tags:

views:

118

answers:

3
Q: 

"Lock on the Kernel Object" on windows can make the entire system unresponsive?

There's this WIN32 process, which someone says:

The servide takes a lock on the kernel object and does not release. After a while the machine becomes irresponsive and has to restarted. Restanting only the service won't fix the issue.

According to my knowledge applications were not supposed to be able to crash the entire system in windows. Does anyone know if such an indecent behavior (taking a lock on the kernel object and not releasing it) can indeed crash the OS? If so why don't we see this more in malicious software?

Some clarifications: This is not a device driver. Any amiguity left in the reponse is also ambiguous to me. Please elaborate on the cases you can think of.

+1  A: 

This depends on what type of application it is. Some applications install and use kernel drivers as part of their usage. A kernel driver has the most low level access possible in the system and is capable of crashing or hanging the system. If the process uses a kernel driver, and the description alludes to this, then yes it can crash / hang the system.

I believe Windows Vista started limiting the amount of damage a kernel driver can accidentally do (graphics drivers especially). But intentionally, you can still cause lots of problems.

JaredPar  2009-06-17 02:40:48
This is not a device driver. Just your average service.
David Reis  2009-06-17 16:43:38
+1  A: 

This doesn't mean anything. There is no "kernel object" in NT, and any lock you could possibly take would be released if the service were restarted.

Paul Betts  2009-06-17 16:48:39
If this is correct it's the kind of answer I'm looking for, one that uncovers the BS in the statement (or which proves it feasible, wherever the case is)...
David Reis  2009-06-18 15:44:10
Disagree. The snippet is taken out of context. There's no such thing as "The service" either. But if the context made it clear which service and which kernel object we're talking about, then this sentence makes perfect sense.
MSalters  2009-06-24 14:33:46
A: 

Depending on which precise kernel object they mean, and which service, this may very well be true. See for instance Raymond Chen on Loader Lock, a kernel lock which applications can monopolize. Restarting the service will then become a problem because the very unload of that service will require the loader lock, too.

MSalters  2009-06-24 14:37:39
The Loader lock is per-process and isn't in kernel mode, it's created and maintained by ntdll.
Paul Betts  2009-06-24 17:13:13

related questions

How to read a value from the Windows registry
CreateProcessAsUser vs ShellExecute
How do you configure an OpenFileDIalog to select folders?
Is there anything similar to the OS X InputManager on Windows?
So what am I missing with this here WPF?
How to convert std::string to LPCWSTR in C++ (Unicode)
Notification of drop in drag-drop in Windows
Find out which process has an exclusive lock on a USB device handle
What's an alternative to GWL_USERDATA for storing an object pointer?
FlashWindowEx FLASHW_STOP still keeps taskbar colored
Getting UI text from external app in C#
Sending a mouse click to a button in the taskbar using C#
Suitable alternative to CryptEncrypt
Is FindFirstChangeNotification the best API to use for file system change notification on windows?
What is the easiest way to parse an INI File in C++?
_wfopen equivalent under Mac OS X
Validating a Win32 Window Handle
Get list of domains on the network
Does it still make sense to learn low level WinAPI programming?
How do you create your own moniker (URL Protocol) on Windows systems?
Where is a good place to start programming GUIs for windows?
Bringing Window to the Front in C# using Win32 API
How can you tell when a user last pressed a key (or moved the mouse)?
Can a windows dll retrieve its own filename?
Wiggling the mouse using C#