Scribd
Upload
4 views10 pages

Windows Program Execution

Uploaded by

Harshavardhini.K (Harsha)
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
4 views10 pages

Windows Program Execution

Uploaded by

Harshavardhini.K (Harsha)
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 10

Windows Program

Execution
Introduction
• By simply double clicking an executable or typing in a command, the
operating system will magically load and run the application desired
• Operating system loads, executes, and schedules programs is complex
• A Windows executable is nothing more than a well-structured binary
file that resides on a computer’s hard drive
• properly initializes it, and generates a process context that the
executable becomes an actual program.
• Windows application programming interface (API) function call loads
the image.
• eight step Process [ref-by Microsoft Press’
“Windows Internals”]
• Validation of Parameters
• Load Image, Make Decisions
• Creating the Process Object
• Context Initialization
• Windows Subsystem Post Initialization
• Initial Thread … Go!
• Load DLL
• Begin process
• call to NtCreateProcessEx contains a variety
of parameters that the function must verify
before it can attempt to load an executable
image
• Includes scheduling priority of the new
process [how much cpu time] [defaults to the
Normal priority]
• assigns exception-monitoring routines to
handle exceptions that may occur in the
program
• maps the file extension to the appropriate
program using the settings in the registry.
• The program responsible for the .doc
or .xls file runs via the CreateProcess API
functions.
• a few extensions directly (or semidirectly)
• loads the image into a section object that
maps a view of the file into a shared
memory region
 A process is merely a container or an object.
 A process contains the necessary information for the scheduling system of Windows and
the other various Windows subsystems to maintain the context (or state) of one or more
related threads.
 A thread is a self-contained set of executable instructions that interacts with the
operating system and its related resources through the system API.
 A process must contain a minimum of one thread.
 Threads inside the same process can share memory, but processes do not share memory
without using special API calls
 operating system to construct several key data structures such as the Windows EPROCESS
block, the initial memory address space for the executable image, the kernel process block
(KPROCESS), and the program environment block (PEB).
 As part of the EPROCESS initialization, the system gives the process a process identifier
(PID).
 Finally, CreateProcess registers the new process object with the operating system,
initiating a series of internal functions responsible for the management of the new
process.
• To establish the initial thread, CreateThread
passes control to the kernel, which in turn
constructs the necessary thread working
environment.
• The kernel creates the initial thread in a
suspended state, since at this point the thread
contains insufficient resources to operate.
• These insufficiencies include a missing stack and
execution context.
• The kernel uses the execution context when
switching between threads.
• The execution context stores the current state, or
context, of a thread prior to switching to a new
thread.

You might also like