Job Object YenChin Chen 965202011 Outline Job Object
Job Object Yen-Chin Chen 965202011
Outline Job Object Introduction Windows functions to create and manipulate job objects CPU-related and memory-related limits you can specify for a job Conclusion Experiment
Outline Job Object Introduction Windows functions to create and manipulate job objects CPU-related and memory-related limits you can specify for a job Conclusion Experiment
Job Object In this slides, Job Process • A job object is a Thread – nameable, , this 3 colors will be used – securable, to enhance your reading – shareable kernel object that allows control of one or more processes as a group. • A job object’s basic function is to allow groups of processes to be managed and manipulated as a unit. • A process can be a member of only one job object.
Job Object • By default, • Its association with the job object can’t be broken • All processes created by the process and its descendents are associated with the same job object as well. • The job object also records basic accounting information for all processes associated with the job and for all processes that were associated with the job but have since terminated.
Outline Job Object Introduction Windows functions to create and manipulate job objects CPU-related and memory-related limits you can specify for a job Conclusion Experiment
Windows functions to create and manipulate job objects. Function Description Create. Job. Object Creates a job object (with an optional name) Open. Job. Object Opens an existing job object by name Assign. Process. To. Job. Object Adds a process to a job Terminate. Job. Object Terminates all processes in a job Set. Information. Job. Object Sets limits Query. Information. Job. Object Retrieves information about the job, such as CPU time, page fault count, number of processes, list of process IDs, quotas or limits, and security limits
Outline Job Object Introduction Windows functions to create and manipulate job objects CPU-related and memory-related limits you can specify for a job Conclusion Experiment
CPU-related and memory-related limits you can specify for a job Maximum number of active processes Limits the number of concurrently existing processes in the job. Jobwide user-mode CPU time Limits the maximum amount of user-mode CPU time that the processes in the job can consume (including processes that have run and exited). Once this limit is reached, by default all the processes in the job will be terminated with an error code and no new processes can be created in the job (unless the limit is reset). The job object is signaled, so any threads waiting for the job will be released. You can change this default behavior with a call to End. Of. Job. Time. Action.
CPU-related and memory-related limits you can specify for a job Per-process user-mode CPU time limit Allows each process in the job to accumulate only a fixed maximum amount of user-mode CPU time. When the maximum is reached, the process terminates (with no chance to clean up). Job scheduling class Sets the length of the time slice (or quantum) for threads in processes in the job. This setting applies only to systems running with long, fixed quantums (the default for Windows Server systems). The value of the job-scheduling class determines the quantum as shown here
(Cont’) Job-scheduling class determines the quantum Scheduling Class Quantum Units 0 6 1 12 2 18 3 24 4 30 5 36 6 42 7 48 8 54 9 Infinite if real-time; 60 otherwise
CPU-related and memory-related limits you can specify for a job Job processor affinity (Multi-Processor) Sets the processor affinity mask for each process in the job. (Individual threads can alter their affinity to any subset of the job affinity, but processes can’t alter their process affinity setting. ) Job process priority class Sets the priority class for each process in the job. Threads can’t increase their priority relative to the class (as they normally can). Attempts to increase thread priority are ignored. (No error is returned on calls to Set. Thread. Priority (winnt. h, winbase. h, page. 329 from book), but the increase doesn’t occur. ) Set. Thread. Priority(Get. Current. Thread(), THREAD_PRIORITY_NORMAL);
CPU-related and memory-related limits you can specify for a job Default working set minimum and maximum Defines the specified working set minimum and maximum for each process in the job. (This setting isn’t jobwide—each process has its own working set with the same minimum and maximum values. ) Process and job committed virtual memory limit Defines the maximum amount of virtual address space that can be committed by either a single process or the entire job.
CPU-related and memory-related limits you can specify for a job • Jobs can also be set to queue an entry to an I/O completion port object, which other threads might be waiting for, with the Windows Get. Queued. Completion. Status function. • You can also place security limits on processes in a job. • You can set a job so that each process runs under the same jobwide access token. You can then create token a job to restrict processes from impersonating( impersonating 模仿) or creating processes that have access tokens that contain the local administrator’s group.
Access Token An access token is as an object encapsulating the security descriptor of a process Attached to a process, a security descriptor identifies the owner of the object (in this case, the process) An access token is an object that describes the security context of a process or thread. The information in a token includes the identity and privileges of the user account associated with the process or thread. Ref : http: //msdn. microsoft. com/enus/library/aa 374909. aspx
Impersonation Token If you want to get more details, please read chapter 8 unique : security Impersonation is a security concept to of Windows Internal to Windows NT, that allows a server application temporarily "be" the client in terms of access to secure objects. Impersonation has three possible levels: identification, letting the server inspect the client's identity, impersonation, letting the server act on behalf of the client, and delegation, same as impersonation but extended to remote systems to which the server connects (through the preservation of credentials). Ref : http: //en. wikipedia. org/wiki/Token_(Windows_NT_archit ecture)
CPU-related and memory-related limits you can specify for a job You can also place user-interface limits on processes in a job. Such limits include being able to Restrict processes from opening handles to windows owned by threads outside the job, reading and/or writing to the clipboard, and changing the many user-interface system parameters via the Windows System. Parameters. Info function.
CPU-related and memory-related limits you can specify for a job X-Windows 2000 Datacenter Server has a tool called the Process Control Manager that allows an administrator to define job objects, the various quotas and limits that can be specified for a job, and which processes, if run, should be added to the job. A service component monitors process activity and adds the specified processes to the jobs. Note that this tool is no longer shipped with Windows Server 2003 Datacenter Edition, but will remain on the system if a Windows 2000 Datacenter Server is upgraded to Windows Server 2003 Datacenter Edition.
