As I understand from windows internals, handles of executive objects are not managed by the same entity as handles you get from functions like CreateWindow() or LoadCursor() and such.
What dll/sys is responsible for these ones returned by functions from user32.dll? Is there some program like WinObj for this kind of handles?
I would be happy even for some keywords to google, havent had any luck on keywords tagged on this question.
win32k.sys is responsible for handling USER and GDI requests.
The win32k driver is a critical component in the graphics stack exporting more than 600 functions. It extends the System Service Descriptor Table (SSDT) with another table called _W32pServiceTable. This driver is not as big as the main kernel module (ntoskrnl.exe) but its interaction with the user-mode is just as important. The service table for win32k contains less than 300 functions depending on the version of Windows. The win32k driver commonly transfers control to user-mode with a user-mode callback system. The interface between user-mode modules and kernel-mode drivers has been built in order to facilitate window creation and management.
Detailed information: http://mista.nu/research/mandt-win32k-paper.pdf
