Objects can either be Kernel objects or Executive objects. Kernel objects represents primitive resources such as physical devices, or services such as synchronization, which are required to implement any other type of OS service. Kernel objects are not exposed to user mode code, but are restricted to kernel code. Applications and services running outside the kernel use the Executive objects, which are exposed by the Windows Executive, along with its components such as the memory manager, scheduler and I/O subsystem.
Whenever an object is created or opened, a reference to the instance, called a handle, is created. Object Manager indexes the objects both by their names as well as the handles. But, referencing the objects by the handles is faster because the name translation can be skipped. Handles are associated with processes (by making an entry into the process’ Handle table that lists the handles it owns), and can be transferred between processes as well. A process must own a handle to an object before using it. A process can own a maximum of 16,000,000 handles at one time. During creation, a process gains handles to a default set of objects. While there exists different types of handles – file handles, event handles and process handles – they only help in identifying the type of the target objects; not in distinguishing the operations that can be performed through them, thus providing consistency to how various object types are handled programmatically. Handle creation and resolution of objects from handles are solely mediated by Object Manager, so no resource usage goes unnoticed by it.
The types of Executive objects exposed by Windows NT are:
| Process | A collection of executable threads along with virtual addressing and control information. |
| Thread | An entity containing code in execution, inside a process. |
| Job | A collection of processes. |
| File | An open file or an I/O device. |
| File mapping object | A region of memory mapped to a file. |
| Access token | The access rights for an object. |
| Event | An object which encapsulates some information, to be used for notifying processes of something. |
| Semaphore/Mutex | Objects which serialize access to other resources. |
| Timer | An objects which notifies processes at fixed intervals. |
| Key | A registry key. |
| Desktop | A logical display surface to contain GUI elements. |
| Clipboard | A temporary repository for other objects. |
| WindowStation | An object containing a group of Desktop objects, one Clipboard and other user objects. |
| Symbolic link | A reference to other objects, via which the referred object can be used. |
You can use WinObj tool from Sysinternals to list all types of windows objects in use on a given system:
Reference: Object Manager (Windows)
