From: Don Burn on


> -----Original Message-----
> From: ceh [mailto:cehupper(a)gmail.com]
>
> "The thread that creates the new process is the thread that called
> CreateProcess in user space"
>
> If I'm a cmd.exe process and I call createprocess then you're saying
that some
> thread in cmd.exe is the thread that the notifyroutine is running in?
> If that is true, then why do all process creations freeze across the
system if
> there is a wait in the notifyroutine? Shouldn't only that one thread
be
> blocked?

Because the process creation and the notify have locks, you are blocking
things in the middle of the process so yes expect other process creates
in having to waite.
>
> "IoControl calls do not call into a process they call into the kernel
which is
> shared by all processes"
> Is this saying that the kernel is just some section of memory not
associated
> with any specific process?

The kernel is not associated with any process, much of it runs in the
context of the calling process.


Don Burn (MVP, Windows DKD)
Windows Filesystem and Driver Consulting
Website: http://www.windrvr.com
Blog: http://msmvps.com/blogs/WinDrvr




From: ceh on
On Mar 24, 9:57 am, "Don Burn" <b...(a)stopspam.windrvr.com> wrote:
> > -----Original Message-----
> > From: ceh [mailto:cehup...(a)gmail.com]
>
> > "The thread that creates the new process is the thread that called
> > CreateProcess in user space"
>
> > If I'm a cmd.exe process and I call createprocess then you're saying
> that some
> > thread in cmd.exe is the thread that the notifyroutine is running in?
> > If that is true, then why do all process creations freeze across the
> system if
> > there is a wait in the notifyroutine?  Shouldn't only that one thread
> be
> > blocked?
>
> Because the process creation and the notify have locks, you are blocking
> things in the middle of the process so yes expect other process creates
> in having to waite.
>
>
>
> > "IoControl calls do not call into a process they call into the kernel
> which is
> > shared by all processes"
> > Is this saying that the kernel is just some section of memory not
> associated
> > with any specific process?
>
> The kernel is not associated with any process, much of it runs in the
> context of the calling process.
>
> Don Burn (MVP, Windows DKD)
> Windows Filesystem and Driver Consulting
> Website:http://www.windrvr.com
> Blog:http://msmvps.com/blogs/WinDrvr


Because the process creation and the notify have locks, you are
blocking
things in the middle of the process so yes expect other process
creates
in having to waite.

OK, so the mutex in the sys file is essentially accessed by all
processes in user mode that are creating a new process.
I didn't know that that mutex spanned the entire system in both kernel
and user mode.

Thank you for the help. I think I have some lights turning on.


From: m on
How did you think that it worked? The system has some internal data
structures describing processes that can't be updated by multiple threads
simultaneously so a lock is natural. And since the notify routine is called
inline, as is required to make it useful, if must necessarily be called in
the lock!

I know that you said that this is academic, but I am ceaselessly amazed by
the lack of education that many graduates, masters, and doctors have - yes
it is unfair to vent on you, but this post happened to come up at a bad
time.

"ceh" <cehupper(a)gmail.com> wrote in message
news:73ec8421-9ac1-4903-8edf-22f24e387a50(a)33g2000yqj.googlegroups.com...
> On Mar 24, 9:57 am, "Don Burn" <b...(a)stopspam.windrvr.com> wrote:
>> > -----Original Message-----
>> > From: ceh [mailto:cehup...(a)gmail.com]
>>
>> > "The thread that creates the new process is the thread that called
>> > CreateProcess in user space"
>>
>> > If I'm a cmd.exe process and I call createprocess then you're saying
>> that some
>> > thread in cmd.exe is the thread that the notifyroutine is running in?
>> > If that is true, then why do all process creations freeze across the
>> system if
>> > there is a wait in the notifyroutine? Shouldn't only that one thread
>> be
>> > blocked?
>>
>> Because the process creation and the notify have locks, you are blocking
>> things in the middle of the process so yes expect other process creates
>> in having to waite.
>>
>>
>>
>> > "IoControl calls do not call into a process they call into the kernel
>> which is
>> > shared by all processes"
>> > Is this saying that the kernel is just some section of memory not
>> associated
>> > with any specific process?
>>
>> The kernel is not associated with any process, much of it runs in the
>> context of the calling process.
>>
>> Don Burn (MVP, Windows DKD)
>> Windows Filesystem and Driver Consulting
>> Website:http://www.windrvr.com
>> Blog:http://msmvps.com/blogs/WinDrvr
>
>
> Because the process creation and the notify have locks, you are
> blocking
> things in the middle of the process so yes expect other process
> creates
> in having to waite.
>
> OK, so the mutex in the sys file is essentially accessed by all
> processes in user mode that are creating a new process.
> I didn't know that that mutex spanned the entire system in both kernel
> and user mode.
>
> Thank you for the help. I think I have some lights turning on.
>
>