Creating an Object Manager Browser Part 3 – Security Dialog

February 26, 2014

In the previous post we’ve managed to get most of WinObj’s functionality – browsing the folders and viewing object information. The last “major” missing piece is the security dialog that shows security related information for certain object types. I’m certainly not a security expert; on top of that the security API in Windows is one of the most dreadful APIs in all Windows. Fortunately, to get the standard security dialog to show we just need to call one function – EditSecurity or CreateSecurityPage. The former shows the basic security dialog box and returns when it’s dismissed, while the latter...

Creating an Object Manager Browser Part 2–Viewing Object Information

February 9, 2014

In the previous post, I’ve shown how to use Native API functions to access information not available through the normal, documented, Windows API. In this post, I’d like to show how to take a look at specific objects, such as mutexes, events and semaphores. But first, a bug fix. In the code that was doing the directory object enumeration was a bug, manifested when the list of objects was too long – or rather, the buffer required to hold all object names and type names was insufficient. The code checked the returned number of bytes needs and compared with...
no comments

Creating a “WinObj”-like Tool

February 5, 2014

The SysInternals WinObj tool allows looking into the Object Manager’s namespace: The left view looks like file system folders, but in fact these are logical folders maintained by the Object Manager (part of the Executive within the kernel) purely in memory. I will not get into details about the information itself that is provided by the tool in this post. You can find some information on the web and the book “The SysInternals Administrative Reference”. How does WinObj gets the information? One obvious way is to use a driver – in kernel mode everything is...