Object Manager: Difference between revisions

Browse history interactively

← Previous edit

Content deleted Content added

VisualWikitext

Revision as of 06:36, 30 July 2013 edit AsceticRose (talk \| contribs) Extended confirmed users, Pending changes reviewers, Rollbackers 8,661 edits m Reverted 1 edit by 60.240.3.70 (talk) to last revision by Faizan. (TW) ← Previous edit		Latest revision as of 16:16, 13 August 2025 edit undo Ykahveci (talk \| contribs) 9 edits m Fixed typo Tag: 2017 wikitext editor
(43 intermediate revisions by 30 users not shown)
Line 1: {{Short description\|Windows NT subsystem}} [[File:Object Manager (Windows) screenshot.png\|thumb\|right\|'''Object Manager''' in Windows, categorized hierarchically using ''namespaces'']]▼ {{About\|the Windows Executive subsystem\|the general concept\|Object manager}} '''Object Manager''' (internally called '''Ob''') is a subsystem implemented as part of the [[Windows Executive]] which manages Windows ''resources''. Each resource, which are surfaced as logical ''objects'', resides in a namespace for categorization. Resources can be physical devices, files or folders on volumes, [[Windows Registry\|Registry]] entries or even running processes. All objects representing resources have an <code>Object Type</code> property and other metadata about the resource. Object Manager is a shared resource, and all subsystems that deal with the resources have to pass through the Object Manager.▼ {{Refimprove\|date=March 2019}} ▲[[File:Object Manager (Windows) screenshot.png\|thumb\|~~right\|'''~~Object Manager~~'''~~ in Windows, categorized hierarchically using ''namespaces'']] ▲'''Object Manager''' (internally called '''Ob''') is a subsystem implemented as part of the [[Windows Executive]] which manages Windows ''resources''. ~~Each resource~~Resources, which are surfaced as logical ''objects'', ~~resides~~each reside in a namespace for categorization. Resources can be physical devices, files or folders on volumes, [[Windows Registry\|Registry]] ~~entries~~keys or even running processes. All objects representing resources have an <code>Object Type</code> property and other metadata about the resource. Object Manager is a shared resource, and all subsystems that deal with the resources have to pass through the Object Manager. ==Architecture== [[File:Windows_2000_architecture.svg\|thumb\|The Object Manager in the [[architecture of Windows NT]]]] Object Manager is the centralized resource broker in the [[Windows NT]] line of ~~Operating~~operating ~~Systems~~systems, which keeps track of the resources allocated to processes. It is resource-agnostic and can manage any type of resource, including device and file handles. All resources are represented as objects, each belonging to a logical namespace for categorization and having a type that represents the type of the resource, which exposes the capabilities and functionalities via properties. An object is kept available until all processes are done with it; Object Manager maintains the record of which objects are currently in use via [[reference counting]], as well as the ownership information. Any [[system call]] that changes the state of resource allocation to processes goes via the Object Manager. Objects can either be ''Kernel objects'' or ''Executive objects''. Kernel objects ~~represents~~represent primitive resources such as physical devices, or services such as synchronization, which are required to implement any other type of OS service. Kernel objects are not exposed to [[user mode]] code, but are restricted to kernel code. Applications and services running outside the kernel use ~~the~~ ''Executive objects'', which are exposed by the [[Windows Executive]], along with its components such as the memory manager, scheduler and I/O subsystem. Executive objects encapsulate one or more kernel objects and ~~exposes~~expose not only the kernel and kernel-mediated resources, but also an expanded set of services ~~than~~that the kernel does.