NTOSKRNL.

EXE:
=================

1. For security reasons Registry is implemented in Kernel.

2. There fore registry access is costly. (To raise an interrupt and to call the
handler it takes 1000 clock cycles).

3. WDM = Windows Driver Model, WDF - Windows Driver Foundation, UMDF, KMDF
3a. UMDF is a COM Component. Just use it and build UMDs. It supports USBs as well.

4. Not all the drivers runs in Kernal mode, Ex: Print, Imaging, these will
communicate with the base driver provided by windows

5. WIA - Windows Image Acquisition standards

6. WMI - Windows Management Instrumentation - is THE way to access Performance

DataBase in Windows OS.

System Processes:
===================

1. System Idle process with PID 0, containing one thread per process.
2. System Process contains mjority of the Kernel mode threads, with PID 4 (XP and
above) and 8 for win2k
3. CsRss process is windows subsystem

Session Manager:
===================

1. This is the first user mode process created in a system.

2. Creating System Environment variables.
3. Launching Csrss.exe and Winlogon process that creates all other system
processes.

Resource Handles:
==================

1. When ever a process creates a handle by calling any create* or open* fnctions
the OS creates the Handle Table for the
process if the process is just created and puts the resource reference in the table
and return the index into the table as
the Handle.
HENCE the handles are process relative.

2. OS maintains resources via REFERENCE COUNTING.

SHARING HANDLES IN WINDOWS:

=======================================

1. Handle Inheriting :
=========================

1. While creating a HANDLE, use TRUE for bInheritHandle in SECURIY_DESCRIPTOR

structure.
2. Use createProcess to create the child process and set the bInheritHandles
parameter to TRUE.
3. AT THE TIME OF CREATION OF CHILD PROCESS OS Copies the Inheritable handles from
Parent Process to the
Child process's Handle table exactly at the Same location.
4. OS Increases the Usage/reference count of the Kernel object pointed to by the
Handle.

5. The inherited handle WILL BE KEPT AS INHERITABLE ONLY.

6. CHILD PROCESS hasNO idea that it inherited ANY handles. So any of the inherited
handles should be passed explicitly to the child.

7. SetHandleInformation(handle,HANDLE_INHERIT,0);

2. Named Objects :
========================

1. Pass a string to the Create* methods.

2. This name can be upto 260 chars. Uniqueness should be taken care by user applns

3. DuplicateHandle :
========================

1. DuplicateHandle() API used.

2. We need to pass the Copied handle explicitly to the Target process.