★ “长 App calls Subsystem ¥斗 ★★ o Function requires some work in environment subsystemprocess (maintain state of dient app) client/server request(message)to env. Subsystem( LPC fadlity) SubsystemDLL waitsfor reply before retumingto caller 9 Combinations of 2 /3: CreateProcess/ Create Threado
26 App calls Subsystem Function requires some work in environment subsystem process (maintain state of client app) – Client/server request (message) to env. Subsystem (LPC facility) – Subsystem DLL waits for reply before returning to caller Combinations of 2/3: CreateProcess() / CreateThread()
斗 长 Windows Subsystem ¥斗 ★★ o Environment subsystemprocess(CSRSSEXE Console (text) windows Creatingand deleting processes and threads Portions of the supportfor 16-bitvirtual DOS machine(VDM) Other func GetTempFile, Define DosDevice, ExitWindowsEx o kemel -mode device driver WIN32K.SYS) Windowmanager manages screen output; input from keyboard, mouse, andotherdevices user messagesto applications. Graphical Device Interface(GDi
27 Windows Subsystem Environment subsystem process (CSRSS.EXE): – Console (text) windows – Creating and deleting processes and threads – Portions of the support for 16-bit virtual DOS machine (VDM) – Other func: GetTempFile, DefineDosDevice, ExitWindowsEx kernel-mode device driver (WIN32K.SYS): – Window manager: manages screen output; – input from keyboard, mouse, and other devices – user messages to applications. – Graphical Device Interface (GDI)
斗 长 Windows Subsystem(contd.) ¥斗 ★★ o Subsystem DLLs(such as USER32. DLL, ADVAP32. DLL, GD[32. DLL, and KERNEL32. DLL) Translate windaws api functionsinto calls to ntoskrnl exe and WIN32K.SYS. o Graphics device drivers graphics display drivers, printerdrivers, video miniport drivers o Prior to NT 4.0, window managerand gaphicsservices were partof the user-mode Win32 subsystemprocess s Is NT Less stablewith Win32 useR GDi in Kemel mode?
28 Windows Subsystem (contd.) Subsystem DLLs (such as USER32.DLL, ADVAPI32.DLL, GDI32.DLL, and KERNEL32.DLL) – Translate Windows API functions into calls to NTOSKRNL.EXE and WIN32K.SYS. Graphics device drivers – graphics display drivers, printer drivers, video miniport drivers Prior to NT 4.0, window manager and graphics services were part of the user-mode Win32 subsystem process Is NT Less Stable with Win32 USER & GDI in Kernel Mode?
★ “长 32-bitx86 Address space ¥斗 ★★ Default 3 GB user space 2 GB User process 3 GB space User process space 2 GB System Space 1 GB System Space
29 2 GB User process space 2 GB System Space 3 GB User process space 1 GB System Space Default 3 GB user space 32-bit x86 Address Space
★ “长 LiKemel vs User-Mode: QuidkSice(gsliceexe) ¥斗 ★★ QuicksSlice 回区‖ Fastestway to find CPU hogs PID Image Name Process CPU Usage Red=kemel. blue= User mod 0 P rocess system o Double-dick ona processto se 14 smss.exe a per-thread display for that 18 csrss. exe process 22 winlogon. exe 28 services.exe o Sumof threads bars for a 2b Isass.exe processrepresentsall of the 43 spools. exe process'stime, notall CPU tim 2a rpcss.exe 50tcpsvos.exe 58 snmp.exe Slice- explorer.exe 5c tapisrv.exe 口区 63 nddeagrtexe P rocessld P aged ool NonP aged ool 65pwrapp.exe 00004D1B 000010E0 74 rasman. exe 7d expl TID Time cs E of P rocess cpu- Total: 149 88 inetinfo. exe 7c0o0000000 systray.exe 8d000000000 asli ce. exe 9900000000/0 ad mspaint. exe cc 0000ab250 /8 Screen snapshot from Resource Kit QuckSlice
30 Fastest way to find CPU hogs Red=Kernel, Blue=User mode Double-click on a process to see a per-thread display for that process Sum of threads’bars for a process represents all of the process’s time, not all CPU time Screen snapshot from: Resource Kit | QuckSlice Kernel vs User-Mode: QuickSlice (qslice.exe)