Jaa


What do you want to know about the Windows kernel?

I am by no means a kernel expert, but I do have a couple years of experience working with the Windows kernel and I have done a fair amount of reading about the internals of Windows and operating system development in general.  And of course I have looked over a large amount of the Windows code.

While I've spent the last four months or so getting dug into my position, I need to expand my horizons and choose some areas of the Windows kernel to learn about.  I was hoping all of you could help me out by leaving comments with your questions about the Windows kernel.  Now, if you are driver developer with over five years of experience there is probably no way I can tell you something you don't know.  But, if you are an application developer wanting to know more about the internals of Windows or someone that knows a lot about operating systems theory who is wondering how Windows does something I may be able to help out.

I'll try to answer as many questions immediately as I can myself; then I will pick from the remaining questions to research (by talking to the person who wrote the Windows component) and get back to you with an answer.  I would prefer to stick to general questions about Windows components, no function or parameter specific questions or anything of that sort please.

Of course I won't release any information that isn't public knowledge.  And, as always, please be respectful when asking your questions.

Comments

  • Anonymous
    March 31, 2006
    I have a question about memory mapped files: when there is a page fault, does the system load the faulting page only, or does it also prefetch some pages in advance ?
  • Anonymous
    April 01, 2006
    In Windows all page faults are handled using demand paging.  Only when a page fault occurs is the data loaded into memory.  Demand paging is great for saving the time and space necessary to load unreferenced pages but it would be extremely inefficient if only one page is loaded in at a time.  So yes, other pages are paged in along with the page that caused the page fault.  For data pages in images the number of pages brought in is three and for all other faults the number read in is seven.  So, I should modify my statement above to say a page is only brought in to memory if it faults or if a page right before it faults bringing the page in with it.
  • Anonymous
    April 01, 2006
    The comment has been removed
  • Anonymous
    April 01, 2006
    The comment has been removed
  • Anonymous
    June 11, 2006
    Erick, glad to see your feeling a little better. I usually check to see if you posted anything new just about every day.

    In some of your previous blog postings, you've talked about minifilters. I've been working with them for a while now, but I've never fully understood how to use the fltmgr's work item api's.

    I would hope you might write about this, and I'm looking forward to seeing more blog entries (if your feeling up too it).

    Take care,

    Matt