读 windows internals 笔记(二)
Key System Components
Figure 2-3. Windows architecture
下面将要详细说明上图的主要元素
Environment Subsystems and Subsystem DLLs
如上图所示,windows拥有三个环境子系统:OS/2, POSIX, and Windows。windows必须携带windows子系统否则windows将无法运行(Because it owns the keyboard, mouse, and display, and it is required to be present even on server systems with no interactive users logged in.) 。
环境子系统向应用程序暴露windows执行体(executive )的系统服务的一个子集,每个子系统提供访问windows服务的不同子集。That means that some things can be done from an application built on one subsystem that can't be done by an application built on another subsystem。For example, a Windows application can't use the POSIX fork function.
一个可执行文件(.exe)只能在一个环境子系统中运行,当可执行文件运行时, the process creation code examines the subsystem type code in the image header so that it can notify the proper subsystem of the new process.
Function calls can't be mixed between subsystems. In other words, a POSIX application can call only services exported by the POSIX subsystem, and a Windows application can call only services exported by the Windows subsystem.
As mentioned earlier, user applications don't call Windows system services directly. Instead, they go through one or more subsystem DLLs. For example, the Windows subsystem DLLs (such as Kernel32.dll, Advapi32.dll, User32.dll, and Gdi32.dll) implement the Windows API functions. The POSIX subsystem DLL (Psxdll.dll) implements the POSIX API functions.
当一个应用程序调用子系统动态链接库中的一个函数时,会发生下面的三种可能之一:
-
函数完全是在用户模式下的subsystem dll中实现的。也就是说,no message is sent to the environment subsystem process,以及没有windows 执行体的系统服务被调用;the function is performed in user mode, and the results are returned to the caller.例如:GetCurrentProcessId 函数(对于一个正在运行的进程来说process ID是不会改变的,所以这个ID值可以从一个缓存中取得,从而避免了对内核服务的调用)
-
函数需要一个或者多个windows执行体服务调用,例如:ReadFile 以及 WriteFile函数调用底层的windows I/O服务;
-
函数需要资环境子系统进程中处理一些事情,在这种情况下,通过向子系统传递信息来执行一些操作来形成一个向环境子系统的client/server请求。环境子系统动态链接库得到一个replay后返回调用者。
尽管windows可以支持多个相互独立的环境子系统,但是在实际应用中如果为每一个子系统都实现如:I/O or windowing 将会影响系统性能和大小;因为windows subsystem是windows的主要子系统,所以windows的设计者们把这些功能到放置到了windows subsystem中,其他子系统通过调用windows subsystem来实现相应功能;