Techwiki:Win32k/ENTRY

From ReactOS Wiki
Jump to: navigation, search

In Win32K land, the handles come from gpentHmgr, and each handle is indexed from it. The resulting structure is called an _ENTRY, and is defined as follows (dumped from win32k.sys symbol file):

struct _ENTRY                    // XP32 Vista64
{
    union _EINFO                 // 0x00 0x00
    {     
        POBJ pobj;
        HGDIOBJ hFree;
    } einfo;
    union _OBJECTOWNER           // 0x04 0x08
    {
        struct _OBJECTOWNER_S
        {
            unsigned Lock:1;
            unsigned Pid_Shifted:31;
        } Share;
        ULONG ulObj;
    } ObjectOwner;
    USHORT FullUnique;           // 0x08 0x0c
    UCHAR Objt;                  // 0x0a 0x0e
    UCHAR Flags;                 // 0x0b 0x0f
    PVOID pUser;                 // 0x0c 0x10
};

pobj

The pointer to a _BASEOBJECT is known as a POBJ.

hFree'

If the slot is deleted, it stores the handle (or rather the index) of the next free slot in the list.

Lock

Set for objects that have an exclusive lock.

Shifted

Shifted (by 1 to the right) Process Id of the process that owns the objects. 0 For kernel handles. Can have the highest bit set for some special objects, like saved DCs.

FullUnique

Identical to the upper 16 bits of the handle.

Objt

The type of object. 0 for deleted objects.
typedef enum GDIObjType
{
    GDIObjType_DEF_TYPE = 0x00,
    GDIObjType_DC_TYPE = 0x01,
    GDIObjType_UNUSED1_TYPE = 0x02,
    GDIObjType_UNUSED2_TYPE = 0x03,
    GDIObjType_RGN_TYPE = 0x04,
    GDIObjType_SURF_TYPE = 0x05,
    GDIObjType_CLIENTOBJ_TYPE = 0x06,
    GDIObjType_PATH_TYPE = 0x07,
    GDIObjType_PAL_TYPE = 0x08,
    GDIObjType_ICMLCS_TYPE = 0x09,
    GDIObjType_LFONT_TYPE = 0x0a,
    GDIObjType_RFONT_TYPE = 0x0b,
    GDIObjType_PFE_TYPE = 0x0c,
    GDIObjType_PFT_TYPE = 0x0d,
    GDIObjType_ICMCXF_TYPE = 0x0e,
    GDIObjType_SPRITE_TYPE = 0x0f,
    GDIObjType_BRUSH_TYPE = 0x10,
    GDIObjType_UMPD_TYPE = 0x11,
    GDIObjType_UNUSED4_TYPE = 0x12,
    GDIObjType_SPACE_TYPE = 0x13,
    GDIObjType_UNUSED5_TYPE = 0x14,
    GDIObjType_META_TYPE = 0x15,
    GDIObjType_EFSTATE_TYPE = 0x16,
    GDIObjType_BMFD_TYPE = 0x17,
    GDIObjType_VTFD_TYPE = 0x18,
    GDIObjType_TTFD_TYPE = 0x19,
    GDIObjType_RC_TYPE = 0x1a,
    GDIObjType_TEMP_TYPE = 0x1b,
    GDIObjType_DRVOBJ_TYPE = 0x1c,
    GDIObjType_DCIOBJ_TYPE = 0x1d,
    GDIObjType_SPOOL_TYPE = 0x1e,
    GDIObjType_MAX_TYPE = 0x1e,
    GDIObjTypeTotal = 0x1f,
} GDIOBJTYPE, *PGDIOBJTYPE;

Flags

0x01 is set for several different kernel objects
0x04 is set for DCs got with GetDC(), also found a kernel DC (Display DC?)