Revision as of 11:50, 20 April 2008

Usermode GDI Objects

Usermode objects are the objects that can be accessed via handles from usermode. The pool tags either begin with Gh or Gla. If the tag begins with Gla it means the objects are allocated from a paged lookaside list, if the tag is Gh they are allocated from paged pool. The object type is stored in bits 17-24 of the handle and in bits 0-7 of the type filed in the handle table entry. Bits 17-24 of the type field are the same in most cases. They are the type masked with 0x1f or 11111 binary. A pen for example has a value of 0x30 in bits 0-7 and a value of 0x10 in bits 17-24. 0x10 is a brush and that's the structure it is stored in. So bits 17-24 describe the basic type. The following list shows all basic types as described in Feng Yuan's book. If there's a pool tag, I have found them in win xp. DX objects seem to be handled differently on xp. Looks like they have completely different types and are not even stored in the general gdi handle table. I still put them here. Their pool tags are taken from 5) I didn't find them in xp yet.

All GDI objects from the handle table have a header: BASEOBJECT

Type id	Type	kmode struct	umode struct	pool tag
0x00	Deleted
0x01	DC (EMF)	DCOBJ	DC_ATTR	'Gla1'
0x02	unused	-	-	-
0x03	unused	-	?	-
0x04	REGION	ROSRGNDATA	?	'Gla4'
0x05	BITMAP	SURFACE	-	'Gla5'
0x06	CLIENTOBJ (METAFILE, ENHMETAFILE, METADC)	?	?	'Gh06'
0x07	PATH	?	?	'Gh07'
0x08	PALETTE	PALETTE	-	'Gla8','Gh08'
0x09	COLORSPACE	?	?	'Gh09'
0x0a	FONT	TEXTOBJ (LFONT)	?	'Gla:'
0x0b	RFONT	RFONT	-
0x0c	PFE	PPFE	-	'Gh0<'
0x0d	PFT	?	?
0x0e	ICMCXF	?	?
0x0f	SPRITE	?	?
0x10	BRUSH (PEN, EXTPEN)	?	?	'Gla@'
0x11	UMPD	?	?
0x12	unused (move to dxg.sys internal gdi table, it is DirectDrawObject handle)	-	-
0x13	SPACE	?	?
0x14	unused	-	-
0x15	META	?	?
0x16	EFSTATE	EFSTATE	-	'Gh0F'
0x17	BMFD	?	?
0x18	VTFD	?	?
0x19	TTFD	?	?
0x1a	RC	?	?
0x1b	TEMP	?	?
0x1c	DRVOBJ	?	?
0x1d	DCIOBJ	?	?
0x1e	SPOOL	?	?

Deleted Objects

[XP] Deleted Objects have a value of 0 in the base type field. Windows keeps track of deleted objects with a singly linked list inside the gdi handle table. The kernel mode pointer is replaced by an index to the next deleted object in the handle table. The last (in terms of time) deleted object has a kernel mode pointer of 0. This entry must not always be the deleted object with the hightest index. So windows must somehow store the index of the first deleted object and also of the first free index. The usermode pointer and the ProcessID field are 0, the rest of the type field is still the same as before the object got deleted. See 2)

Kernel Mode GDI Objects

Kernel mode objects are used in kernel mode only and can be used by display/printer drivers. They are accessed via pointers instead of handles. They normally have a documented structure, wich has only the public members. The real structure behind the objects is mostly undocumented. The real structures often have names like the documented structure with a preceeding E, like EPALOBJ

BRUSHOBJ (EBRUSHOBJ)
CLIPOBJ
FLOATOBJ
FONTOBJ (RFONT 1))
PALOBJ (EPALOBJ, 1), 3))
PATHOBJ (EPATHOBJ, 4))
PFE, 'Gpfe'
PFF, 'Gpff'
STROBJ (ESTROBJ)
SURFOBJ (SURFACE, 1))
WNDOBJ
XFORMOBJ (EXFORMOBJ)
XLATEOBJ (EXLATEOBJ)

@@ Line 99: / Line 99: @@
 = Notes =
-Windows xp dxg.sys will request lock on
 = References =
 * 1) [http://www.amazon.com/Windows-Graphics-Programming-DirectDraw-CD-ROM/dp/0130869856/ref=pd_bbs_1/104-2440366-2802368?ie=UTF8&s=books&qid=1191706161&sr=8-1 Feng Yuan - Windows Graphics Programming: Win32 GDI and DirectDraw]

Difference between revisions of "Techwiki:Win32k/gdiobjects"

Revision as of 11:50, 20 April 2008

Contents

Usermode GDI Objects

Deleted Objects

Kernel Mode GDI Objects

Notes

References

Navigation menu

Personal tools

Namespaces

Variants

Views

More

Search

Navigation

Tools