1 / 30

Lecture 7 Processes, Threads, and Jobs (1)

Lecture 7 Processes, Threads, and Jobs (1). xlanchen@04/01/2005. Contents. The internal structures of process How to create a process The internal structures of thread How to create a thread Thread Scheduling Job Objects. Process structures. Kernel data structures

damian
Download Presentation

Lecture 7 Processes, Threads, and Jobs (1)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Lecture 7 Processes, Threads, and Jobs (1) xlanchen@04/01/2005

  2. Contents • The internal structures of process • How to create a process • The internal structures of thread • How to create a thread • Thread Scheduling • Job Objects Understanding the Inside of Windows2000

  3. Process structures • Kernel data structures • KPROCESS (knl - per process) • EPROCESS (executive - per process) • KTHREAD (knl – per thread) • ETHREAD (executive – per thread) • WIN32K.SYS (knl – one struct per USER/GDI thread) • Subsystem data structures • CSRSS (Win32 subsystem – per user thread) • User mode data structures • Process Environment Block (one per process) • TEB (one per thread) Understanding the Inside of Windows2000

  4. A simplified diagram Understanding the Inside of Windows2000

  5. EPROCESS Understanding the Inside of Windows2000

  6. EXPERIMENT • Displaying the Format of an EPROCESS Block Understanding the Inside of Windows2000

  7. KPROCESS Understanding the Inside of Windows2000

  8. PEB Understanding the Inside of Windows2000

  9. EXPERIMENT • Examining the PEB Understanding the Inside of Windows2000

  10. PsActiveProcessHead PsIdleProcess PsInitialSystemProcess PspCreateProcessNotifyRoutine PspCreateProcessNotifyRoutineCount PspLoadImageNotifyRoutine PspLoadImageNotifyRoutineCount PspCidTable Kernel Variables Related to Process Understanding the Inside of Windows2000

  11. Performance Counters • With these counters • track the processes running on your system; • retrieve these counters programmatically or view them with the Performance tool. • Process-Related Performance Counters • Privileged Time • Processor Time • User Time • Elapsed Time • ID Process • Creating Process ID • Thread Count • Handle Count Understanding the Inside of Windows2000

  12. Functions • CreateProcess /CreateProcessAsUser /CreateProcessWithLogonW • OpenProcess • ExitProcess /TerminateProcess • FlushInstructionCache • GetProcessTimes /GetExitCodeProcess /GetCommandLine • GetCurrentProcessId /GetProcessVersion • GetStartupInfo • GetEnvironmentStrings /GetEnvironmentVariable • Get/SetProcessShutdownParameters • GetGuiResources Understanding the Inside of Windows2000

  13. EXPERIMENT • Viewing Process Information with Task Manager Understanding the Inside of Windows2000

  14. EXPERIMENT • Viewing the Process Tree Understanding the Inside of Windows2000

  15. EXPERIMENT • Viewing Thread Activity with QuickSlice Understanding the Inside of Windows2000

  16. EXPERIMENT • Viewing Process Details with Process Viewer Understanding the Inside of Windows2000

  17. EXPERIMENT • Using the Kernel Debugger !process Command Understanding the Inside of Windows2000

  18. Creating a Win32 process • CreateProcess • CreateProcessAsUser • CreateProcessWithLogonW • Three parts of the OS are involved: • Kernel32.dll • Executive • Subsystem process (Csrss) Kernel32.dll Csrss executive Understanding the Inside of Windows2000

  19. Main stages of CreateProcess • Open the image file (.exe) to be executed inside the process. • Create the 2K executive process object. • Create the initial thread (stack, context, and 2K executive thread object). • Notify the Win32 subsystem of the new process so that it can set up for the new process and thread. • Start execution of the initial thread (unless the CREATE_SUSPENDED flag was specified). • In the context of the new process and thread, complete the initialization of the address space (such as load required DLLs) and begin execution of the program. Understanding the Inside of Windows2000

  20. The main stages of process creation Understanding the Inside of Windows2000

  21. Some notes • CreationFlags  the priority class • Priority class • Normal (default) • Real-time • Below Normal • Idle • … • Desktop Understanding the Inside of Windows2000

  22. Stage 1: • Opening the Image to Be Executed • The executable file  the appropriate Win32 image • Mapped into a section object of the new process Understanding the Inside of Windows2000

  23. Choosing a Win32 image Understanding the Inside of Windows2000

  24. Decision Tree for Stage 1 Understanding the Inside of Windows2000

  25. Stage 2 • Creating the Windows 2000 Executive Process Object • NtCreateProcess • Setting up the EPROCESS block • Creating the initial process address space • Creating the kernel process block • Concluding the setup of the process address space • Setting up the PEB • Completing the setup of the executive process object Understanding the Inside of Windows2000

  26. Stage 3: • KiInitializeContextThread • Creating the Initial Thread and Its Stack and Context • Stack • Size • Context • NtCreateThreadinitial thread • Suspended state Understanding the Inside of Windows2000

  27. Stage 4: • Notifying the Win32 Subsystem About the New Process • Kernel32.dll sends a message to the Win32 subsystem • Process and thread handles • Entries in the creation flags • ID of the process's creator • Flag indicating whether the process belongs to a Win32 application (so that Csrss can determine whether or not to show the startup cursor) Understanding the Inside of Windows2000

  28. Upon receiving the message, the Win32 subsystem • set up for the new process and thread • Allocate Csrss process/thread block Understanding the Inside of Windows2000

  29. Stage 5: • Starting Execution of the Initial Thread • the initial thread is now resumed Understanding the Inside of Windows2000

  30. Stage 6: • Performing Process Initialization in the Context of the New Process • KiThreadStartup Understanding the Inside of Windows2000

More Related