Windows programming questions
What is a kernel object?
Each kernel object is simply a memory block allocated by the kernel and is accessible only by the kernel. This memory block is a data structure whose members maintain information about the object. Some members (security descriptor, usage count, and so on) are the same across all object types, but most are specific to a particular object type. For example, a process object has a process ID, a base priority, and an exit code, whereas a file object has a byte offset, a sharing mode, and an open mode.
What are types of kernel objects?
Several types of kernel objects, such as access token objects, event objects, file objects, file-mapping objects, I/O completion port objects, job objects, mailslot objects, mutex objects, pipe objects, process objects, semaphore objects, thread objects, and waitable timer objects.
User can access these kernel objects structures?
Kernel object data structures are accessible only by the kernel
If we cannot alter these Kernel Object structures directly, how do our applications manipulate these kernel objects?
The answer is that Windows offers a set of functions that manipulate these structures in well-defined ways. These kernel objects are always accessible via these functions. When you call a function that creates a kernel object, the function returns a handle that identifies the object.
How owns the Kernel Object?
Kernel objects are owned by the kernel, not by a process
How does the kernel object outlive the process that created it?
If your process calls a function that creates a kernel object and then your process terminates, the kernel object is not necessarily destroyed. Under most circumstances, the object will be destroyed; but if another process is using the kernel object your process created, the kernel knows not to destroy the object until the other process has stopped using it
Which is the data member common to all the kernel object and what is the use of it?
The usage count is one of the data members common to all kernel object types
How to identify the difference between the kernel object and user object?
The easiest way to determine whether an object is a kernel object is to examine the function that creates the object. Almost all functions that create kernel objects have a parameter that allows you to specify security attribute information.
What is the purpose of Process Handle Table?
When a process is initialized, the system allocates a handle table for it. This handle table is used only for kernel objects, not for User objects or GDI objects. When a process first initializes, its handle table is empty. Then when a thread in the process calls a function that creates a kernel object, such as CreateFileMapping , the kernel allocates a block of memory for the object and initializes it; the kernel then scans the process’s handle table for an empty entry
Name few functions that create Kernel Objects?
HANDLE CreateThread(…)
HANDLE CreateFile(..)
HANDLE CreateFileMapping(..)
HANDLE CreateSemaphore(..)
…etc.
All functions that create kernel objects return process-relative handles that can be used successfully by any and all threads that are running in the same process.
What is handle?
Handle value is actually the index into the process’s handle table that identifies where the kernel object’s information is stored.
How the handle helps in manipulating the kernel objects?
Whenever you call a function that accepts a kernel object handle as an argument, you pass the value returned by one of the Create* functions. Internally, the function looks in your process’s handle table to get the address of the kernel object you want to manipulate and then manipulates the object’s data structure in a well-defined fashion.
What happens when the CloseHandle(handle) is called?
This function first checks the calling process’s handle table to ensure that the index (handle) passed to it identifies an object that the process does in fact have access to. If the index is valid, the system gets the address of the kernel object’s data structure and decrements the usage count member in the structure; if the count is zero, the kernel destroys the kernel object from memory.
You forget to call CloseHandle - will there be a memory leak?
Well, yes and no. It is possible for a process to leak resources (such as kernel objects) while the process runs. However, when the process terminates, the operating system ensures that any and all resources used by the process are freed—this is guaranteed. For kernel objects, the system performs the following actions: When your process terminates, the system automatically scans the process’s handle table. If the table has any valid entries (objects that you didn’t close before terminating), the system closes these object handles for you. If the usage count of any of these objects goes to zero, the kernel destroys the object.
What is the need of process relative handles?
The most important reason was robustness. If kernel object handles were system-wide values, one process could easily obtain the handle to an object that another process was using and wreak havoc on that process. Another reason for process-relative handles is security. Kernel objects are protected with security, and a process must request permission to manipulate an object before attempting to manipulate it. The creator of the object can prevent an unauthorized user from touching the object simply by denying access to it
How the handles are handled in the child process?
The operating system creates the new child process but does not allow the child process to begin executing its code right away. Of course, the system creates a new, empty process handle table for the child process just as it would for any new process. But because you passed TRUE to CreateProcess’s bInheritHandles parameter, the system does one more thing: it walks the parent process’s handle table, and for each entry it finds that contains a valid inheritable handle, the system copies the entry exactly into the child process’s handle table. The entry is copied to the exact same position in the child process’s handle table as in the parent’s handle table.
Why the entries in the parent process table and child table are same?
It means that the handle value that identifies a kernel object is identical in both the parent and the child processes.
What about the usage count in the parent child process tables?
The system increments the usage count of the kernel object because two processes are now using the object. For the kernel object to be destroyed, both the parent process and the child process must either call CloseHandle on the object or terminate.
What are Named Objects?
Method available for sharing kernel objects across process boundaries is to name the objects. Below are the kernel named objects:
1) mutex,
2) Events,
3) semaphore,
4) waitableTimers,
5)file mapping,
6)job object.
There are APIs to create these objects with last parameter as the object name.
What do you mean by unnamed object?
When you are creating the kernel objects with the help of API’s like CreateMutex(, , , ,pzname). And the Pzname parameter is NULL , you are indicating to the system that you want to create an unnamed (anonymous) kernel object. When you create an unnamed object, you can share the object across processes by using either inheritance or DuplicateHandle
What is DuplicateHandle (API)?
