20:20 on July 6, 2004
Book back
1. Core kernel object handle table
When a process is initialized, the system is assigned a handle table for it. This handle is only used for kernel objects that are not used by user objects or GDI objects. Handle table is just an array of data structures, each structure contains a pointing kernel The object's pointer, an access shield and some logo.
The handle is as shown as shown.
Indexing kernel object memory block pointer access shield (DWORD) flag 1 0X ???????? 0x ????????? 2 0X ???? ???? 0x ???????? 0x ????????
When the process is first initialized, its handle is empty. When the thread calls the thread in the process, the kernel assigns a memory block for the object, and initializes it. The process of initialization is, the kernel is scanned to the process's handle table, find an empty item. Then initialize the pointer of the kernel object memory block, access the mask, and the flag.
2. Create a kernel object
Functions for creating kernel objects, for example
Handle CreateThread (... ..)
Handle Createfile (...)
Handle CreateFilemapping (...)
Handle CreateSemaphore (.......)
These handles returned by these creation kernel objects are an index in the handle of the process, which is used to identify the location of the information stored in the kernel object. The value returned in Win2000 is used to identify the object of the handle of the process. The number of bytes, not the index number.
3. Turn off the kernel object
Bool CloseHandle (Handle Hobj)
This function first checks the handle table of the calling process to ensure that the index passes to the script, if the index is valid, then the system can obtain the address, count of the data structure of the kernel object, and it will clear the process. Items in the handle table, this handle is invalid to your process. If the count is 0, the kernel unstead the kernel object from the memory, if not 0, will execute the CloseaHandle operation, the count is reduced, and there is also another process in the system to access this object, when other processes are stopped When using this object (that is, the CloseHandle action is also performed), the object will be revoked.
Q: If you don't call the CloseHandle function, will there be a memory leak?
A: This is possible, when the process is terminated, the system automatically scans the handle table of the process. If the object is not closed before the process is running, the system will close these object handles, if the object is used as 0, the core is undo This object, but if not 0, then memory leaks will appear.
4. Share kernel objects across process boundaries
That is to say, threads running in different processes require shared kernel objects.
such as
1: File map shared data blocks between two processes running on the same machine
2. Pipeline enables the application to send data blocks between processes running on different machines of the wind
3. Mutually exclusive objects, events allow threads in different processes to synchronize their continuous operation, just like a program that needs to notify another application when a program needs to notify another application.
Before the break is busy, there is no time to update, please forgive me.
The above is only related to some of the processes, follow-up will be described in detail. (Renew)