Windows Internals, Part 1: System architecture, processes, threads, memory management, and more, Seventh Edition

Stage 6: Starting execution of the initial thread

At this point, the process environment has been determined, resources for its threads to use have been allocated, the process has a thread, and the Windows subsystem knows about the new process. Unless the caller specified the CREATE_SUSPENDED flag, the initial thread is now resumed so that it can start running and perform the remainder of the process-initialization work that occurs in the context of the new process (stage 7).

Stage 7: Performing process initialization in the context of the new process

The new thread begins life running the kernel-mode thread startup routine KiStartUserThread. KiStartUserThread lowers the thread’s IRQL level from deferred procedure call (DPC) level to APC level ...

Get Windows Internals, Part 1: System architecture, processes, threads, memory management, and more, Seventh Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Windows Internals, Part 1: System architecture, processes, threads, memory management, and more, Seventh Edition by Pavel Yosifovich, Alex Ionescu, Mark E. Russinovich, David A. Solomon

Stage 6: Starting execution of the initial thread

Stage 7: Performing process initialization in the context of the new process

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly