2.13. Object Manager – Kernel objects

The ObjectManager instance is accessible via windows.system.object_manager

Note

See sample at Object manager

Warning

This API have not been tested on real cases yet and may be subject to changes.

2.13.1. ObjectManager

class windows.winobject.object_manager.ObjectManager[source]

Represent the object manager.

Note

For now, it only offers the root KernelObject. But I want a manager object accessible from windows.system just like other API and not directly the root directory.

__getitem__(name)[source]

Query name from the root \ directory:

object_manager["RPC Control"]["lsasspirpc"]
object_manager[r"\RPC Control\lsasspirpc"]
Return type:KernelObject
root

The root \ Directory

Type:KernelObject – The root KernelObject

2.13.2. KernelObject

class windows.winobject.object_manager.KernelObject(path, name, type=None)[source]

Represent an object in the Object Manager namespace

__getitem__(name)[source]

Query object name from the directory, split and subquery on \:

>>> obj
<KernelObject "\Windows" (type="Directory")>
>>> obj["WindowStations"]["WinSta0"]
<KernelObject "\Windows\WindowStations" (type="Directory")>
>>> obj["WindowStations\WinSta0"]
<KernelObject "\Windows\WindowStations" (type="Directory")>
Return type:KernelObject
Raise:KeyError if name can not be found.
__iter__()[source]

Iter over the list of name in the Directory object.

Yield:str – The names of objects in the directory.

Note

the KernelObject must be of type Directory or it will raise NtStatusException with code STATUS_OBJECT_TYPE_MISMATCH

get(name)[source]

Retrieve the object name in the current directory.

Return type:KernelObject
items()[source]

Return the list of tuple (object’s name, object) in the current directory object.

Return type:[(str, KernelObject)] – A list of tuple

Note

the KernelObject must be of type Directory or it will raise NtStatusException with code STATUS_OBJECT_TYPE_MISMATCH

keys()[source]

Return the list of objects’ name in the current directory object.

Return type:[str] – A list of name

Note

the KernelObject must be of type Directory or it will raise NtStatusException with code STATUS_OBJECT_TYPE_MISMATCH

target

Resolve the target of a symbolic link object.

Return type:str or None if object is not a link
values()[source]

Return the list of objects in the current directory object.

Return type:[KernelObject] – A list of object

Note

the KernelObject must be of type Directory or it will raise NtStatusException with code STATUS_OBJECT_TYPE_MISMATCH