Share this page!

Vagner Pilar Profile picture
Twitter logo
11 Oct, 7 tweets, 2 min read
#WindowsInternals #Drivers (1/7)
Drivers are call back mechanisms to send or retrieve I/O between the operating system and devices such as NIC’s, Storage Controllers, and USB keyboards and mice.
They are typically loaded during the system boot sequence (after NTLDR but before Ctrl+Alt+Del presentation). (2/7)
Device load order groups ensure driver load in the correct order, such as A/V filter drivers loading after the NTFS.SYS has initialized as an example. (3/7)
(4/7) Image
Most of the requests that are sent to device drivers are packaged in I/O request packets (IRPs). Each device is represented by a device node, and each device node has a device stack. (5/7)
Sometimes more than one device stack is involved in processing an I/O request. Regardless of how many device stacks are involved, the overall sequence of drivers that participate in an I/O request is called the driver stack for the request (6/7)
(7/7) Image

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Vagner Pilar

Vagner Pilar Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @vagnerpilar

Vagner Pilar Profile picture
13 Oct
#ETW is an efficient kernel-level tracing facility that lets you log kernel or app-defined events to a log file (#ETL). You can consume the events in real time or from a log file and use them to debug an app or to determine where perf issues are occurring in the app. (1/17)
ETW lets you enable or disable event tracing dynamically, allowing you to perform detailed tracing in a production environment without requiring computer or application restarts. (2/17)
The Event Tracing API is broken into three distinct components:
1 - Controllers, which start and stop an event tracing session and enable providers
2 - Providers, which provide the events
3 - Consumers, which consume the events (3/17)
Read 17 tweets
Vagner Pilar Profile picture
11 Oct
Articles #WindowsInternals (1/6)
Introduction to DPCs
msdn.microsoft.com/en-us/library/… (2/6)
Deferred Procedure Call Details: osronline.com/article.cfm?ar…
RSS with Message Signaled Interrupts
msdn.microsoft.com/en-us/library/…
Timer Objects and DPCs
msdn.microsoft.com/en-us/library/…
Give Microsoft’s Scalable Networking Pack Another Look
windowsitpro.com/networking/giv… (3/6)
Read 6 tweets
Vagner Pilar Profile picture
11 Oct
#ContexSwitching #WindowsInternals (1/8)
Until threads that are suspended or blocked become ready to run, the scheduler does not allocate any processor time to them, regardless of their priority (2/8)
Because Windows implements a preemptive scheduler, if another thread with higher priority becomes ready to run, the currently running thread might be preempted before finishing its time slice. (3/8)
Read 8 tweets
Vagner Pilar Profile picture
11 Oct
CPU Scheduler #WindowsInternals (1/9)
The system scheduler controls multitasking by determining which of the competing threads receives the next processor time slice. (2/9)
There is no single “scheduler” module or routine, the code is spread throughout the kernel in which scheduling-related events occur. The routines that perform these duties are called the kernel’s dispatcher (3/9)
Read 9 tweets
Vagner Pilar Profile picture
11 Oct
CPU Idle States #Cstates #WindowsInternals (1/6)
C-states, also known as CPU Idle states, are states when the CPU has reduced or turned off selected functions. Different processors support different numbers of C-states in which various parts of the CPU are turned off. (2/6)
Generally, higher C-states shut off more parts of the CPU, leading to significantly reduced power consumption.
Processor Power Policy is owned and managed by the Windows Kernel Power Manager. (3/6)
Read 7 tweets
Vagner Pilar Profile picture
11 Oct
ISR vs DPCs #WindowsInternals #ProcessorDebug (1/5)
ISR: A software routine that hardware invokes in response to an interrupt. ISRs examine an HARDWARE interrupt and determine how to handle it. (2/5)
DPC: Software interrupt with a lower priority than the ISR
An ISR must perform very fast to avoid slowing down the operation of the device and the operation of all lower priority ISRs. (3/5)
Read 7 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!

Like this author's thread?

Get email notifications when new thread is out from this Author!

Check out other threads from this Author!

Read all threads by @vagnerpilar