|
Ntdll.dll
The Native API is a lightweight application programming interface (API) used by Windows NT's kernel and user mode applications. This API is used in the early stages of Windows NT startup process, when other components and APIs are still unavailable. Therefore, a few Windows components, such as the Client/Server Runtime Subsystem (CSRSS), are implemented using the Native API. The Native API is also used by subroutines such as those in kernel32.dll that implement the Windows API, the API based on which most of the Windows components are created. Most of the Native API calls are implemented in ntoskrnl.exe and are exposed to user mode by ntdll.dll. The entry point of ntdll.dll is LdrInitializeThunk. Native API calls are handled by the kernel via the System Service Descriptor Table (SSDT). Function groups The Native API comprises many functions. They include C runtime functions that are needed for a very basic C runtime execution, such as strlen(), sprintf(), memcpy() and floor ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Ntoskrnl
ntoskrnl.exe (short for Windows NT operating system kernel executable), also known as the kernel image, contains the kernel and executive layers of the Microsoft Windows NT kernel, and is responsible for hardware abstraction, process handling, and memory management. In addition to the kernel and executive layers, it contains the cache manager, security reference monitor, memory manager, scheduler (Dispatcher), and blue screen of death (the prose and portions of the code).Russinovich, MSystems Internals Tips and Trivia ''SysInternals Information'' Overview x86 versions of ntoskrnl.exe depend on bootvid.dll, hal.dll and kdcom.dll (x64 variants of ntoskrnl.exe have these DLLs embedded in the kernel to improve performance). However, it is not a native application thus it is not linked against ntdll.dll. Instead, ntoskrnl.exe has its own entry point "KiSystemStartup" that calls the architecture-independent kernel initialization function. Because it requires a static copy of the ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
System Call
In computing, a system call (syscall) is the programmatic way in which a computer program requests a service from the operating system on which it is executed. This may include hardware-related services (for example, accessing a hard disk drive or accessing the device's camera), creation and execution of new processes, and communication with integral kernel services such as process scheduling. System calls provide an essential interface between a process and the operating system. In most systems, system calls can only be made from userspace processes, while in some systems, OS/360 and successors for example, privileged system code also issues system calls. For embedded systems, system calls typically do not change the privilege mode of the CPU. Privileges The architecture of most modern processors, with the exception of some embedded systems, involves a security model. For example, the '' rings'' model specifies multiple privilege levels under which software may be e ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Windows NT Kernel
The architecture of Windows NT, a line of operating systems produced and sold by Microsoft, is a layered design that consists of two main components, user mode and kernel mode. It is a preemptive, reentrant multitasking operating system, which has been designed to work with uniprocessor and symmetrical multiprocessor (SMP)-based computers. To process input/output (I/O) requests, it uses packet-driven I/O, which utilizes I/O request packets (IRPs) and asynchronous I/O. Starting with Windows XP, Microsoft began making 64-bit versions of Windows available; before this, there were only 32-bit versions of these operating systems. Programs and subsystems in user mode are limited in terms of what system resources they have access to, while the kernel mode has unrestricted access to the system memory and external devices. Kernel mode in Windows NT has full access to the hardware and system resources of the computer. The Windows NT kernel is a hybrid kernel; the architecture compri ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Microsoft Corporation
Microsoft Corporation is an American multinational corporation and technology company, technology conglomerate headquartered in Redmond, Washington. Founded in 1975, the company became influential in the History of personal computers#The early 1980s and home computers, rise of personal computers through software like Windows, and the company has since expanded to Internet services, cloud computing, video gaming and other fields. Microsoft is the List of the largest software companies, largest software maker, one of the Trillion-dollar company, most valuable public U.S. companies, and one of the List of most valuable brands, most valuable brands globally. Microsoft was founded by Bill Gates and Paul Allen to develop and sell BASIC interpreters for the Altair 8800. It rose to dominate the personal computer operating system market with MS-DOS in the mid-1980s, followed by Windows. During the 41 years from 1980 to 2021 Microsoft released 9 versions of MS-DOS with a median frequen ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Csrss
The Client/Server Runtime Subsystem, or csrss.exe, is a component of the Windows NT family of operating systems that provides the user mode side of the Win32 subsystem. In modern versions of Windows, it is primarily involved with process and thread management, console window handling, side-by-side assembly loading and the shutdown process. Historically, it had also been responsible for window management and graphics rendering, however, these operations have been moved to kernel mode starting with Windows NT 4.0 to improve performance. CSRSS instances are marked as critical processes, meaning that terminating one will crash the system. Built-in process management tools in most Windows versions will also refuse to kill instances of CSRSS. Under normal operation, there is a CSRSS instance for each session (two in Windows Vista and newer, one in earlier versions, both assuming there are no active RDP connections which spawn extra sessions). Technical details CSRSS runs as a user- ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Debugging
