Is there any implementation of monitor on Windows? I didn't see any win32 API references Monitor.
Windows does not have a monitor implementation of its own. However, Vista introduced Condition Variables and Slim Reader/Writer locks, which can be used together to create a monitor implementation.
Yes it does. Windows has monitors and monitor functions:
EnterCriticalSection is similar to POSIX pthread_mutex_lock (enters the monitor).
LeaveCriticalSection is similar to POSIX pthread_mutex_unlock (leaves monitor).
SleepConditionVariableCS similar to POSIX pthread_cond_wait.
WakeConditionVariable ... POSIX pthread_cond_signal.
WakeAllConditionVariable ... POSIX pthread_cond_broadcast
All these funcions you can find here:
https://msdn.microsoft.com/en-us/library/windows/desktop/ms686360(v=vs.85).aspx
Related
Like Unix based operating system, why is there no process hierarchy in Windows? Is there a reason for it or is it just a choice? How does the processes work in windows then?
Sorry for the necro thread but there is no answer. There is a process hierarchy in Windows. You can't see it from the Task manager but with SysInternal ProcessExplorer you see it all up to the kernel components. You can also easily retrieve that information with various winapi calls.
I need to capture the DeviceIoControl() system calls of an application. On linux, strace can be used to analyze all ioctl calls. Is there any similar functionality on windows?
MSDN website recommends a program called "Process Monitor" to analyze the real-time activities of executables. However, "Process Monitor" does not show anything about DeviceIoControl calls.
Have you tried OSR's IRPTracker?
IrpTracker allows you to monitor all I/O request packets (IRPs) on a system without the use of any filter drivers and with no references to any device objects, leaving the PnP system entirely undisturbed. In addition to being able to see the path the IRP takes down the driver stack and its ultimate completion status, a detailed view is available that allows you to see the entire contents of static portion of the IRP and an interpreted view of the current and previous stack locations.
To capture the DeviceIoControl() function you can use an API hook. My company provides Deviare, a hook engine with a high level interface. You don't need to know a lot about hooking it can be used freely (just display a dialog saying unregistered version). It includes a hook console with source code.
Recently discovered Rohitab's API Monitor
It hasn't been updated for 2 years, but it does work on my Win7 x64. It has very good API filtering capabilities.
The Dr. Memory (http://drmemory.org) tool comes with a system call tracing tool called drstrace that lists all system calls made by a target application, including NtDeviceIoControlFile, along with their arguments: http://drmemory.org/strace_for_windows.html
I have intensive processing that I need to perform in a device driver, at DISPATCH_LEVEL or lower IRQL.
How do I create a kernel-thread?
What IRQL does it run at? Can I control this?
How is it scheduled? Because I am thinking from a user-mode perspective here, what priority does it run at?
What kernel functions can I use to provide locking / synchronization?
you can create system thread with this As you can see one of its parameters is a start routine which can hold custom code - in it you can use KeRaiseIrql and KeLowerIrql. By default threads will run in PASSIVE_LEVEL. "Locks, Deadlocks, and Synchronization" is a very helpful paper regarding synchronization in kernel on windows and everyone who has to do some tinkering with the windows kernel should read or at least skim it
On Unix to Windows Porting Dictionary for HPC page for fork() it's written
There is no equivalent Windows API to
the Unix fork() or vfork(). The
Microsoft Subsystem for Unix-based
Applications (SUA or Interix) is a
Unix environment that has fork() and
vfork() properly implemented.
and further on the page there's example source code which uses... standard Win32 API CreateProcess function.
I'm confused.
Shouldn't the example use fork() to illustrate the statement about fork() being implemented by SUA/Interix?
If fork() is really implemented which header and lib files does it live in?
The page you're looking at is the *nix to Windows porting guide. It doesn't show you how to use fork() but the closest win32 equivialent, CreateProcess. The pages there documents which Win32 function you should use instead of Unix functions.
You'll need the subsystem for Unix and the SUA SDK to use fork(). There you'll get a *nix environment on Windows, fork() will be in the usual unistd.h library, and you'll link to libc.so (using gcc) to use it.
Reading Monitoring certain system calls done by a process in Windows, I'm wondering about a Windows equivalent to the ptrace system call or a programmatical workaround.
You can use ETW to trace system calls. When starting the trace, in EVENT_TRACE_PROPERTIES, you can add EVENT_TRACE_FLAG_SYSTEMCALL flag to EnableFlags. This enables SysCallEnter and SysCallLeave events, as described here.