1 / 38

Job Object

Job Object. Yen-Chin Chen 965202011. Outline. Job Object Introduction Windows functions to create and manipulate job objects CPU-related and memory-related limits you can specify for a job Conclusion Experiment. Outline. Job Object Introduction

calder
Download Presentation

Job Object

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Job Object Yen-Chin Chen 965202011

  2. Outline Job Object Introduction Windows functions to create and manipulate job objects CPU-related and memory-related limits you can specify for a job Conclusion Experiment

  3. Outline Job Object Introduction Windows functions to create and manipulate job objects CPU-related and memory-related limits you can specify for a job Conclusion Experiment

  4. Job Object In this slides, Job Process Thread ,this 3 colors will be used to enhance your reading • A job object is a • nameable, • securable, • shareable kernel object that allows control of one or more processes as a group. • A job object’s basic function is to allow groups of processes to be managedand manipulated as a unit. • A process can be a member of only one job object.

  5. Job Object • By default, • Its association with the job object can’t be broken • All processes created by the process and its descendents are associated with the same job object as well. • The job object also records basic accounting information for all processes associated with the job and for all processes that were associated with the job but have since terminated.

  6. Outline Job Object Introduction Windows functions to create and manipulate job objects CPU-related and memory-related limits you can specify for a job Conclusion Experiment

  7. Windows functions to create and manipulate job objects.

  8. Outline Job Object Introduction Windows functions to create and manipulate job objects CPU-related and memory-related limits you can specify for a job Conclusion Experiment

  9. CPU-related and memory-related limits you can specify for a job • Maximum number of active processes • Limits the number of concurrently existing processes in the job. • Jobwide user-mode CPU time • Limit Limits the maximum amount of user-mode CPU timethat the processes in the job can consume(including processes that have run and exited). • Once this limit is reached, by default all the processes in the job will be terminated with an error code and no new processes can be created in the job(unless the limit is reset). • The job object is signaled, so any threads waiting for the job will be released. You can change this default behavior with a call to EndOfJobTimeAction.

  10. CPU-related and memory-related limits you can specify for a job • Per-process user-mode CPU time limit • Allows each process in the job to accumulate only a fixed maximum amount of user-mode CPU time. When the maximum is reached, the process terminates (with no chance to clean up). • Job scheduling class • Sets the length of the time slice (or quantum) for threadsin processes in the job. This setting applies only to systems running with long, fixed quantums (the default for Windows Server systems). The value of the job-scheduling class determines the quantum as shown here

  11. (Cont’) Job-scheduling classdetermines the quantum

  12. CPU-related and memory-related limits you can specify for a job • Job processor affinity (Multi-Processor) • Sets the processor affinity mask for each process in the job. (Individual threadscan alter their affinity to any subset of the job affinity, but processes can’t alter their process affinity setting.) • Job process priority class • Sets the priority class for each process in the job. Threads can’t increase their priority relative to the class (as they normally can). Attempts to increase thread priority are ignored. • (No error is returned on calls to SetThreadPriority (winnt.h, winbase.h, page. 329 from book), but the increase doesn’t occur.) • SetThreadPriority(GetCurrentThread(),THREAD_PRIORITY_NORMAL);

  13. CPU-related and memory-related limits you can specify for a job • Default working set minimum and maximum • Defines the specifiedworking set minimum and maximum for each process in the job. (This setting isn’t jobwide—each process has its own working setwith the same minimum and maximum values.) • Process and job committed virtual memory limit • Defines the maximum amount of virtual address space that can be committed by either a single process or the entire job.

  14. CPU-related and memory-related limits you can specify for a job • Jobs can also be set to queue an entry to an I/O completion port object, which other threads might be waiting for, with the Windows GetQueuedCompletionStatus function. • You can also place security limits on processes in a job. • You can set a job so that each process runs under the same jobwide access token. You can then create a job to restrict processes from impersonating(模仿) or creating processes that have access tokens that contain the local administrator’s group.

  15. Access Token • An access token is as an object encapsulating the security descriptor of a process • Attached to a process, a security descriptor identifies the owner of the object (in this case, the process) • An access tokenis an object that describes the security contextof a process or thread. The information in a token includes the identity and privileges of the user account associated with the process or thread. • Ref : http://msdn.microsoft.com/en-us/library/aa374909.aspx

  16. Impersonation Token If you want to get more details, please read chapter 8 : security of Windows Internal • Impersonation is a security concept unique to Windows NT, that allows a server application to temporarily "be" the client in terms of access to secure objects. • Impersonation has three possible levels: identification, letting the server inspect the client's identity, impersonation, letting the server act on behalf of the client, and delegation, same as impersonation but extended to remote systems to which the server connects (through the preservation of credentials). • Ref : http://en.wikipedia.org/wiki/Token_(Windows_NT_architecture)

  17. CPU-related and memory-related limits you can specify for a job • You can also place user-interface limits on processes in a job. • Such limits include being able to Restrictprocesses from opening handles to windows owned by threads outside the job, reading and/or writing to the clipboard, and changing the many user-interface system parameters via the Windows SystemParametersInfo function.

  18. CPU-related and memory-related limits you can specify for a job • X-Windows 2000 Datacenter Server has a tool called the Process Control Manager that allows an administrator to define job objects, the various quotas and limits that can be specified for a job, and which processes, if run, should be added to the job. A service component monitors process activity and adds the specified processes to the jobs. Note that this tool is no longer shipped with Windows Server 2003 Datacenter Edition, but will remain on the system if a Windows 2000 Datacenter Server is upgraded to Windows Server 2003 Datacenter Edition.

