MyOS/ob_8c_source.html

/*++


Module Name:


    ob.c


Purpose:


    This translation unit contains the implementation of the object manager.


Author:


    slep (Matanel) 2025.


Revision History:


--*/


#include "../../includes/ob.h"

#include "../../includes/mg.h"

#include "../../includes/md.h"

#include "../../assert.h"

#include "../../includes/ps.h"


// Global list of types (for debugging/enumeration)

DOUBLY_LINKED_LIST ObTypeDirectoryList;

SPINLOCK ObGlobalLock;

volatile void* ObpReaperList = NULL;


DPC ObpReaperDpc;


void ObInitialize (

    void

)


/*++


    Routine description:


        Initializes the Object Manager of the kernel.


    Arguments:


        None.


    Return Values:


        None.


--*/


{

    ObGlobalLock.locked = false;

    InitializeListHead(&ObTypeDirectoryList);

    // Initialize the DPC here, not at the ObpDefer function, as it would overwrite.

    MeInitializeDpc(&ObpReaperDpc, ReapOb, NULL, MEDIUM_PRIORITY);

}


MTSTATUS ObCreateObjectType(

    IN char* TypeName,

    IN POBJECT_TYPE_INITIALIZER ObjectTypeInitializer,

    OUT POBJECT_TYPE* ReturnedObjectType

)


/*++


    Routine description:


        Creates an object type for the specified object in the kernel subsystem.


    Arguments:


        [IN]    char* TypeName - The name of the object subsystem that will be created for.

        [IN]    POBJECT_TYPE_INITIALIZER ObjectTypeInitializer - The initializer for each object created by ObCreateObject that defines how it should be created & its attributes.

        [OUT]   POBJECT_TYPE* ReturnedObjectType - The returned object type, used to identify this type of object initialization.


    Return Values:


        MTSTATUS Status codes:


            MT_INVALID_PARAM: Invalid parameter, one of them is NULL.

            MT_NO_MEMORY: No memory is available to create the object type.

            MT_SUCCESS: Successfully created the object type.


--*/


{

    if (!TypeName || !ObjectTypeInitializer || !ReturnedObjectType) {

        return MT_INVALID_PARAM;

    }


    // Allocate the Type Object itself.

    POBJECT_TYPE NewType = (POBJECT_TYPE)MmAllocatePoolWithTag(NonPagedPool, sizeof(OBJECT_TYPE), 'epyT'); // Type

    if (!NewType) return MT_NO_MEMORY;


    // Initialize the Type Object

    kmemset(NewType, 0, sizeof(OBJECT_TYPE));

    kstrncpy(NewType->Name, TypeName, 32);


    // Copy the initializer into the object

    kmemcpy(&NewType->TypeInfo, ObjectTypeInitializer, sizeof(OBJECT_TYPE_INITIALIZER));


    // Link it into the global list

    IRQL oldIrql;

    MsAcquireSpinlock(&ObGlobalLock, &oldIrql);

    InsertTailList(&ObTypeDirectoryList, &NewType->TypeList);

    MsReleaseSpinlock(&ObGlobalLock, oldIrql);


    // 5. Return the pointer

    *ReturnedObjectType = NewType;

    return MT_SUCCESS;

}


MTSTATUS


ObCreateObject(

    IN POBJECT_TYPE ObjectType,

    IN uint32_t ObjectSize,

    OUT void** ObjectCreated

    //_In_Opt char* Name - When files arrive, i'll uncomment this.

)


/*++


    Routine description:


       Creates an object for the specified object type subsystem.


    Arguments:


        [IN]    POBJECT_TYPE ObjectType - The object type to create the object for.

        [IN]    uint32_t ObjectBodySize - The size of the object in bytes to create.


    Return Values:


        Pointer to object, or NULL on failure.


--*/


{

    // 1. Calculate size

    size_t ActualSize = sizeof(OBJECT_HEADER) + ObjectSize;


    // Allocate memory for the header.

