Copyright © 1996-1998 Mark Russinovich and Bryce Cogswell | |
Last Updated,January 2, 1998
|
|
Introduction | WinObj
is a must-have tool if you are a system administrator
concerned about security, a developer tracking down
object-related problems, or just curious about the Object
Manager namespace. WinObj is a 32-bit Windows NT program that uses the native Windows NT API (provided by NTDLL.DLL) to access and display information on the NT Object Manager's name space. Winobj may seem similar to the Microsoft SDK's program of the same name, but the SDK version suffers from numerous significant bugs that prevent it from displaying accurate information (e.g. its handle and reference counting information aretotally broken). In addition, our WinObj understands many more object types. Finally, Version 2.0 of our WinObj has user-interface enhancements, knows how to open device objects, and will let you view and change object security information using native NT security editors. Source code for WinObj 1.0 is available on the Dr. Dobb's Journal NTInternals CD-ROM. |
Installation and Use | There is no device driver component to WinObj, so you can run it like any Win32 program. |
Sample Screen Shot | This is a screenshot of WinObj browsing the Object Manager namespace. |
How It Works |
The Object Manager is in charge of managing NT objects. As part of this responsibility, it maintains an internal namespace where various operating system components, device drivers and Win32 programs can store and lookup objects. The native NT API provides routines that allow user-mode programs to browse the namespace and query the status of objects located there, but the interfaces are undocumented. |
More Information |
Helen Custer's Inside Windows NT provides a good overview of the Object Manager name space, and Mark's October 1997 Windows NT Magazine column, "Inside the Object Manager", is (of course) an excellent overview. |