Microsoft® Windows® Internals: Microsoft Windows Server™ 2003, Windows XP, and Windows 2000, 4th Edition
by Mark E. Russinovich, David A. Solomon
Process Internals
This section describes the key Windows process data structures. Also listed are key kernel variables, performance counters, and functions and tools that relate to processes.
Data Structures
Each Windows process is represented by an executive process (EPROCESS) block. Besides containing many attributes relating to a process, an EPROCESS block contains and points to a number of other related data structures. For example, each process has one or more threads represented by executive thread (ETHREAD) blocks. (Thread data structures are explained in the section "Thread Internals" later in this chapter.) The EPROCESS block and its related data structures exist in system space, with the exception of the process environment block (PEB), ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access