    POBJECT_HEADER Header = (POBJECT_HEADER)MmAllocatePoolWithTag(ObjectType->TypeInfo.PoolType, ActualSize, 'bObO'); // Ob Object, not bobo, lol.

    if (!Header) return MT_NO_MEMORY;


    Header->Type = ObjectType;

    Header->PointerCount = 1; // Start with 1 reference


    // Update stats in the Type object

    InterlockedIncrementU32((volatile uint32_t*)&ObjectType->TotalNumberOfObjects);


    // Return Body

    *ObjectCreated = OBJECT_HEADER_TO_OBJECT(Header);

    return MT_SUCCESS;

}


bool


ObReferenceObject(

    IN  void* Object

)


/*++


    Routine description:


       References the Object given.


    Arguments:


        [IN]    void* Object - The Object to increment reference count for.


    Return Values:


        True if reference succeded, false otherwise (object dying/dead).


--*/


{

    if (!Object) return false;

    POBJECT_HEADER Header = OBJECT_TO_OBJECT_HEADER(Object);


    uint64_t OldCount = Header->PointerCount;

    while (1) {

        if (OldCount == 0) return false; // Object is dying or dead


        uint64_t NewCount = InterlockedCompareExchangeU64(

            (volatile uint64_t*)&Header->PointerCount,

            OldCount + 1,

            OldCount

        );


        if (NewCount == OldCount) return true;

        OldCount = NewCount;

    }

}


MTSTATUS


ObReferenceObjectByPointer(

    IN  void* Object,

    IN  POBJECT_TYPE DesiredType

)


/*++


    Routine description:


       References the Object given by its pointer.


    Arguments:


        [IN]    void* Object - The Object to increment reference count for.

        [IN]    POBJECT_TYPE DesiredType - The type we EXPECT the Object to be (PsProcessType, PsThreadType, etc..)


    Return Values:


        MT_SUCCESS if reference succeeded.

        MT_TYPE_MISMATCH if DesiredType isn't the Object's actual OBJECT_TYPE.

        MT_INVALID_PARAM if Object is NULL.

        MT_OBJECT_DELETED if Object is deleted / ongoing deletion.


        MT_BETTER_THAN_WINDOWS if (true)


--*/


{

    if (!Object) return MT_INVALID_PARAM;


    POBJECT_HEADER Header = OBJECT_TO_OBJECT_HEADER(Object);


    // If the caller expects a process but gets a thread or a file, we say no no bye bye.

    if (DesiredType != NULL && Header->Type != DesiredType) {

        return MT_TYPE_MISMATCH;

    }


    // We reference it.

    if (ObReferenceObject(Object)) {

        return MT_SUCCESS;

    }


    // Object is RIP, we return.

    return MT_OBJECT_DELETED;

}


MTSTATUS


ObReferenceObjectByHandle(

    IN HANDLE Handle,

    IN uint32_t DesiredAccess,

    IN POBJECT_TYPE DesiredType,

    OUT void** Object,

    _Out_Opt PHANDLE_TABLE_ENTRY HandleInformation

)


/*++


    Routine description:


       References the Object given by its given handle.


    Arguments:


        [IN]    HANDLE Handle - The handle to reference the object for.

        [IN]    uint32_t DesiredAccess - The access rights requested for the object.

        [IN]    POBJECT_TYPE DesiredType - The type we EXPECT the Object to be (PsProcessType, PsThreadType, etc..)

        [OUT]   void** Object - The pointer to the object expected.

        [OUT OPTIONAL]  PHANDLE_TABLE_ENTRY HandleInformation - Information about the handle given if MT_SUCCESS is returned.


    Return Values:


        MT_SUCCESS if reference succeeded.

        MT_INVALID_HANDLE if the HANDLE is simply invalid (doesn't exist, or table doesnt exist)

        MT_TYPE_MISMATCH if DesiredType isn't the Object's actual OBJECT_TYPE.

