Where are GUI handles managed?

Question

As I understand from windows internals, handles of executive objects are not managed by the same entity as handles you get from functions like CreateWindow() or LoadCursor() and such.

What dll/sys is responsible for these ones returned by functions from user32.dll? Is there some program like WinObj for this kind of handles?

I would be happy even for some keywords to google, havent had any luck on keywords tagged on this question.

Answer 1

win32k.sys is responsible for handling USER and GDI requests.

The win32k driver is a critical component in the graphics stack exporting more than 600 functions. It extends the System Service Descriptor Table (SSDT) with another table called _W32pServiceTable. This driver is not as big as the main kernel module (ntoskrnl.exe) but its interaction with the user-mode is just as important. The service table for win32k contains less than 300 functions depending on the version of Windows. The win32k driver commonly transfers control to user-mode with a user-mode callback system. The interface between user-mode modules and kernel-mode drivers has been built in order to facilitate window creation and management.

Detailed information: http://mista.nu/research/mandt-win32k-paper.pdf