In engineering, debugging is the process of finding the Root cause analysis, root cause, workarounds, and possible fixes for bug (engineering), bugs. For software, debugging tactics can involve interactive debugging, control flow analysis, Logfile, log file analysis, monitoring at the application monitoring, application or system monitoring, system level, memory dumps, and profiling (computer programming), profiling. Many Programming language, programming languages and Programming tool, software development tools also offer programs to aid in debugging, known as debuggers. Etymology The term ''bug'', in the sense of defect, dates back at least to 1878 when Thomas Edison wrote "little faults and difficulties" in his inventions as "Bugs". A popular story from the 1940s is from Admiral Grace Hopper. While she was working on a Harvard Mark II, Mark II computer at Harvard University, her associates discovered a moth stuck in a relay that impeded operation and wrote in a log book ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Breakpoint
In software development, a breakpoint is an intentional stopping or pausing place in a computer program, program, put in place for debugging purposes. It is also sometimes simply referred to as a pause. More generally, a breakpoint is a means of acquiring knowledge about a program during its execution. During the Interrupt, interruption, the programmer inspects the test System platform, environment (general-purpose registers, virtual memory, memory, logs, Computer file, files, etc.) to find out whether the program is functioning as expected. In practice, a breakpoint consists of one or more conditions that determine when a program's execution should be interrupted. History Breakpoints were invented for ENIAC, one of the earliest digital computers, by programmer Betty Holberton. In the initial design of ENIAC, program flow was set by plugging cables from one unit to another. To make the program stop at a certain point, a cable was removed, called a ''breakpoint''. Types of bre ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Asynchronous Procedure Call
An asynchronous procedure call (APC) is a unit of work in a computer. Definition Procedure calls can be synchronous or asynchronous. Synchronous procedure calls are made on one thread in a series, with each call waiting for the prior call to complete. on some thread. APCs instead are made without waiting for prior calls to complete. For example, if some data are not ready (for example, a program waits for a user to reply), then stopping other activity on the thread is expensive, the thread has consumed memory and potentially other resources. Structure An APC is typically formed as an object with a small amount of memory and this object is passed to a service which handles the wait interval, activating it when the appropriate event (e.g., user input) occurs. The life cycle of an APC consists of 2 stages: the passive stage, when it passively waits for input data, and active state, when that data is calculated in the same way as at the usual procedure call. A reusable async ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Portable Executable
The Portable Executable (PE) format is a file format for executables, object file, object code, Dynamic-link library, dynamic-link-libraries (DLLs), and binary files used on 32-bit and 64-bit Microsoft Windows, Windows operating systems, as well as in UEFI environments. It is the standard format for executables on Windows NT-based systems, including files such as .exe, .dll, .sys (for system drivers), and .mui. At its core, the PE format is a structured data container that gives the Windows operating system loader everything it needs to properly manage the Executable, executable code it contains. This includes references for Library (computer science)#Dynamic linking, dynamically linked libraries, tables for importing and exporting Application programming interface, APIs, resource management data and thread-local storage (TLS) information. According to the Unified Extensible Firmware Interface, Unified Extensible Firmware Interface (UEFI) specification, the PE format is also the a ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Ring (computer Security)
In computer science, hierarchical protection domains, often called protection rings, are mechanisms to protect data and functionality from faults (by improving fault tolerance) and malicious behavior (by providing computer security). Computer operating systems provide different levels of access to resources. A protection ring is one of two or more hierarchical ''levels'' or ''layers'' of Privilege (computing), privilege within the architecture of a computer system. This is generally hardware-enforced by some Central processing unit, CPU Computer architecture, architectures that provide different CPU modes at the hardware or microcode abstraction layer, level. Rings are arranged in a hierarchy from most privileged (most trusted, usually numbered zero) to least privileged (least trusted, usually with the highest ring number). On most operating systems, Ring 0 is the level with the most privileges and interacts most directly with the physical hardware such as certain CPU functiona ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Internationalization And Localization
In computing, internationalization and localization (American English, American) or internationalisation and localisation (British English, British), often abbreviated i18n and l10n respectively, are means of adapting to different languages, regional peculiarities and technical requirements of a target locale (computer software), locale. Internationalization is the process of designing a software application so that it can be adapted to various languages and regions without engineering changes. Localization is the process of adapting internationalized software for a specific region or language by translating text and adding locale-specific components. Localization (which is potentially performed multiple times, for different locales) uses the infrastructure or flexibility provided by internationalization (which is ideally performed only once before localization, or as an integral part of ongoing development). Naming The terms are frequently abbreviated to the numeronyms ''i18n ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
