Skip to main content

 none
ask a question RRS feed

All replies

  • Two easy steps:

    1. Read

    2. Think :)

    -- pa

    Sunday, March 25, 2018 7:38 PM
  • Hi,

    Thank you for posting here.

    Each Windows process is represented by an executive process (EPROCESS) structure. Besides containing many attributes relating to a process, an EPROCESS contains and points to a number of other related data structures.

    The EPROCESS and most of its related data structures exist in system address space.

    At the operating-system level, a Windows thread is represented by an executive thread object. The executive thread object encapsulates an ETHREAD structure, which in turn contains a KTHREAD
    structure as its first member.

    In most cases there is a single process for each executable that you run. Within the process, there can be many threads. Usually at first there is one thread, which usually starts at the programs "entry point" which is the main function usually. Instructions are executed one by one in order, like a person who only has one hand, a thread can only do one thing at a time before it moves on to the next.

    About more information for process and thread, you can refer to Windows__Internals_Part_1_Sixth_Edition book. please see process and thread part.

    Best Regards,

    Hart


    MSDN Community Support Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    Monday, March 26, 2018 7:56 AM
    Moderator