{{clarify\|date=January 2019}} Applications themselves can wrap one or more Executive objects and surface objects{{Definition needed\|date=January 2019}} that offer certain services. Executive objects are also used by the environment subsystems (such as the NTWin32 subsystem, the OS/2 subsystem, the POSIX subsystem, etc.) to implement the functionality of the respective environments. Whenever an object is created or opened, a reference to the instance, ~~called~~known as a ''handle'', is created. The Object Manager indexes ~~the~~ objects by both by their names ~~as well as the~~and handles. ~~But, referencing the~~Referencing objects by ~~the~~ handles is faster ~~because~~since ~~the~~it bypasses name translation ~~can be skipped~~. Handles are associated with processes (by making an entry ~~into~~in the process's ''Handle table'', ~~that~~which lists the handles it owns), and can be transferred between processes ~~as well~~. A process must own a handle to an object ~~before~~to ~~using~~use it., ~~A process~~and can own aup ~~maximum of~~to 16,000,000 handles at one time. During creation, a process gains handles to a default set of objects. ~~While~~There ~~there exists~~are different types of handles, -such as ''file handles'', ''event handles'', and ''process handles'', -which ~~they only help in identifying~~identify the type of ~~the~~ target objects; but do not ~~in distinguishing~~distinguish the operations that can be performed through them~~, thus~~. ~~providing~~This consistency toensures uniform ~~how~~handling of various object types ~~are handled~~ programmatically. Handle creation and resolution of objects from handles are ~~solely~~exclusively ~~mediated~~managed by the Object Manager, soensuring that no resource usage goes unnoticed ~~by it~~. The types of Executive objects exposed by Windows NT are: {\| class="wikitable" align="center" \|- !Type !!Description !![[System call]] to get handle \|- !Directory \| A container holds other kernel objects. Multiple levels of nested directories organize all kernel objects into a single tree. \|NtCreateDirectoryObject<br />NtOpenDirectoryObject \|- ![[Process (computing)\|Process]] \| A collection of executable [[thread (computing)\|threads]] along with [[virtual address]]ing and control information. \|NtCreateProcess<br />NtOpenProcess \|- ![[Thread (computing)\|Thread]] \| An entity containing code in execution, inside a process. \|NtCreateThread<br />NtOpenThread \|- !Job \| A collection of processes. \|NtCreateJobObject<br />NtOpenJobObject \|- !File \| An open [[~~file~~File (computing)\|file]], [[Directory (computing)\|directory]] or an [[I/O]] device. \|NtCreateFile<br />NtOpenFile \|- !Section ~~!File mapping object~~ \| A region of memory ~~mapped~~optionally tobacked by a file or the [[Paging\|page file]]. \|NtCreateSection<br />NtOpenSection \|- !Access token \| The identity, properties, privileges and access rights ~~for~~of a process anor ~~object~~thread. \|NtCreateToken<br />NtDuplicateToken<br />NtOpenProcessToken<br />NtOpenThreadToken \|- !Event \| An object which encapsulates some information, to be used for notifying processes of something. \|NtCreateEvent<br />NtOpenEvent \|- ![[Semaphore (programming)\|Semaphore]]/[[Mutex]] \| Objects which [[serialization\|serialize]] access to other resources. \|NtCreateSemaphore<br />NtOpenSemaphore \|- !Timer \| An ~~objects~~object which notifies processes at fixed intervals. \|NtCreateTimer<br />NtOpenTimer \|- !Key \| A [[Windows Registry\|registry]] key. \|NtCreateKey<br />NtOpenKey \|- !Desktop \| A logical display surface to contain [[GUI]] elements. \|None \|- ![[Clipboard (software)\|Clipboard]] \| A temporary repository for other objects. \|None \|- !WindowStation \| An object containing a group of Desktop objects, one Clipboard and other user objects. \|None \|- ![[Symbolic link]] \| A reference to ~~other~~another ~~objects~~object, via which the referred object can be used. \|NtCreateSymbolicLinkObject<br />NtOpenSymbolicLinkObject \|} Line 61 ⟶ 85: A <code>Type</code> object contains properties unique to the type of the object as well as static methods that implement the services offered by the object. Objects managed by Object Manager must at least provide a predefined set of services: <code>Close</code> (which closes a handle to an object), <code>Duplicate</code> (create another handle to the object with which another process can gain shared access to the object), <code>Query object</code> (gather information about its attributes and properties), <code>Query security</code> (get the [[security descriptor]] of the object), <code>Set security</code> (change the security access), and <code>Wait</code> (to synchronize with one or more objects via certain events). Type objects also have some common attributes, including the type