Embed Size (px)
DESCRIPTION
Thread Internals. 組員:王傳陞、林威丞 黃品舜、李盈賢. outline. what is a thread? Data Structures executive thread block kernel thread block thread environment block Thread-Related Kernel Variables Thread-Related Performance Counters Windows Thread Functions Birth of a Thread. What is a Thread?. - PowerPoint PPT Presentation
Citation preview
Thread Internals
組員:王傳陞、林威丞 黃品舜、李盈賢
outline what is a thread? Data Structures
executive thread blockkernel thread block thread environment block
Thread-Related Kernel Variables Thread-Related Performance Counters Windows Thread Functions Birth of a Thread
What is a Thread?
A thread is the basic object that executes instructions on a processor. All running processes have at least one thread.
What is a Thread?(cont.)
Traditional UNIX Process Heavyweight process Single thread
Mach Task Thread
Lightweight process Thread id, PC, register set, a stack
Dynamic Object Mult-thread
What is a Thread?(cont.)
Single-threaded process Multi-threaded process
Resources
Threads
Resources
Threads
outline what is a thread? Data Structures
executive thread blockkernel thread block thread environment block
Thread-Related Kernel Variables Thread-Related Performance Counters Windows Thread Functions Birth of a Thread
Data Structures
EP : executive process
KP : kernel process (PCB)
ET : executive thread
TEB : thread environment block
PEB : process environment block
KT : kernel thread
outline what is a thread? Data Structures
executive thread blockkernel thread block thread environment block
Thread-Related Kernel Variables Thread-Related Performance Counters Windows Thread Functions Birth of a Thread
executive thread block
Thread time :Thread create and exit time information.
Process identification : Process ID and pointer to EPROCESS block of the process that the thread belongs to.
Start address :Address of thread start routine.
executive thread block(cont.)
LPC information :Message ID that the thread is waiting for and address of message.
I/O information :List of pending I/O request packets (IRPs).
Impersonation information :Access token and impersonation level (if the thread is impersonating a client).
outline what is a thread? Data Structures
executive thread blockkernel thread block thread environment block
Thread-Related Kernel Variables Thread-Related Performance Counters Windows Thread Functions Birth of a Thread
kernel thread block
Dispatcher header :A data structure that contains the object type, the signaled state, and a list of the threads waiting on that object.
Execution time :Total user and kernel CPU time.
Pointer to kernel stack information :Base and upper address of the kernel stack.
kernel thread block(cont.)
Pointer to system service table :Each thread starts out with this field service table pointing to the main system service table (KeServiceDescriptorTable). When a thread first calls a Windows GUI service, its system service table is changed to one that includes the GDI and USER services in Win32k.sys.
kernel thread block(cont.)
Scheduling information :Base and current priority, quantum, affinity mask, ideal processor, scheduling state, freeze count, and suspend count.
Trap frame :Trap frame allow system to resume where if left off.
APC queues : List of pending user-mode and kernelmode APCs, and alertable flag.
kernel thread block(cont.)
Timer block :Built-in timer block (also a corresponding wait block).
Pointer to TEB :Thread ID, TLS information, PEB pointer, and GDI and OpenGL information.
Wait blocks :Each thread that is in a wait state has a list of the wait blocks that represent the objects the thread is waiting for.
outline what is a thread? Data Structures
executive thread blockkernel thread block thread environment block
Thread-Related Kernel Variables Thread-Related Performance Counters Windows Thread Functions Birth of a Thread
thread environment block
Others :Graphics Device Interface 、 Open Graphics Library 、 Transport Layer Security…
Fiber :lightweight” threads
TIB :One element in the TIB structure is a pointer to an EXCEPTION_RECORD structure, which in turn contains a pointer to an exception handling callback function. Thus, each thread has its own exception callback function.
outline What is a thread? Data Structures
executive thread blockkernel thread block thread environment block
Thread-Related Kernel Variables Thread-Related Performance Counters Windows Thread Functions Birth of a Thread
Thread-Related Kernel Variables
Variable Type Description
PspCreateThreadNotifyRoutine Array of pointers
紀錄創造或消去 thread 時所用到的函式的位置 (maximum of eight).
PspCreateThreadNotifyRoutineCount
DWORD Count of registered thread-notification routines.
PspCreateProcessNotifyRoutine Array of pointers
紀錄創造或消去 process 時所用到的函式的位置 (maximum of eight).
Example : 線程監控
outline what is a thread? Data Structures
executive thread blockkernel thread block thread environment block
Thread-Related Kernel Variables Thread-Related Performance Counters Windows Thread Functions Birth of a Thread
Thread-Related Performance Counters
Object: Counter Function
Process: Priority Base 回傳程序的 base priority ,這也是此 process 所創造的 thread 們初始的 priority.
Thread: % Privileged Time Thread 在 kernel mode 中執行的時間百分比
Thread: % Processor Time Thread 佔用 CPU 的時間百分比
Thread: % User Time Thread 在 user mode 中執行的時間百分比
Thread: Context Switches/Sec 顯示 Thread 進行 context switches 的次數 / 每秒
Thread: Elapsed Time 顯示此 Thread 跑了多少秒
Thread: ID Process 顯示此 Process 其唯一的 Process ID
Thread-Related Performance Counters(cont.)
Object: Counter Function
Thread: ID Thread 顯示此 Thread 其唯一的 Thread ID
Thread: Priority Base 顯示 Thread 現在的 base priority ,可能與初始的 priority 不同
Thread: Priority Current 顯示 Thread 動態的 base priority
Thread: Start Address 顯示 Thread 起始的虛擬記憶體位置 (Note: This address will be the same for most threads.)
Thread: Thread State 回傳代表其目前狀態的數字 ( 0 = Initialized 、 1 = Ready 、 7 = Unknown )
Thread: Thread Wait Reason 回傳代表其等待原因的數字
Thread Object 詳細資料連結
outline what is a thread? Data Structures
executive thread blockkernel thread block thread environment block
Thread-Related Kernel Variables Thread-Related Performance Counters Windows Thread Functions Birth of a Thread
Windows Thread Functions
Function Description
CreateThread Creates a new thread
CreateRemoteThread Creates a thread in another process
OpenThread Opens an existing thread
ExitThread Ends execution of a thread normally
TerminateThread Terminates a thread
GetExitCodeThread Gets another thread's exit code
Windows Thread Functions(cont.)
Function Description
GetThreadTimes Returns timing information for a thread
GetCurrentThread Retrieves a pseudo handle for the calling thread.
GetCurrentThreadId Retrieves the thread identifier of the calling thread.
GetThreadId Returns the thread ID of the specified thread
GetThreadContext / SetThreadContext
Returns or changes the context for the specified thread.
GetThreadSelectorEntry Returns another thread's descriptor table entry (applies only to x86 systems)
outline what is a thread? Data Structures
executive thread blockkernel thread block thread environment block
Thread-Related Kernel Variables Thread-Related Performance Counters Windows Thread Functions Birth of a Thread
