2.13. Object Manager – Kernel objects

The ObjectManager instance is accessible via windows.system.object_manager

Note

See sample at Object manager

2.13.1. ObjectManager

class windows.winobject.object_manager.ObjectManager

Represent the object manager.

__getitem__(name)

Query name from the root \ directory:

object_manager["RPC Control"]["lsasspirpc"]
object_manager[r"\RPC Control\lsasspirpc"]

Return type:

KernelObject

property root

The root \ Directory

Type:

KernelObject – The root KernelObject

2.13.2. KernelObject

class windows.winobject.object_manager.KernelObject(path, name, type=None)

Represent an object in the Object Manager namespace

__getitem__(name)

Query object name from the directory, split and subquery on \:

>>> obj
<KernelObject "\Windows" (type="Directory")>
>>> obj["WindowStations"]["WinSta0"]
<KernelObject "\Windows\WindowStations" (type="Directory")>
>>> obj["WindowStations\WinSta0"]
<KernelObject "\Windows\WindowStations" (type="Directory")>

Return type:

KernelObject

Raise:

KeyError if name can not be found.

__iter__()

Iter over the list of name in the Directory object.

Yield:

str – The names of objects in the directory.

Note

the KernelObject must be of type Directory or it will raise NtStatusException with code STATUS_OBJECT_TYPE_MISMATCH

get(name)

Retrieve the object name in the current directory.

Return type:

KernelObject

items()

Return the list of tuple (object’s name, object) in the current directory object.

Return type:

[(str, KernelObject)] – A list of tuple

Note

the KernelObject must be of type Directory or it will raise NtStatusException with code STATUS_OBJECT_TYPE_MISMATCH

keys()

Return the list of objects’ name in the current directory object.

Return type:

[str] – A list of name

Note

the KernelObject must be of type Directory or it will raise NtStatusException with code STATUS_OBJECT_TYPE_MISMATCH

property target

Resolve the target of a symbolic link object.

Return type:

str or None if object is not a link

values()

Return the list of objects in the current directory object.

Return type:

[KernelObject] – A list of object

Note

the KernelObject must be of type Directory or it will raise NtStatusException with code STATUS_OBJECT_TYPE_MISMATCH