![]() ntdll!LdrpWorkQueueLock (CRITICAL_SECTION)įigure 2: Initializing the work queue structuresįigure 3: Creating the synchronization eventsĪfter ntdll loads kernel32.dll and kernelbase.dll are loaded, ntdll!LdrpEnableParallelLoading is called to set up the necessary events and worker pool.Ntdll!LdrpInitParallelLoadingSupport and ntdll!LdrpCreateLoaderEvents are called to initialize the following structures: Threads created by the master thread in the thread pool will be referred to as worker threads. The initial thread in the process executing ntdll!LdrInitializeThunk will be referred to as the master thread. Interestingly, Windows 10 contains a default entry for chrome.exe with MaxLoaderThreads set to 1 to disable parallel loading.įigure 1: Querying the IFEO registry key for MaxLoaderThreads ![]() ntdll!LdrpInitializeExecutionOptions can further override the LoaderThreads field by querying the Image File Execution Options (IFEO) registry key HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\\MaxLoaderThreads. The parent process defines the number of worker threads by defining in the PEB->ProcessParameters->LoaderThreads (ULONG) field. Windows 10 implements parallel loading by creating a thread pool of worker threads when the process initializes. How Windows 10 Implements Parallel Loading This feature decreases process startup times by using multiple threads to load libraries from disk into memory. One of the unnoticed improvements of Window 10 is the parallel library loading support in ntdll.dll.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |