SecurityDescriptor;
PSECURITY_QUALITY_OF_SERVICE SecurityQualityOfService;
}
The Attributes member can be zero, or a combination of the following flags:
OBJ_INHERIT
OBJ_PERMANANT
OBJ_EXCLUSIVE
OBJ_CASE_INSENSITIVE
OBJ_OPENIF
OBJ_OPENLINK
OBJ_KERNEL_HANDLE
Windows registry
The Windows Registry is a hierarchical database that stores configuration settings and options on Microsoft Windows operating systems. It contains settings for low-level operating system components as well as the applications running on the platform: the kernel, device drivers, services, SAM, user...
entries or even running processes. All objects representing resources have an
Object Type
property and other metadata about the resource. Object Manager is a shared resource, and all subsystems that deal with the resources have to pass through the Object Manager.Architecture
Object Manager is the centralized resource broker in the Windows NTWindows NT
Windows NT is a family of operating systems produced by Microsoft, the first version of which was released in July 1993. It was a powerful high-level-language-based, processor-independent, multiprocessing, multiuser operating system with features comparable to Unix. It was intended to complement...
line of Operating Systems, which keeps track of the resources allocated to processes. It is resource-agnostic and can manage any type of resource, including device and file handles. All resources are represented as objects, each belonging to a logical namespace for categorization and having a type that represents the type of the resource, which exposes the capabilities and functionalities via properties. An object is kept available until all processes are done with it; Object Manager maintains the record of which objects are currently in use via reference counting
Reference counting
In computer science, reference counting is a technique of storing the number of references, pointers, or handles to a resource such as an object, block of memory, disk space or other resource...
, as well as the ownership information. Any system call
System call
In computing, a system call is how a program requests a service from an operating system's kernel. This may include hardware related services , creating and executing new processes, and communicating with integral kernel services...
that changes the state of resource allocation to processes goes via the Object Manager.
Objects can either be Kernel objects or Executive objects. Kernel objects represents primitive resources such as physical devices, or services such as synchronization, which are required to implement any other type of OS service. Kernel objects are not exposed to user mode code, but are restricted to kernel code. Applications and services running outside the kernel use the Executive objects, which are exposed by the Windows Executive, along with its components such as the memory manager, scheduler and I/O subsystem. Executive objects encapsulate one or more kernel objects and exposes not only the kernel and kernel-mediated resources but also an expanded set of services than the kernel does. Applications themselves can wrap one or more Executive objects and surface objects that offer certain services. Executive objects are also used by the environment subsystems (such as the NT subsystem, the POSIX subsystem etc.) to implement the functionality of the respective environments.
Whenever an object is created or opened, a reference to the instance, called a handle, is created. Object Manager indexes the objects both by their names as well as the handles. But, referencing the objects by the handles is faster because the name translation can be skipped. Handles are associated with processes (by making an entry into the process' Handle table that lists the handles it owns), and can be transferred between processes as well. A process must own a handle to an object before using it. A process can own a maximum of 16,000,000 handles at one time. During creation, a process gains handles to a default set of objects. While there exists different types of handles - file handles, event handles and process handles - they only help in identifying the type of the target objects; not in distinguishing the operations that can be performed through them, thus providing consistency to how various object types are handled programmatically. Handle creation and resolution of objects from handles are solely mediated by Object Manager, so no resource usage goes unnoticed by it.
The types of Executive objects exposed by Windows NT are:
Process Process (computing) In computing, a process is an instance of a computer program that is being executed. It contains the program code and its current activity. Depending on the operating system , a process may be made up of multiple threads of execution that execute instructions concurrently.A computer program is a... |
A collection of executable threads along with virtual address Virtual address In computer technology, a virtual address is an address identifying a virtual, i.e. non-physical, entity.-Description:The term virtual address is most commonly used for an address pointing to virtual memory or, in networking, when referring to a virtual network address... ing and control information. |
---|---|
Thread | An entity containing code in execution, inside a process. |
Job | A collection of processes. |
File | An open file or an I/O I/O I/O may refer to:* Input/output, a system of communication for information processing systems* Input-output model, an economic model of flow prediction between sectors... device. |
File mapping object | A region of memory mapped to a file. |
Access token | The access rights for an object. |
Event | An object which encapsulates some information, to be used for notifying processes of something. |
Semaphore Semaphore (programming) In computer science, a semaphore is a variable or abstract data type that provides a simple but useful abstraction for controlling access by multiple processes to a common resource in a parallel programming environment.... /Mutex |
Objects which serialize Serialization In computer science, in the context of data storage and transmission, serialization is the process of converting a data structure or object state into a format that can be stored and "resurrected" later in the same or another computer environment... access to other resources. |
Timer | An objects which notifies processes at fixed intervals. |
Key | A registry Windows registry The Windows Registry is a hierarchical database that stores configuration settings and options on Microsoft Windows operating systems. It contains settings for low-level operating system components as well as the applications running on the platform: the kernel, device drivers, services, SAM, user... key. |
Desktop | A logical display surface to contain GUI Gui Gui or guee is a generic term to refer to grilled dishes in Korean cuisine. These most commonly have meat or fish as their primary ingredient, but may in some cases also comprise grilled vegetables or other vegetarian ingredients. The term derives from the verb, "gupda" in Korean, which literally... elements. |
Clipboard Clipboard (software) The clipboard is a software facility that can be used for short-term data storage and/or data transfer between documents or applications, via copy and paste operations... |
A temporary repository for other objects. |
WindowStation | An object containing a group of Desktop objects, one Clipboard and other user objects. |
Symbolic link Symbolic link In computing, a symbolic link is a special type of file that contains a reference to another file or directory in the form of an absolute or relative path and that affects pathname resolution. Symbolic links were already present by 1978 in mini-computer operating systems from DEC and Data... |
A reference to other objects, via which the referred object can be used. |
Object structure
Each object managed by the Object Manager has a header and a body; the header contains state information used by Object Manager, whereas the body contains the object-specific data and the services it exposes. An object header contains certain data, exposed as Properties, such asObject Name
(which identifies the object), Object Directory
(the category the object belongs to), Security DescriptorSecurity descriptorSecurity descriptors are data structures of security information for securable Windows objects, that is objects that can be identified by a unique name...
s
(the access rights for an object), Quota Charges
(the resource usage information for the object), Open handle count
(the number of times a handle, an identifier to the object, has been opened), Open handle list
(the list of processes which has a live reference to the object), its Reference count
(the number of live references to the object), and the Type
(an object that identifies the structure of the object body) of the object.A
Type
object contains properties unique to the type of the object as well as static methods that implements the services offered by the object. Objects managed by Object Manager must at least provide a predefined set of services: Close
(which closes a handle to an object), Duplicate
(create another handle to the object with which another process can gain shared access to the object), Query object
(gather information about its attributes and properties), Query security
(get the security descriptorSecurity descriptor
Security descriptors are data structures of security information for securable Windows objects, that is objects that can be identified by a unique name...
of the object),
Set security
(change the security access), and Wait
(to synchronize with one or more objects via certain events). Type objects also have some common attributes, including the type name, whether they are to be allocated in non-paged memory, access rights, and synchronization information. All instances of the same type share the same type object, and the type object is instantiated only once. A new object type can be created by endowing an object with Properties to expose its state and methods to expose the services it offers.Object name
is used to give a descriptive identity to an object, to aid in object lookup. Object Manager maintains the list of names already assigned to objects being managed, and maps the names to the instances. Since most object accesses occur via handles, it is not always necessary to lookup the name to resolve into the object reference. Lookup is only performed when an object is created (to make sure the new object has a unique name), or a process accesses an object by its name explicitly. Object directories
are used to categorize them according to the types. Predefined directories include \??
(device names), \BaseNamedObjects
(Mutexes, events, semaphores, waitable timers, and section objects), \Callback
(callback functions), \Device
, \Drivers
, \FileSystem
, \KnownDlls
, \Nls
(language tables), \ObjectTypes
(type objects), \RPC Controls
(RPCRemote procedure call
In computer science, a remote procedure call is an inter-process communication that allows a computer program to cause a subroutine or procedure to execute in another address space without the programmer explicitly coding the details for this remote interaction...
ports),
\Security
(security subsystem objects), and \Window
(windowing subsystem objects). Objects also belong to a Namespace. Each user session is assigned a different namespace. Objects shared between all sessions are in the GLOBAL namespace, and session-specific objects are in the specific session namespacesOBJECT_ATTRIBUTES structure:
typedef struct _OBJECT_ATTRIBUTES{
ULONG Length;
HANDLE RootDirectory;
PUNICODE_STRING ObjectName;
ULONG Attributes;
PSECURITY_DESCRIPTOR SecurityDescriptor;
PSECURITY_QUALITY_OF_SERVICE SecurityQualityOfService;
}
The Attributes member can be zero, or a combination of the following flags:
OBJ_INHERIT
OBJ_PERMANANT
OBJ_EXCLUSIVE
OBJ_CASE_INSENSITIVE
OBJ_OPENIF
OBJ_OPENLINK
OBJ_KERNEL_HANDLE