Set - 1

Question 1 :

What are types of kernel objects?

Answer :

Several types of kernel objects, such as access token objects, event objects, file objects, file-mapping objects, I/O completion port objects, job objects, mailslot objects, mutex objects, pipe objects, process objects, semaphore objects, thread objects, and waitable timer objects.


Question 2 :

What is a kernel object?

Answer :

Each kernel object is simply a memory block allocated by the kernel and is accessible only by the kernel. This memory block is a data structure whose members maintain information about the object. Some members (security descriptor, usage count, and so on) are the same across all object types, but most are specific to a particular object type. For example, a process object has a process ID, a base priority, and an exit code, whereas a file object has a byte offset, a sharing mode, and an open mode.


Question 3 :

User can access these kernel objects structures?

Answer :

Kernel object data structures are accessible only by the kernel


Question 4 :

If we cannot alter these Kernel Object structures directly, how do our applications manipulate these kernel objects?

Answer :

The answer is that Windows offers a set of functions that manipulate these structures in well-defined ways. These kernel objects are always accessible via these functions. When you call a function that creates a kernel object, the function returns a handle that identifies the object.


Question 5 :

How owns the Kernel Object?

Answer :

Kernel objects are owned by the kernel, not by a process


Question 6 :

How does the kernel object outlive the process that created it?

Answer :

If your process calls a function that creates a kernel object and then your process terminates, the kernel object is not necessarily destroyed. Under most circumstances, the object will be destroyed; but if another process is using the kernel object your process created, the kernel knows not to destroy the object until the other process has stopped using it


Question 7 :

Which is the data member common to all the kernel object and what is the use of it?

Answer :

The usage count is one of the data members common to all kernel object types


Question 8 :

How to identify the difference between the kernel object and user object?

Answer :

The easiest way to determine whether an object is a kernel object is to examine the function that creates the object. Almost all functions that create kernel objects have a parameter that allows you to specify security attribute information.


Question 9 :

What is the purpose of Process Handle Table?

Answer :

When a process is initialized, the system allocates a handle table for it. This handle table is used only for kernel objects, not for User objects or GDI objects. When a process first initializes, its handle table is empty. Then when a thread in the process calls a function that creates a kernel object, such as CreateFileMapping , the kernel allocates a block of memory for the object and initializes it; the kernel then scans the process's handle table for an empty entry


Question 10 :

Name few functions that create Kernel Objects?

Answer :

HANDLE CreateThread(…),HANDLE CreateFile(..),HANDLE CreateFileMapping(..)HANDLE CreateSemaphore(..)etcAll functions that create kernel objects return process-relative handles that can be used successfully by any and all threads that are running in the same process.