name, whether they are to be allocated in non-paged memory, access rights, and synchronization information. All instances of the same type share the same type object, and the type object is instantiated only once. A new object type can be created by endowing an object with Properties to expose its state and methods to expose the services it offers. <code>Object name</code> is used to give a descriptive identity to an object, to aid in object lookup. Object Manager maintains the list of names already assigned to objects being managed, and maps the names to the instances. Since most object accesses occur via handles, it is not always necessary to look up the name to resolve into the object reference. Lookup is only performed when an object is created (to make sure the new object has a unique name), or a process accesses an object by its name explicitly. <code>Object directories</code> are used to categorize them according to the types. Predefined directories include <code>\??</code> alias <code>\DosDevices</code> (device names), <code>\BaseNamedObjects</code> (~~Mutexes~~mutexes, events, semaphores, waitable timers, and section objects), <code>\Callback</code> (callback functions), <code>\Device</code>, <code>\~~Drivers~~Driver</code>, <code>\FileSystem</code>, <code>\KnownDlls</code>, <code>\Nls</code> (language tables), <code>\ObjectTypes</code> (type objects), <code>\RPC ~~Controls~~Control</code> ([[Remote Procedure Call\|RPC]] ports), <code>\Security</code> (security subsystem objects), and <code>\~~Window~~Windows</code> (windowing subsystem objects). Objects also belong to a ''Namespace''. Each user session is assigned a different namespace. Objects shared between all sessions are in the ''GLOBAL'' namespace, and (logon) session-specific objects are in the specific (logon) session namespaces OBJECT_ATTRIBUTES structure: <syntaxhighlight lang="c"> typedef struct _OBJECT_ATTRIBUTES { ULONG Length; HANDLE RootDirectory; Line 71 ⟶ 96: PSECURITY_DESCRIPTOR SecurityDescriptor; PSECURITY_QUALITY_OF_SERVICE SecurityQualityOfService; } OBJECT_ATTRIBUTES POBJECT_ATTRIBUTES; } </syntaxhighlight> The Attributes member can be zero, or a combination of the following flags: OBJ_INHERIT OBJ_PERMANENT ~~OBJ_PERMANANT~~ OBJ_EXCLUSIVE OBJ_CASE_INSENSITIVE Line 82 ⟶ 108: OBJ_KERNEL_HANDLE == Usage == Object Manager paths are available to many Windows API file functions, although Win32 names like {{tt\|\\?\}} and {{tt\|\\.\}} for the local namespaces suffice for most uses.<ref>{{cite web \|title=Naming Files, Paths, and Namespaces - Win32 apps \|url=https://docs.microsoft.com/en-us/windows/win32/fileio/naming-a-file \|website=docs.microsoft.com \|date=28 August 2024 \|language=en-us}}</ref> Using the former in Win32 user-mode functions translates directly to {{tt\|\??}}, but using {{tt\|\??}} is still different as this NT form does not turn off pathname expansion.<ref>{{cite web \|title=winapi - Is there a difference between \??\ and \\?\ paths? \|url=https://stackoverflow.com/questions/25090101/is-there-a-difference-between-and-paths \|website=Stack Overflow}}</ref> Tools that serve as explorers in the Object Manager namespaces are available. These include the 32-bit WinObj from [[Sysinternals]]<ref>{{cite web \|title=WinObj - Windows Sysinternals \|url=https://docs.microsoft.com/en-us/sysinternals/downloads/winobj \|website=docs.microsoft.com \|date=26 July 2023 \|language=en-us}}</ref> and the 64-bit WinObjEx64.<ref>{{cite web \|title=hfiref0x/WinObjEx64: Windows Object Explorer 64-bit \|url=https://github.com/hfiref0x/WinObjEx64 \|website=GitHub \|date=20 February 2020}}</ref> ==See also== [[Architecture of Windows NT]] * [[Process group\|Process groups]] and [[control groups\|cgroups]]{{snd}} the equivalent [[POSIX]] and [[Linux]] concepts to the ‘Job’ object type discussed above ==References== {{Reflist}} {{refbegin}} * {{cite book \| title = Microsoft Windows Internals \| edition = 4th ~~edition~~ \| chapter = Chapter 3: System Mechanisms \| pages = [https://archive.org/details/isbn_9780735619173/page/124 124–149] \| last = Russinovich \| first = Mark \| ~~authorlink~~author-link = Mark Russinovich \| ~~coauthors~~author2 = ~~[[David A. Solomon\|~~David Solomon]] \| year = 2005 \| publisher = Microsoft Press \| idisbn = ~~ISBN~~ 0-7356-1917-4 \| url-access = registration \| url = https://archive.org/details/isbn_9780735619173/page/124 }} {{refend}}