Set. Information. Job. Object Function BOOL WINAPI Set. Information. Job. Object ( __in HANDLE h. Job, //retrun from //Create. Job. Object/Open. Job. Object __in JOBOBJECTINFOCLASS Job. Object. Info. Class, __in LPVOID lp. Job. Object. Info, __in DWORD cb. Job. Object. Info. Length ); __in : Means Input
JOBOBJECTINFOCLASS Job. Object. Info. Class typedef enum _JOBOBJECTINFOCLASS { Job. Object. Basic. Accounting. Information = 1, Job. Object. Basic. Limit. Information, =>2 Job. Object. Basic. Process. Id. List, Job. Object. Basic. UIRestrictions, Job. Object. Security. Limit. Information, Job. Object. End. Of. Job. Time. Information, Job. Object. Associate. Completion. Port. Information, Job. Object. Basic. And. Io. Accounting. Information, Job. Object. Extended. Limit. Information, Job. Object. Job. Set. Information, Max. Job. Object. Info. Class } JOBOBJECTINFOCLASS;
LPVOID lp. Job. Object. Info So, how to set the typedef struct Affinity Mask? I _JOBOBJECT_BASIC_LIMIT_INFORMATION { introduce what is LARGE_INTEGER Per. Process. User. Time. Limit; LARGE_INTEGER Per. Job. User. Time. Limit; ULONG_PTR type first. DWORD Limit. Flags; SIZE_T Minimum. Working. Set. Size; SIZE_T Maximum. Working. Set. Size; DWORD Active. Process. Limit; ULONG_PTR Affinity; DWORD Priority. Class; DWORD Scheduling. Class; } JOBOBJECT_BASIC_LIMIT_INFORMATION, *PJOBOBJECT_BASIC_LIMIT_INFORMATION;
ULONG_PTR A ULONG_PTR is an unsigned long type used for pointer precision. It is used when casting a pointer to a long type to perform pointer arithmetic. Note In a 64 -bit environment (indicated below by a TRUE value for _WIN 64), the ULONG_PTR MUST be defined as an unsigned __int 64, not as a ULONG.
ULONG_PTR #ifdef _WIN 64 typedef __int 64 ULONG_PTR; #else typedef ULONG_PTR; #endif Ref : http: //msdn. microsoft. com/enus/library/cc 230394. aspx
Processor. If Affinity not a Hyperthreding system setting, 32 -bit : 000000000000000111 public void Set. Process. Affinity. To. Physical. CPUFor. Hyperthread. Only(int processid) , means CPU 0, 1 and 2 threads could run on { and alter between them. int res; int h. Process; So just using ‘|’ , ’&’ , (or/and) bit-operator to int Proc. Affinity. Mask = 0, Sys. Affinity. Mask = 0; set Affinity Mask. h. Process = Open. Process(PROCESS_ALL_ACCESS, 0, processid); res = Get. Process. Affinity. Mask( h. Process, ref Proc. Affinity. Mask, ref Sys. Affinity. Mask); if (Sys. Affinity. Mask == 3) // 1 proc, 2 logical CPUs res = Set. Process. Affinity. Mask(h. Process, 1); else if (Sys. Affinity. Mask == 15) //dual proc, 4 virtual CPUs res = Set. Process. Affinity. Mask(h. Process, 3); res = Close. Handle(h. Process); } Ref : http: //msdn. microsoft. com/en-us/library/ms 686223(VS. 85). aspx
Processor Affinity BOOL WINAPI Set. Process. Affinity. Mask ( __in HANDLE h. Process, __in DWORD_PTR dw. Process. Affinity. Mask ); dw. Process. Affinity. Mask [in] The affinity mask for the threads of the process.
Processor Affinity DWORD_PTR WINAPI Set. Thread. Affinity. Mask ( __in HANDLE h. Thread, __in DWORD_PTR dw. Thread. Affinity. Mask ); dw. Thread. Affinity. Mask [in] The affinity mask for the thread. A thread affinity mask is a bit vector in which each bit represents the processors that a thread is allowed to run on. A thread affinity mask must be a subset of the process affinity mask for the containing process of a thread. A thread can only run on the processors its process can run on.
Outline Job Object Introduction Windows functions to create and manipulate job objects CPU-related and memory-related limits you can specify for a job Conclusion Experiment
Conclusion • In this chapter, we’ve examined the structure of processes and threads and jobs, seen how they are created, and looked at how Windows decides which threads should run and for how long. • Many references in this chapter are to topics related to memory management. Because threads run inside processes and processes in large part define an address space, the next logical topic is how Windows performs virtual and physical memory management—the subjects of Chapter 7.
Book : Windows Internal Ref : Book page from 369~374
Outline Job Object Introduction Windows functions to create and manipulate job objects CPU-related and memory-related limits you can specify for a job Conclusion Experiment
EXPERIMENT: Viewing the Job Object using Process Explorer Windows Kernel Debugger
Process Explorer Type this command to create a job and a cmd process in this job /user: Machine. Name Administrator If you want to create other processes in the same job, you need execute them in cmd process by runas shown in next slide
Process Explorer
Process Explorer Double Click cmd. exe row , then a dialog will jump out, and processes in the same job will show the same color.
Process Explorer
Windows Kernel Debugger Before above, You must install Windows Symbols from http: //www. microsoft. com/whdc/devtools/debugging/symbolpkg. mspx#d
Windows Kernel Debugger Find out cmd process by Then, command search for runas that cmd process, you’ll see handle of the job : 82245 cd 0 To See all the Processes in O. S.
Thanks for your Attention ^_^
- Slides: 38