Đang chuẩn bị nút TẢI XUỐNG, xin hãy chờ
Tải xuống
Windows Internals covering windows server 2008 and windows vista- P9: In this chapter, we’ll introduce the key Microsoft Windows operating system concepts and terms we’ll be using throughout this book, such as the Windows API, processes, threads, virtual memory, kernel mode and user mode, objects, handles, security, and the registry. | When a thread finishes running either because it returned from its main routine called ExitThread or was killed with TerminateThread it moves from the running state to the terminated state. If there are no handles open on the thread object the thread is removed from the process thread list and the associated data structures are deallocated and released. 5.7.10 Context Switching A thread s context and the procedure for context switching vary depending on the processor s architecture. A typical context switch requires saving and reloading the following data Instruction pointer Kernel stack pointer A pointer to the address space in which the thread runs the process s page table directory The kernel saves this information from the old thread by pushing it onto the current old thread s kernel-mode stack updating the stack pointer and saving the stack pointer in the old thread s KTHREAD block. The kernel stack pointer is then set to the new thread s kernel stack and the new thread s context is loaded. If the new thread is in a different process it loads the address of its page table directory into a special processor register so that its address space is available. See the description of address translation in Chapter 9. If a kernel APC that needs to be delivered is pending an interrupt at IRQL 1 is requested. Otherwise control passes to the new thread s restored instruction pointer and the new thread resumes execution. 5.7.11 Idle Thread When no runnable thread exists on a CPU Windows dispatches the per-CPU idle thread. Each CPU is allotted one idle thread because on a multiprocessor system one CPU can be executing a thread while other CPUs might have no threads to execute. Various Windows process viewer utilities report the idle process using different names. Task Manager and Process Explorer call it System Idle Process while Tlist calls it System Process. If you look at the EPROCESS structure s ImageFileName member you ll see the internal name for the process is Idle.