Modern Operating System Kernals – Process Map

Modern Operating System Kernels

 

  • Windows API is used to call the services provided by Windows
  • API is categorized as
    • Base Services
    • Component Services
    • User Interface Services
    • Graphics and Multimedia
    • Messaging and Collaboration
    • Networking
    • Web Services
  • Documented Callable Routines Eg: CreateProcess, GetMessage
  • UnDocumented Callable Routines
    Eg: NtCreateProcess – a native process called by CreateProcess
  • Kernal Routines (not called from usermode..only kernel mode process can call)
    Eg: ExAllocatePool
  • Windows Process Components
    • Virtual Address Space (Private)
    • Executable Instructions
    • Open Handles to
      • Files
      • Semaphores, Mutex
      • Ports
    • Access Token – Identifies Security Context which identify
      • Users, Security Privileges, User Access Control State, Sessions, admin / limited
    • Process ID
    • Atleast one Thread
      Thread Components – also called Thread Context
      • CPU Registers
      • A Stack while executing in Kernel Mode
      • A Stack while executing in User Mode
      • Thread Local Storage (TLS) – used by DLLs, subsystems
      • Thread ID
  • Thread Context is Arch Specific – GetThreadContext
  • All threads of a process shares Virtual Address Space. Hence every thread can read and write contents of other threads memory.
  • a process is an instance of the process object type
    a file is an instance of the file object type
Advertisements

About wikihead

A security freak
This entry was posted in Notes, OS Internals and tagged , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s