        MT_INVALID_PARAM if Object is NULL.

        MT_OBJECT_DELETED if Object is deleted / ongoing deletion.

        MT_ACCESS_DENIED if the desired access does not meet the access rights of the Object.


        MT_BETTER_THAN_WINDOWS if (true)


--*/


{

    // Set initially to NULL. (to overwrite stack default if uninitialized)

    *Object = NULL;


    // Get the handle table from current process (requesting process)

    PEPROCESS Process = PsGetCurrentProcess();

    if (!Process || !Process->ObjectTable) return MT_INVALID_HANDLE;


    // Lookup in the handle table.

    PHANDLE_TABLE_ENTRY OutHandleEntry = NULL;

    void* RetrievedObject = HtGetObject(Process->ObjectTable, Handle, &OutHandleEntry);

    if (!RetrievedObject) return MT_INVALID_HANDLE;


    // Get the header.

    POBJECT_HEADER Header = OBJECT_TO_OBJECT_HEADER(RetrievedObject);


    // Lets check if the type matches

    if (DesiredType && Header->Type != DesiredType) {

        // Invalid type.

        return MT_TYPE_MISMATCH;

    }


    // Check access.

    if ((OutHandleEntry->GrantedAccess & DesiredAccess) != DesiredAccess) {

        // Access is invalid.

        return MT_ACCESS_DENIED;

    }


    // Wow!! It is all good!!, reference it.

    ObReferenceObject(RetrievedObject);

    *Object = RetrievedObject;

    if (HandleInformation) *HandleInformation = *OutHandleEntry;

    return MT_SUCCESS;

}


MTSTATUS


ObCreateHandleForObject(

    IN void* Object,

    IN ACCESS_MASK DesiredAccess,

    OUT PHANDLE ReturnedHandle

)


/*++


    Routine description:


       Creates a handle in the current process's handle table for the specified Object.


    Arguments:


        [IN]    void* Object - The object to create the handle for.

        [IN]    ACCESS_MASK DesiredAccess - The maximum access the handle should have.

        [OUT]   PHANDLE ReturnedHandle - The returned handle for the object if success.


    Return Values:


        MTSTATUS Status Codes:


            MT_SUCCESS - Successful.

            MT_INVALID_STATE - No handle table for current process.

            MT_INVALID_CHECK - HtCreateHandle returned MT_INVALID_HANDLE.

--*/


{

    // Acquire the object table.

    PHANDLE_TABLE ObjectTable = PsGetCurrentProcess()->ObjectTable;

    if (!ObjectTable) return MT_INVALID_ADDRESS;


    // Create the handle.

    HANDLE Handle = HtCreateHandle(ObjectTable, Object, DesiredAccess);

    if (Handle == MT_INVALID_HANDLE) return MT_INVALID_CHECK;


    // Reference the object.

    ObReferenceObject(Object);


    // Return success.

    *ReturnedHandle = Handle;

    return MT_SUCCESS;

}


MTSTATUS


ObCreateHandleForObjectEx(

    IN void* Object,

    IN ACCESS_MASK DesiredAccess,

    OUT PHANDLE ReturnedHandle,

    IN PHANDLE_TABLE ObjectTable

)


/*++


    Routine description:


       Creates a handle in the specified handle table for the specified Object.


    Arguments:


        [IN]    void* Object - The object to create the handle for.

        [IN]    ACCESS_MASK DesiredAccess - The maximum access the handle should have.

        [OUT]   PHANDLE ReturnedHandle - The returned handle for the object if success.

        [IN]    PHANDLE_TABLE ObjectTable - The handle table to insert the newly created handle in.


    Return Values:


        MTSTATUS Status Codes:


            MT_SUCCESS - Successful.

            MT_INVALID_STATE - No handle table for current process.

            MT_INVALID_CHECK - HtCreateHandle returned MT_INVALID_HANDLE.