  19. SetInformationJobObject Function • BOOL WINAPI SetInformationJobObject ( __in HANDLE hJob, //retrun from //CreateJobObject/OpenJobObject __in JOBOBJECTINFOCLASS JobObjectInfoClass, __in LPVOID lpJobObjectInfo, __in DWORD cbJobObjectInfoLength ); • __in : Means Input

  20. JOBOBJECTINFOCLASS JobObjectInfoClass • typedefenum _JOBOBJECTINFOCLASS { JobObjectBasicAccountingInformation = 1, JobObjectBasicLimitInformation,=>2 JobObjectBasicProcessIdList, JobObjectBasicUIRestrictions, JobObjectSecurityLimitInformation, JobObjectEndOfJobTimeInformation, JobObjectAssociateCompletionPortInformation, JobObjectBasicAndIoAccountingInformation, JobObjectExtendedLimitInformation, JobObjectJobSetInformation, MaxJobObjectInfoClass } JOBOBJECTINFOCLASS;

  21. LPVOID lpJobObjectInfo • LPVOID lpJobObjectInfo • typedef struct _JOBOBJECT_BASIC_LIMIT_INFORMATION {LARGE_INTEGER PerProcessUserTimeLimit;LARGE_INTEGER PerJobUserTimeLimit;DWORD LimitFlags;SIZE_T MinimumWorkingSetSize;SIZE_T MaximumWorkingSetSize;DWORD ActiveProcessLimit;ULONG_PTR Affinity;DWORD PriorityClass;DWORD SchedulingClass; } JOBOBJECT_BASIC_LIMIT_INFORMATION, *PJOBOBJECT_BASIC_LIMIT_INFORMATION; So, how to set the Affinity Mask? I introduce what is ULONG_PTR type first.

  22. ULONG_PTR A ULONG_PTR is an unsigned long type used for pointer precision. It is used when casting a pointer to a long type to perform pointer arithmetic. • Note  In a 64-bit environment (indicated below by a TRUE value for _WIN64), the ULONG_PTR MUST be defined as an unsigned __int64, not as a ULONG.

  23. ULONG_PTR • #ifdef _WIN64 • typedef __int64 ULONG_PTR; • #else typedef • ULONG ULONG_PTR; #endif • Ref : http://msdn.microsoft.com/en-us/library/cc230394.aspx

  24. Processor Affinity If not a Hyperthreding system setting, 32-bit : 00000000000000000000000000000111 , means CPU 0,1 and 2 threads could run on and alter between them. So just using ‘|’ , ’&’ , (or/and) bit-operator to set Affinity Mask. public void SetProcessAffinityToPhysicalCPUForHyperthreadOnly(int processid) {int res;int hProcess;int ProcAffinityMask = 0, SysAffinityMask = 0; hProcess = OpenProcess(PROCESS_ALL_ACCESS, 0, processid); res = GetProcessAffinityMask(hProcess, ref ProcAffinityMask, ref SysAffinityMask); if (SysAffinityMask == 3) // 1 proc, 2 logical CPUs res = SetProcessAffinityMask(hProcess, 1);else if (SysAffinityMask == 15) //dual proc, 4 virtual CPUs res = SetProcessAffinityMask(hProcess, 3); res = CloseHandle(hProcess); } Ref : http://msdn.microsoft.com/en-us/library/ms686223(VS.85).aspx

  25. Processor Affinity • BOOL WINAPI • SetProcessAffinityMask • ( __in HANDLE hProcess, • __in DWORD_PTR dwProcessAffinityMask ); • dwProcessAffinityMask [in] The affinity mask for the threads of the process.

  26. Processor Affinity • DWORD_PTR WINAPI SetThreadAffinityMask ( __in HANDLE hThread, __in DWORD_PTR dwThreadAffinityMask ); • dwThreadAffinityMask [in] The affinity mask for the thread. • A thread affinity mask is a bit vector in which each bit represents the processors that a thread is allowed to run on. • A thread affinity mask must be a subset of the process affinity mask for the containing process of a thread. • A thread can only run on the processors its process can run on.

  27. Outline Job Object Introduction Windows functions to create and manipulate job objects CPU-related and memory-related limits you can specify for a job Conclusion Experiment

  28. Conclusion • In this chapter, we’ve examined the structure of processes and threads and jobs, seen how they are created, and looked at how Windows decides which threads should run and for how long. • Many references in this chapter are to topics related to memory management. Because threads run inside processes and processes in large part define an address space, the next logical topic is how Windows performs virtual and physical memory management—the subjects of Chapter 7.

  29. Book : Windows Internal • Ref : Book page from 369~374

  30. Outline Job Object Introduction Windows functions to create and manipulate job objects CPU-related and memory-related limits you can specify for a job Conclusion Experiment

  31. EXPERIMENT: • Viewing the Job Object using • Process Explorer • Windows Kernel Debugger

  32. Process Explorer • Type this command to create a job and a cmd process in this job • /user:MachineName\Administrator Name • If you want to create other processes in the same job, you need execute them in cmd process by runas shown in next slide

  33. Process Explorer

  34. Process Explorer Double Click cmd.exe row , then a dialog will jump out, and processes in the same job will show the same color.

  35. Process Explorer

  36. Windows Kernel Debugger • Before above, You must install Windows Symbols from http://www.microsoft.com/whdc/devtools/debugging/symbolpkg.mspx#d

  37. Windows Kernel Debugger Find out cmd process by runas command Then, search for that cmd process, you’ll see handle of the job :82245cd0 To See all the Processes in O.S.

  38. Thanks for your Attention ^_^

More Related