A permission granted to a process to manipulate a particular object in a particular way (by calling a system service). Different NT object types support different access rights, which are stored in an object’s ACL.
An attempt to execute a memory operation that is not allowed by the underlying page protection. See also probe and SEH.
There are four basic kinds of actions that can cause access violations:
·Attempting an invalid operation, such as writing to a read-only page
·Attempting to access memory beyond the limit of the current program’s address space (a.k.a. “length violation”)
·Attempting to access a page to which the system forbids access
For example, code is not allowed to run in the low-order 64K of the NT user-mode address space in order to simplify the detection of NULL pointer references.
·Attempting to access a page that is currently resident but dedicated to the use of an NT component
For example, user-mode code is not allowed access a page that the Kernel is using.
Note that this term pertains to memory operations. It has nothing to do with the Security Manager’s checking of user-mode access rights to objects.
(1) Access control entry
An ACE is an individual entry in an ACL. An ACE contains an SID and describes the access rights that a particular user or group of users has to a system resource. The set of all ACEs on the object are used to determine whether an access request to the object is granted. See also security descriptor.
(2) Advanced computing environment
A consortium of hardware and software companies formed to promote an open computing environment.
Access control list
An ordered list of ACEs.
A kernel-mode-only object type, defined by the I/O Manager and supported by the HAL component. An adapter object represents a hardware bus adapter or DMA controller channel. Adapter objects “connect” different kinds of devices on the bus or DMA controller, each device (or kind of device) with its own driver.
(1) A programmer-defined attribute of a process and/or thread on a multiprocessor platform:
·For a process, its affinity is the programmer-determined set of processors on which its threads are permitted to run.
·For a thread, its default affinity is identical to that of the process to which it belongs; otherwise, its affinity must be a proper subset of the process’s.
(2) The set of processors on which a particular interrupt is enabled in a given machine.
A Boolean that provides a way to break into a thread’s execution at a point where either of the following conditions is met:
·The thread is in an alertable wait state (as specified when the wait service was called).
·The thread polls the alerted flag.
Asynchronous procedure call
An APC is a Kernel-defined control object representing a procedure that is called asynchronously. APCs are thread-context dependent; that is, they are queued to a particular thread for execution.
There are three different kinds of APCs in NT:
User APCs are used by certain asynchronous NT system services to allow user-mode applications or protected subsystems to synchronize the execution of a thread with the completion of an operation or the occurrence of an event such as a timer’s expiration. User APCs are, by default, disabled. That is, they are queued to the user-mode thread, but they are not executed except at well-defined points in the program. Specifically, they can only be executed when an application or protected subsystem has called a wait service and has enabled alerts to occur, or if it has called the test-alert service.
Kernel APCs are normal kernel-mode APCs. They are much like a normal user APC except that they are executable by default. That is, they are enabled except when the thread is already executing a Kernel APC. (Note that a special Kernel APC always preempts these.)
Special Kernel APCs cannot be blocked except by running at a raised IRQL. They are executed at APC_LEVEL IRQL (see IDT), in kernel mode. These types of APCs are used by the system to force a thread to execute a procedure in the thread’s context. An example of this is I/O completion: the I/O Manager needs to get back into the context of the original requestor of the I/O operation so that it can copy buffers, and so forth. In order to do this, the I/O Manager must be able to access the virtual address space of the thread/process, and the most efficient way to complete the operation is to be in the calling thread’s context.
See thread object.
(1) Advanced RISC computing
Refers to a RISC-based computer architecture standard, associated with the ACE consortium.
(2) Windows NT runs on top of ARC-compliant machines, including both RISC- and CISC-based platforms that supply the following components to the OS loader:
·In ACE-compliant platforms, such as most MIPS machines, a set of machine firmware that supports bootstrap loading and execution as an “abstracted” set of ARC routines and ARC devices.
·In x86-based platforms, a hardware recognizer (Ntdetect) that finds devices necessary to bootstrap the system by querying the ROM BIOS and builds a hardware database that emulates the RISC-based ARC firmware.
·In both kinds of platforms, a HAL that interfaces between the hardware and the system. See also HAL.
Device drivers for certain types of devices create an alias between the names of their device objects and the corresponding ARC device name by calling IoAssignArcName.
One of a set of IRPs, created by the highest-level driver in a chain of layered drivers, that specifies some part of an I/O request to be sent on to a lower-level driver. When all associated IRPs in the set have been processed, the I/O Manager completes the original request. See also IRP.
A model for I/O in which the operations carried out to satisfy I/O requests do not necessarily occur in sequence. The application that originally made the request can continue executing (rather than waiting for its I/O to complete), the I/O Manager or a higher-level driver can reorder I/O requests as they are received, and a lowest-level driver can start an I/O operation on a device before it has completed the preceding request, particularly in a multiprocessor machine.