--*/


{

    if (!ObjectTable || !Object) return MT_INVALID_ADDRESS;


    // Create the handle.

    HANDLE Handle = HtCreateHandle(ObjectTable, Object, DesiredAccess);

    if (Handle == MT_INVALID_HANDLE) return MT_INVALID_CHECK;


    // Reference the object.

    ObReferenceObject(Object);


    // Return success.

    *ReturnedHandle = Handle;

    return MT_SUCCESS;

}


static

void

ObpDeferObjectDeletion(

    IN POBJECT_HEADER Header

)


/*++


    Routine description:


       Defers object deletion to a DPC, to ensure no use after free.


    Arguments:


        [IN]    POBJECT_HEADER Header - The object header to defer deletion for.


    Return Values:


        None.


--*/


{

    volatile void* Entry;

    do {

        // Get the current entry.

        Entry = ObpReaperList;


        // Link our object to the linked list.

        Header->NextToFree = Entry;

        // Update the list

    } while (InterlockedCompareExchangePointer(&ObpReaperList, Header, (void*)Entry) != Entry);


    if (!Entry) {

        // Looks like a DPC hasn't been queued yet, lets do so!

        MeInsertQueueDpc(&ObpReaperDpc, NULL, NULL);

    }

}


void ObDereferenceObject(

    IN  void* Object

)


/*++


    Routine description:


       Dereferences the Object given.


    Arguments:


        [IN]    void* Object - The Object to decrement reference count for.


    Return Values:


        None.


    Notes:


        On reference count 0, object is deleted using type initializer routine.


--*/


{

    if (!Object) return;

    POBJECT_HEADER Header = OBJECT_TO_OBJECT_HEADER(Object);


    uint64_t NewCount = InterlockedDecrementU64((volatile uint64_t*)&Header->PointerCount);


    if (NewCount == 0) {

        // Get the type initializer for the object.

        POBJECT_TYPE Type = Header->Type;


#ifdef DEBUG

        // First call debug callback if exists

        if (Type->TypeInfo.DumpProcedure) Type->TypeInfo.DumpProcedure(Object);

#endif


        // Call Delete Callback if it exists

        if (Type->TypeInfo.DeleteProcedure) Type->TypeInfo.DeleteProcedure(Object);


        // Update Stats

        InterlockedDecrementU32((volatile uint32_t*)&Type->TotalNumberOfObjects);

        // Free Memory

        gop_printf(COLOR_RED, "Freeing the header\n");

        //ObpDeferObjectDeletion(Header);

        MmFreePool(Header);

    }

}


_Out_Opt
#define _Out_Opt
Definition annotations.h:10

IN
#define IN
Definition annotations.h:7

OUT
#define OUT
Definition annotations.h:8

assert.h

InterlockedIncrementU32
FORCEINLINE uint32_t InterlockedIncrementU32(volatile uint32_t *target)
Definition atomic.h:115

InterlockedCompareExchangeU64
FORCEINLINE uint64_t InterlockedCompareExchangeU64(volatile uint64_t *target, uint64_t value, uint64_t comparand)
Definition atomic.h:86

InterlockedCompareExchangePointer
FORCEINLINE void * InterlockedCompareExchangePointer(volatile void *volatile *target, void *value, void *comparand)
Definition atomic.h:171

InterlockedDecrementU32
FORCEINLINE uint32_t InterlockedDecrementU32(volatile uint32_t *target)
Definition atomic.h:116

InterlockedDecrementU64
FORCEINLINE uint64_t InterlockedDecrementU64(volatile uint64_t *target)
Definition atomic.h:122

IRQL
enum _IRQL IRQL

PEPROCESS
EPROCESS * PEPROCESS
Definition core.h:50

DOUBLY_LINKED_LIST
struct _DOUBLY_LINKED_LIST DOUBLY_LINKED_LIST

MeInsertQueueDpc
bool MeInsertQueueDpc(IN PDPC Dpc, IN void *SystemArgument1, IN void *SystemArgument2)
Definition dpc.c:47

