FS_Sys_Objects
The directory sys/objects exists as a sub-directory to the file system root.
The directory and its sub-directories contains information about named objects by the windows kernel object manager.
The files in the sys/objects directory are listed in the table below:
| File | Description |
|---|---|
| objects.txt | Summary information about all objects. |
| ROOT/ | Global Kernel Object Manager Root. |
Files in the sys/objects directory and sub-directories are read-only.
The file objects.txt contains summary information about the named objects. The meaning of the different columns are as follows:
# Object Address Type Description
-----------------------------------------------
0000 ffffbc0793417c40 Directory \
0001 ffffbc0793416530 SymbolicLink \\DosDevices [\??]
0002 ffffbc0793416830 Directory \\ObjectTypes
0003 ffffbc07934179c0 Directory \\KernelObjects
0004 ffffbc079341b060 Directory \\GLOBAL??
0005 ffffbc079341b6d0 Directory \\Security
0006 ffffbc079341d060 Directory \\Callback
0007 ffffbc07934204e0 SymbolicLink \\SystemRoot [\Device\BootDevice\Windows\]
0008 ffffbc0793420570 Directory \\Device
...
The example shows the global kernel object hierarchy made available as a file system under the sys/objects directory. It shows the object summary information as the file objects.txt and the specific object and header of the driver ad_driver.
The sys/objects sub-directory is implemented as a built-in native C-code plugin. The plugin source is located in the file modules/m_sys_obj.c in the vmm project.