I have a lot of my issues resolved here, thank you guys. And I would like to ask for one more. :)
I read about <Windows via C / C ++>, he said:
When we want to access an existing kernel object (rather than create a new one), we must specify the operations that we intend to perform on the object. If we are allowed access with such operations, a handle to the kernel object is returned.
... if the returned descriptor is used to call an API that requires a different right from your request, an access error occurs.
AFAIK, the descriptor is just a prime integer, it's just an index in the process descriptor table, nothing else can provide the value of the descriptor. If we already received a handle to a kernel object, how could the system detect that we are using it for other operations, than we requested?
A kernel object can have more than one descriptor, and the owners of these descriptors can have different types of access. Where does the system store this various access type data? I think it should be in the process table.
Suppose that I am trying to open a single kernel object with two different access types, 2 descriptors of the same kernel object should be returned and, therefore, 2 entries will be indicated in the process descriptor table, pointing to the same kernel object.
Any insight will be deeply appreciated.
Update 1
Thanks guys.
< Windows Internals > 5- , Ch 6. :
Windows , , , , , , . SRM , , , , ( ) . 3, menager , .
, , .
.