ObpReaperList
volatile void * ObpReaperList
Definition ob.c:28

MeInitializeDpc
void MeInitializeDpc(IN PDPC DpcAllocated, IN PDEFERRED_ROUTINE DeferredRoutine, IN void *DeferredContext, IN DPC_PRIORITY DeferredPriority)
Definition dpc.c:384

ReapOb
void ReapOb(DPC *dpc, void *DeferredContext, void *SystemArgument1, void *SystemArgument2)
Definition dpc.c:18

gop_printf
void gop_printf(uint32_t color, const char *fmt,...)
Definition gop.c:694

kstrncpy
char * kstrncpy(char *dst, const char *src, size_t n)
Definition gop.c:416

HtGetObject
void * HtGetObject(PHANDLE_TABLE Table, HANDLE Handle, PHANDLE_TABLE_ENTRY *OutEntry)
Definition handle.c:389

HtCreateHandle
HANDLE HtCreateHandle(PHANDLE_TABLE Table, void *Object, uint32_t Access)
Definition handle.c:269

ACCESS_MASK
uint32_t ACCESS_MASK
Definition ht.h:63

PHANDLE
int32_t * PHANDLE
Definition ht.h:59

PHANDLE_TABLE_ENTRY
struct _HANDLE_TABLE_ENTRY * PHANDLE_TABLE_ENTRY

PHANDLE_TABLE
struct _HANDLE_TABLE * PHANDLE_TABLE

HANDLE
int32_t HANDLE
Definition ht.h:59

md.h

MEDIUM_PRIORITY
@ MEDIUM_PRIORITY
Definition me.h:60

DPC
struct _DPC DPC

mg.h

COLOR_RED
#define COLOR_RED
Colors definitions for easier access.
Definition mg.h:29

NonPagedPool
@ NonPagedPool
Definition mm.h:316

kmemcpy
FORCEINLINE void * kmemcpy(void *dest, const void *src, size_t len)
Definition mm.h:554

kmemset
FORCEINLINE void * kmemset(void *dest, int64_t val, uint64_t len)
Definition mm.h:540

InitializeListHead
FORCEINLINE void InitializeListHead(PDOUBLY_LINKED_LIST Head)
Definition ms.h:166

InsertTailList
FORCEINLINE void InsertTailList(PDOUBLY_LINKED_LIST Head, PDOUBLY_LINKED_LIST Entry)
Definition ms.h:179

SPINLOCK
struct _SPINLOCK SPINLOCK

MT_NO_MEMORY
#define MT_NO_MEMORY
Definition mtstatus.h:42

MT_TYPE_MISMATCH
#define MT_TYPE_MISMATCH
Definition mtstatus.h:34

MT_SUCCESS
#define MT_SUCCESS
Definition mtstatus.h:22

MT_ACCESS_DENIED
#define MT_ACCESS_DENIED
Definition mtstatus.h:26

MT_INVALID_ADDRESS
#define MT_INVALID_ADDRESS
Definition mtstatus.h:46

MT_INVALID_PARAM
#define MT_INVALID_PARAM
Definition mtstatus.h:24

MT_OBJECT_DELETED
#define MT_OBJECT_DELETED
Definition mtstatus.h:35

MTSTATUS
int32_t MTSTATUS
Definition mtstatus.h:12

MT_INVALID_HANDLE
#define MT_INVALID_HANDLE
Definition mtstatus.h:36

MT_INVALID_CHECK
#define MT_INVALID_CHECK
Definition mtstatus.h:33

ObCreateHandleForObject
MTSTATUS ObCreateHandleForObject(IN void *Object, IN ACCESS_MASK DesiredAccess, OUT PHANDLE ReturnedHandle)
Definition ob.c:318

ObInitialize
void ObInitialize(void)
Definition ob.c:33

ObReferenceObjectByHandle
MTSTATUS ObReferenceObjectByHandle(IN HANDLE Handle, IN uint32_t DesiredAccess, IN POBJECT_TYPE DesiredType, OUT void **Object, _Out_Opt PHANDLE_TABLE_ENTRY HandleInformation)
Definition ob.c:247

ObReferenceObjectByPointer
MTSTATUS ObReferenceObjectByPointer(IN void *Object, IN POBJECT_TYPE DesiredType)
Definition ob.c:200

ObCreateHandleForObjectEx
MTSTATUS ObCreateHandleForObjectEx(IN void *Object, IN ACCESS_MASK DesiredAccess, OUT PHANDLE ReturnedHandle, IN PHANDLE_TABLE ObjectTable)
Definition ob.c:363

ObCreateObjectType
MTSTATUS ObCreateObjectType(IN char *TypeName, IN POBJECT_TYPE_INITIALIZER ObjectTypeInitializer, OUT POBJECT_TYPE *ReturnedObjectType)
Definition ob.c:60

ObDereferenceObject
void ObDereferenceObject(IN void *Object)
Definition ob.c:446

ObpReaperDpc
DPC ObpReaperDpc
Definition ob.c:31

ObReferenceObject
bool ObReferenceObject(IN void *Object)
Definition ob.c:160

ObGlobalLock
SPINLOCK ObGlobalLock
Definition ob.c:27

ObCreateObject
MTSTATUS ObCreateObject(IN POBJECT_TYPE ObjectType, IN uint32_t ObjectSize, OUT void **ObjectCreated)
Definition ob.c:116

ObTypeDirectoryList
DOUBLY_LINKED_LIST ObTypeDirectoryList
Definition ob.c:26

ob.h

POBJECT_TYPE
struct _OBJECT_TYPE * POBJECT_TYPE

Type
POBJECT_TYPE Type
Definition ob.h:5

POBJECT_TYPE_INITIALIZER
struct _OBJECT_TYPE_INITIALIZER * POBJECT_TYPE_INITIALIZER

OBJECT_HEADER_TO_OBJECT
#define OBJECT_HEADER_TO_OBJECT(h)
Definition ob.h:71

POBJECT_HEADER
struct _OBJECT_HEADER * POBJECT_HEADER
Definition ob.h:64

OBJECT_TYPE
struct _OBJECT_TYPE OBJECT_TYPE

OBJECT_TYPE_INITIALIZER
struct _OBJECT_TYPE_INITIALIZER OBJECT_TYPE_INITIALIZER

OBJECT_TO_OBJECT_HEADER
#define OBJECT_TO_OBJECT_HEADER(o)
Definition ob.h:68

MmFreePool
void MmFreePool(IN void *buf)
Definition pool.c:586

MmAllocatePoolWithTag
void * MmAllocatePoolWithTag(IN enum _POOL_TYPE PoolType, IN size_t NumberOfBytes, IN uint32_t Tag)
Definition pool.c:427

ps.h

PsGetCurrentProcess
FORCEINLINE PEPROCESS PsGetCurrentProcess(void)
Definition ps.h:212

MsAcquireSpinlock
void MsAcquireSpinlock(IN PSPINLOCK lock, IN PIRQL OldIrql)
Definition spinlock.c:13

MsReleaseSpinlock
void MsReleaseSpinlock(IN PSPINLOCK lock, IN IRQL OldIrql)
Definition spinlock.c:45

_EPROCESS::ObjectTable
PHANDLE_TABLE ObjectTable
Definition ps.h:114

_HANDLE_TABLE_ENTRY::GrantedAccess
uint32_t GrantedAccess
Definition ht.h:33

_OBJECT_TYPE::TypeList
DOUBLY_LINKED_LIST TypeList
Definition ob.h:48

_OBJECT_TYPE::Name
char Name[32]
Definition ob.h:49

_OBJECT_TYPE::TypeInfo
OBJECT_TYPE_INITIALIZER TypeInfo
Definition ob.h:52