Takes an entry in one process’s handle table and makes a copy of the entry into another process’s handle table
What is a thread?
A thread describes a path of execution within a process. Every time a process is initialized, the system creates a primary thread. This thread begins executing with the C/C++ run-time library’s startup code, which in turn calls your entry-point function ( main , Wmain , WinMain , or WWinMain ) and continues executing until the entry-point function returns and the C/C++ run-time library’s startup code calls ExitProcess
What is the difference between a ‘thread’ and a ‘process’?
A process is a collection of virtual memory space, code, data, and system resources. A thread is code that is to be serially executed within a process. A processor executes threads, not processes, so each application has at least one process, and a process always has at least one thread of execution, known as the primary thread. A process can have multiple threads in addition to the primary thread. Prior to the introduction of multiple threads of execution, applications were all designed to run on a single thread of execution.
When a thread begins to execute, it continues until it is killed or until it is interrupted by a thread with higher priority (by a user action or the kernel’s thread scheduler). Each thread can run separate sections of code, or multiple threads can execute the same section of code. Threads executing the same block of code maintain separate stacks. Each thread in a process shares that process’s global variables and resources.
What is the limit on per process for creating a thread?
The number of threads a process can create is limited by the available virtual memory and depends on the default stack size
What is Marshalling?
The process of packaging and sending interface method parameters across thread or process boundaries.
What is Synchronization Objects?
Synchronization objects are used to co-ordinate the execution of multiple threads.
Which kernel objects are used for Thread Synchronization on different processes?
Event, Mutex, Semaphore, CriticalSection
What is Event Object and why it is used?
Event is the thread synchronization object to set signaled state or non-signaled state.
What is signaled and non signaled state?
An event is in signaled state means that it has the capacity to release the threads waiting for this event to be signaled. An event is in non signaled state means that it will not release any thread that is waiting for this particular event. Example in our project: when user clicks the image application icon double simultaneously. Two image application windows were created. So PAIG created an event and set it to non-signaled state. Then the image application will reset the event to signaled state, after this all the threads are released.
APIs for creating event and set and reset the events
CreateEvent- to create the event
OpenEvent - to open already created event
SetEvent - to set the event signaled state
RestEvent - To set the Event To non-Signaled State
What is Mutex Object and why it is used?
A mutex object is a synchronization object whose state is set to signaled when it is not owned by any thread, and non-signaled when it is owned. For example, to prevent two threads from writing to shared memory at the same time, each thread waits for ownership of a mutex object before executing the code that accesses the memory. After writing to the shared memory, the thread releases the mutex object.
Mutex is a program object that allows multiple program threads to share the same resource, such as file access, but not simultaneously. When a program is started a mutex is created with a unique name. After this stage, any thread that needs the resource must lock the mutex from other threads while it is using the resource. the mutex is set to unlock when the data is no longer needed or the routine is finished.
How do I create a Mutex?
A thread uses the CreateMutex function to create a mutex object. The creating thread can request immediate ownership of the mutex object and can also specify a name for the mutex object
How do other threads own the mutex?
Threads in other processes can open a handle to an existing named mutex object by specifying its name in a call to theOpenMutex - function. Any thread with a handle to a mutex object can use one of the wait functions to request ownership of the mutex object. If the mutex object is owned by another thread, the wait function blocks the requesting thread until the owning thread releases the mutex object using theReleaseMutex - function.
What is semaphores and why it is used?
A semaphore object is a synchronization object that maintains a count between zero and a specified maximum value. The count is decremented each time a thread completes a wait for the semaphore object and incremented each time a thread releases the semaphore. When the count reaches zero, no more threads can successfully wait for the semaphore object state to become signaled. The state of a semaphore is set to signaled when its count is greater than zero, and non-signaled when its count is zero. The semaphore object is useful in controlling a shared resource that can support a limited number of users. It acts as a gate that limits the number of threads sharing the resource to a specified maximum number. For example, an application might place a limit on the number of windows that it creates. It uses a semaphore with a maximum count equal to the window limit, decrementing the count whenever a window is created and incrementing it whenever a window is closed. The application specifies the semaphore object in call to one of the wait functions before each window is created. When the count is zero - indicating that the window limit has been reached - the wait function blocks execution of the window-creation code.
When is a system in safe state?
The set of dispatchable processes is in a safe state if there exists at least one temporal order in which all processes can be run to completion without resulting in a deadlock.
What is cycle stealing?
We encounter cycle stealing in the context of Direct Memory Access (DMA). Either the DMA controller can use the data bus when the CPU does not need it, or it may force the CPU to temporarily suspend operation. The latter technique is called cycle stealing. Note that cycle stealing can be done only at specific break points in an instruction cycle.
List out some reasons for process termination.
> Normal completion
> Time limit exceeded
> Memory unavailable
> Bounds violation
> Protection error
> Arithmetic error
> Time overrun
> I/O failure
> Invalid instruction
> Privileged instruction
> Data misuse
> Operator or OS intervention
> Parent termination
http://www.techinterviews.com/?p=226
http://placementpapers.net/helpingroot/paper/Windows-Programming-Interview-Questions-Set-1
http://placementpapers.net/helpingroot/paper/Windows-Programming-Interview-Questions-Set-2
http://www.c4swimmers.net/portal/Operating_System_Interview_FAQ_Questions.
No comments:
Post a Comment