Windows keyed events

This is when keyed events were born.  They were added to Windows XP as a new kernel object type, and there is always one global event \KernelObjects\CritSecOutOfMemoryEvent, shared among all processes.  There is no need for any of your code to initialize or create it—it’s always there and always available, regardless of the amount of resources on the machine.  Having it there always adds a single HANDLE per process, which is a very small price to pay for the benefit that comes along with it.  If you dump the handles with !handle in WinDbg, you’ll always see one of type KeyedEvent.  Well, what does it do?

  • EnterCriticalSection

  • InitializeCriticalSectionAndSpinCount

  • \KernelObjects\CritSecOutOfMemoryEvent,guid,db9f8f5b-8d1d-44b0-afbd-3eadde24b678.aspx

0 komentarze:

Prześlij komentarz

Tomasz Kulig