Transcript Windows NT Object Manager

Windows Object Manager
CS 470 -- Spring 2002
Overview
•
•
•
•
•
•
The object paradigm
NT Objects and the Object Manager
Object Structure
Object Naming
Object Handles
Object Retention and Resource
Limits
Objects in Windows NT/2K/XP
•
•
•
•
Provide a uniform access method
Provide human readable names
Centralize security
Uniform charging method for use of
resources
• Uniform object retention method
• Support resource inheritance by
child processes
Examples of Objects
• Processes and Threads (Process
Manager)
• Sections (Memory Manager)
• File (I/O Manager)
• Events, Semaphores, Mutants, Timers
• Access Tokens (Security system)
• Object Directories, Symbolic Links
(Object Manager)
• Registry keys and many more…
Process
Structure
Access
Token
Virtual Address Space Description
Process
Object Table
Handle 1
Thread a
Handle 2
File c
Handle 3
Section f
Object Manager
• Creates and deletes objects
• Sole source of handles for accessing
objects
• At each use of handle, verifies access is
allowed by the particular user
• Deletes temporary objects when no
longer needed
• Enforces quotas for various object types
Object Creation
• Allocation of memory for the object
• Attaches security descriptor (who
can do what to the object)
• Insertion into object directory
structure
• Create handle and return to caller
Opening Objects
• Caller specifies desired access rights
• Object manager calls security reference
monitor; Security reference monitor
checks against security descriptor to
see what is permitted; Object manager
stores granted access rights in object
handle which is returned to caller.
• Handle needed for all object accesses.
Object manager checks all accesses
against granted access rights.
Object Structure
Object
Header
Object
Body
Object 1
Type
Object
Name
Directory
Sec Desc
Type name
Access Types
Etc.
Etc.
Object
Type
Specific
Object 2
Handle Database
Handle Count
Proc1 Handle
Proc1 Count
Etc.
Object 3
Object Header Entries
•
•
•
•
•
•
•
•
•
Object name
Object directory
Security Descriptor
Quota Charges
Open handle count
Open handle database
Reference Count
Kernel/user mode
Type Object Pointer
Type Object Attributes
•
•
•
•
•
Object Type Name
Access Types
Synchronizable?
Pool Type
Default Quota
Charges
• Generic Rights Map
• Methods: open,
close, delete, parse,
query name,
query/set security
Type Name, e.g. process
Possible access methods
Can threads wait on this
Allowed to page out?
How much to charge
(paged, non-paged pool)
What is GEN. READ, etc?
Routines called by object
manager during
various generic
services
Generic Object Services
•
•
•
•
•
•
Close
Duplicate Handle
Query object
Query security
Set Security
Wait for single
object
• Wait for multiple
objects
Invalidates handle
Shares an object
Get info about attributes
Get security descriptor
Set security descriptor
Synchronize with 1
object
Synchronize with
multiple objects
Object Names
• Used to distinguish objects, to find
objects, and to share objects.
• Name lookup is expensive -- so done
only during creation (to put in object
tree) and open.
• Each computer (which may be a
multiprocessor) has its own name
space.
• Name space is a single tree
Object Directory Object Type
Type Name
Methods
Body
Services
Object Directory
Parse
Name List
Create object dir
Open object dir
Query object dir
Symbolic Link Object Type
Type Name
Body
Services
Symbolic Link
Substitute String
Creation Date
Create Symbolic Link
Open Symbolic Link
Query Symbolic Link
Symbolic Link Example
\
Device
Floppy0
DosDevices
A:
mark1
\Device\Floppy0
Mark1.c
Mark1.ppt
Object Handles
• Index into a process’s object table.
So they are valid only in the process.
• Obtained by creating, opening,
inheriting, or receiving a duplicated
handle from another process.
• Attributes: Protect from Close, Audit
on Close, Inheritable.
Granted Access Rights
Attributes
Pointer to Object
Retention and Quotas
• Object Retention via open handle count
and then by reference count
• Quotas for use of paged pool, non-paged
pool, paging file, and security descriptor.
Limits are soft until memory manager
disallows extension.
• Typically single Quota Block for session,
but Windows 2K/XP has jobs