process

More documents

Recommendations

Info

20 Advanced Local Procedure Calls (ALPCs) IPC – high-speed message passing Not available through Windows API – Windows OS internal Application scenarios: RPCs on the same machine are implemented as ALPCs Some Windows APIs result in sending messages to Windows subsystems <strong>process</strong>es WinLogon uses ALPC to communicate with local security authentication server <strong>process</strong> (LSASS) Security reference monitor uses ALPC to communicate with LSASS ALPC communication: Short messages < 256 bytes are copied from sender to receiver Larger messages are exchanged via shared memory segment For data larger than will fit in shared section, server (kernel) may write directly in client‘s address space
21 Port Objects ALPC exports port objects to maintain state of communication: Server connection port: named port, server connection request point Server communication port: unnamed port, one per active client, used for communication Client communication port: unnamed port a particular client thread uses to communicate with a particular server Typical scenario: Server creates named connection port Client makes connection request Two unnamed ports are created, client gets handle to server port, server gets handle to client port These two new ports will be used for communication
Page 1 and 2: Core System Mechanisms and Windows
Page 3 and 4: 3 Object Manager (I) Executive comp
Page 5 and 6: 5 Executive Objects vs. Kernel Obje
Page 7 and 8: 7 Executive Objects (contd.) Object
Page 9 and 10: 9 Object Header Field Handle count
Page 11 and 12: 11 Object Methods Method Open Close
Page 13 and 14: 13 Handles and Security Process han
Page 15 and 16: 15 Handle and Reference Count handl
Page 17 and 18: 17 Interesting Object Directories i
Page 19: 19 System Worker Threads Created at
Page 23 and 24: 23 Wow64 Allows execution of Win32
Page 25 and 26: 25 Wow64 File Locations Location of
Page 27 and 28: 27 Example: Cmd.exe on 64-bit Syste
Page 29 and 30: 29 Windows API - Overview APIs to W
Page 31 and 32: 31 Windows API Principles System re
Page 33 and 34: 33 Windows API Naming Conventions P
Page 35 and 36: 35 Differences from UNIX HANDLEs ar
Page 37 and 38: 37 Example Application Sequential f
Page 39 and 40: 39 Basic cp file copy program. UNIX
Page 41 and 42: 41 Basic cp file copy program. C li
Page 43 and 44: 43 Basic cp file copy program. Wind
Page 45 and 46: 45 Further Reading Mark E. Russinov
Page 47 and 48: Lab: 2013-9-23 Handles & ALPC
Page 49: ALPC Port Objects Use Winobj.exe to

process

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?