Set - 1

Question 1 :

What are types of kernel objects?

Answer :

Several types of kernel objects, such as access token objects, event objects, file objects, file-mapping objects, I/O completion port objects, job objects, mailslot objects, mutex objects, pipe objects, process objects, semaphore objects, thread objects, and waitable timer objects.

Question 2 :

What is a kernel object?

Answer :

Each kernel object is simply a memory block allocated by the kernel and is accessible only by the kernel. This memory block is a data structure whose members maintain information about the object. Some members (security descriptor, usage count, and so on) are the same across all object types, but most are specific to a particular object type. For example, a process object has a process ID, a base priority, and an exit code, whereas a file object has a byte offset, a sharing mode, and an open mode.

Question 3 :

User can access these kernel objects structures?

Answer :

Kernel object data structures are accessible only by the kernel

Question 4 :

If we cannot alter these Kernel Object structures directly, how do our applications manipulate these kernel objects?

Answer :

The answer is that Windows offers a set of functions that manipulate these structures in well-defined ways. These kernel objects are always accessible via these functions. When you call a function that creates a kernel object, the function returns a handle that identifies the object.

Question 5 :

How owns the Kernel Object?

Answer :

Kernel objects are owned by the kernel, not by a process