locked
Creating global kernel objects as standard user - possible or not? RRS feed

  • Question

  • From what I've read it seems that an app running as standard user or protected admin can't create global kernel objects.  However a quick experiment seems to indicate that this isn't the case.  What exactly is the deal with global kernel objects?

    #include "stdafx.h"
    #include <Windows.h>

    int _tmain(int argc, _TCHAR* argv[])
    {
       HANDLE hMutex = ::CreateMutex(0, true, L"Global\\TestGlobalObj");
       printf("CreateMutext returned %s\n", hMutex == 0 ? "failed" : "succeeded");

       ::Sleep(2000);

       if (hMutex) ::ReleaseMutex(hMutex);

       return 0;
    }

    Thursday, July 6, 2006 8:46 PM

All replies

  • In my experience, there is no problem with creating Global objects without admin rights, except for named shared memory. The latter can not be created without admin rights under under 2003 in a WTS session (see http://msdn.microsoft.com/library/default.asp?url=/library/en-us/termserv/termserv/kernel_object_namespaces.asp), or under Vista in any non-service session (since only services run in session 0 under Vista). Where was it that you read that "an app running as standard user or protected admin can't create global kernel objects"?
    Wednesday, July 26, 2006 9:24 AM
  • I got that impression from the LuaPredictor logs:

    formatmessage : CreateFileMappingA: Section 'Global\ACME_6556_semShmName' is
                    in restricted namespace (Global\)
    message       : Object opened/created in a restricted namespace.
    parameter3    : 3913ac - Namespace
    parameter2    : 17bd3b8 - Object Name
    parameter1    : 391194 - Object Type
    stackTrace    : stackTrace
    StopCode      : 0x3306
    LayerName     : LuaPriv
    Severity      : Error
    Time          : 2006-05-04 : 17:14:14
    parameter4    : 840 - Object Handle (if available)

    formatmessage : CreateSemaphoreA: Semaphore 'Global\ACME_6556' is in restrict
                    ed namespace (Global\)
    message       : Object opened/created in a restricted namespace.
    parameter3    : 3913ac - Namespace
    parameter2    : 17c9090 - Object Name
    parameter1    : 3911b0 - Object Type
    stackTrace    : stackTrace
    StopCode      : 0x3306
    LayerName     : LuaPriv
    Severity      : Error
    Time          : 2006-05-04 : 17:14:14
    parameter4    : 830 - Object Handle (if available)

    formatmessage : CreateEventA: Event 'Global\__ACME__lockEvent' is in restri
                    cted namespace (Global\)
    message       : Object opened/created in a restricted namespace.
    parameter3    : 3913ac - Namespace
    parameter2    : 17c72a0 - Object Name
    parameter1    : 3911c4 - Object Type
    stackTrace    : stackTrace
    StopCode      : 0x3306
    LayerName     : LuaPriv
    Severity      : Error
    Time          : 2006-05-04 : 17:14:14
    parameter4    : 840 - Object Handle (if available)

    Friday, August 4, 2006 10:11 PM
  • I am trying to run Toad for Oracle under Windows Vista Ultimate SP1, but I got the error message "Can't initialize OCI. Error -1". I strongly believe that this error has something to do with creating Global objects without admin rights.
    Thanks in advance
    Wednesday, July 8, 2009 4:03 PM
  • From what I've read it seems that an app running as standard user or protected admin can't create global kernel objects.  However a quick experiment seems to indicate that this isn't the case.  What exactly is the deal with global kernel objects?

    #include "stdafx.h"
    #include <Windows.h>

    int _tmain(int argc, _TCHAR* argv[])
    {
       HANDLE hMutex = ::CreateMutex(0, true, L"Global\\TestGlobalObj");
       printf("CreateMutext returned %s\n", hMutex == 0 ? "failed" : "succeeded");

       ::Sleep(2000);

       if (hMutex) ::ReleaseMutex(hMutex);

       return 0;
    }


    Hi,

    why do you have "#include" <something>?
    In Kernel´world, the possibility of adding  a *.lib or library files doesn't exists. 

    And the programmer needs to do everything from "scratch".

    Have a nice day...

    Best regards,
    Fisnik  

    Coder24.com
    Thursday, July 9, 2009 6:52 AM