自己笔记-创建对象的过程

81 阅读 0 评论 54 点赞

我是靠谱客的博主甜美路人，最近开发中收集的这篇文章主要介绍自己笔记-创建对象的过程，觉得挺不错的，现在分享给大家，希望可以做个参考。

概述

P142

1、ExpInitializeTimerImplementaiton

2、填充OBJECT-TYPE内中的 TYPEINFO 对应的类型为OBJECT—TYPE-INITIALIZER

3、ObCreateobjectType 在obpobjecttypes 中填充该类型，要创建的CreateobjectType 的类型为TYPE类型，所以起对应的TYPE应该也类型对象就是（元对象）

注意obpobjecttypes 中的类型是实例化后的OBJECT的TYPE类型，但本身也是一个OBJECT，而obpobjecttypes[0]是类型的类型

kd> dd obpobjecttypes
805618a0 867eb648 867eb478 867eb2a8 867eb0d8
805618b0 867b7e38 867b7c68 867b7a98 867b7398
805618c0 867b2bf8 867b2a28 867b2858 867b2688
805618d0 867b24b8 867b22e8 867b1040 867b1e70
805618e0 867b1ca0 867b1ad0 867b1738 867ae980
805618f0 867ea818 867ea648 867a1e70 867a1ca0
80561900 867a1ad0 867a1900 867a1730 867a1560
80561910 867e4490 867b9040 867b9e70 00000000

kd> !object 867eb648
Object: 867eb648 Type: (867eb648) Type
    ObjectHeader: 867eb630 (old version)
    HandleCount: 0 PointerCount: 1
    Directory Object: e10010f0 Name: Type

4、ObpTypeDirectoryObject 查找是否是相同名的对象类型，有的话返回失败

5、ObpAllocObject 类似在obpobjecttypes数组中创建一个类型对象

6、CreatorInfo=OBJECT_HEADER_TO_CREATE(header);

if(CreatorInfo)

{

InsertTailList(&ObpTypeObjectType->typelis,&CreatorInfo->TypeList);

}

kd> dd obpobjecttypes

805618a0 867eb648 867eb478 867eb2a8 867eb0d8

805618b0 867b7e38 867b7c68 867b7a98 867b7398

805618c0 867b2bf8 867b2a28 867b2858 867b2688

805618d0 867b24b8 867b22e8 867b1040 867b1e70

805618e0 867b1ca0 867b1ad0 867b1738 867ae980

805618f0 867ea818 867ea648 867a1e70 867a1ca0

80561900 867a1ad0 867a1900 867a1730 867a1560

80561910 867e4490 867b9040 867b9e70 00000000

kd> !object 867eb478

Object: 867eb478 Type: (867eb648) Type

ObjectHeader: 867eb460 (old version)

HandleCount: 0 PointerCount: 1

Directory Object: e10010f0 Name: Directory

kd> dt _object_header 867eb648-0x18
nt!_OBJECT_HEADER
   +0x000 PointerCount     : 0n1
   +0x004 HandleCount      : 0n0
   +0x004 NextToFree       : (null)
   +0x008 Type             : 0x867eb648 _OBJECT_TYPE
   +0x00c NameInfoOffset   : 0x20 ' '
   +0x00d HandleInfoOffset : 0 ''
   +0x00e QuotaInfoOffset : 0 ''
   +0x00f Flags            : 0x17 ''
   +0x010 ObjectCreateInfo : (null)
   +0x010 QuotaBlockCharged : (null)
   +0x014 SecurityDescriptor : (null)
   +0x018 Body             : _QUAD

kd> dt _object_header_creator_info 867eb648-0x18-0x20+10

//(OBJECT-0x18)为Header 0x20NameInfoOffset sizeof(Object_Header_Name_Info)=0x10;

nt!_OBJECT_HEADER_CREATOR_INFO

+0x000 TypeList : _LIST_ENTRY [ 0x867eb450 - 0x867eb680 ]

+0x008 CreatorUniqueProcess : (null)

+0x00c CreatorBackTraceIndex : 0

+0x00e Reserved : 0

obpobjecttypes[1]=867eb478 //本身为一个OBJECT，同时也为OBJECT对象的TYPE 适用与OBJECT—TYPE结构

867eb478的_object_header_creator_info 为

867eb478-0x18-0x20+0x10=0x867eb450

正好在0x000 TypeList : _LIST_ENTRY [ 0x867eb450 - 0x867eb680 ]

验证了第六6

kd> !object 根目录
Object: e10001c0 Type: (867eb478) Directory
    ObjectHeader: e10001a8 (old version)
    HandleCount: 0 PointerCount: 40
    Directory Object: 00000000 Name:
    111 symbolic links snapped through this directory

    Hash Address Type          Name
    ---- ------- ----          ----
     00 e100d748 Directory     ArcName
     01 e1716030 Port          SeLsaCommandPort
     02 867b9910 Device        FatCdrom
     03 e100e458 Key           REGISTRY
     05 e1819f68 Port          ThemeApiPort
     06 e17e2928 Port          XactSrvLpcPort
     09 e168b458 Directory     NLS
     10 e1008738 SymbolicLink DosDevices
     13 e1566590 Port          SeRmCommandPort
     14 867b8650 Device        Dfs
         e1802f68 Port          LsaAuthenticationPort
         866c65e0 Event         LanmanServerAnnounceEvent
     16 e1566f38 Directory     Driver
     19 e100d670 Directory     Device
     20 e15d2328 Directory     Windows
     21 86646238 Event         SAM_SERVICE_STARTED
         e15ed0c0 Directory     Sessions
     22 e1004368 Directory     RPC Control
         e15e9c80 Port          SmApiPort
         867b9a28 Device        Fat
     23 e15d9900 Directory     BaseNamedObjects
         e10011d8 Directory     KernelObjects
     24 e156d4c0 Directory     FileSystem
         e1004510 Directory     GLOBAL??
     25 866269a8 WaitablePort NLAPublicPort
     26 e1e161c8 Port          SmSsWinStationApiPort
         e10010f0 Directory     ObjectTypes 对应obpobjecttypes 类型对象目录
     27 e100a550 Directory     Security
         e1721c58 Port          ErrorLogPort
         e1951380 Port          FusApiPort
     31 e100a460 SymbolicLink SystemRoot
         866b75e8 Device        Cdfs
     32 86557958 WaitablePort NLAPrivatePort
         e10085f0 Directory     Callback
     33 86648ff0 Event         EFSInitEvent
         866c79a8 Event         SeLsaInitEvent
         8677b6c8 Event         UniqueSessionIdEvent
     35 e15f02b0 Directory     KnownDlls