There was a query on one of my earlier post (Reference : Posting on Processes and threads ) asking how would a simple 'C' code with no explicit thread create statement behave.
I decided to track all the activies by a simple executable compiled from the below code.. Yes the 1st program that you wrote.. The hello world.
The procmon utility captures everything including the Process Create and Thread Create calls.
I decided to track all the activies by a simple executable compiled from the below code.. Yes the 1st program that you wrote.. The hello world.
The procmon utility captures everything including the Process Create and Thread Create calls.
Lets examine a very simple 'C' Code to explain the windows thread creation and execution.
Consider the following code.
#include "stdio.h"
#include "conio.h"
int main()
{
printf("Hello World! \n");
getch();
return 0;
}
#include "conio.h"
int main()
{
printf("Hello World! \n");
getch();
return 0;
}
code snippet, windows creates a thread and queues it for execution.
So, in short even a very simple hello world application will have a thread created.
HelloWorld.exe Process Start
HelloWorld.exe Thread Create
HelloWorld.exe Load Image C:\Users\skarunakaran\Desktop\HelloWorld.exe
HelloWorld.exe Load Image C:\Windows\System32\ntdll.dll
HelloWorld.exe Load Image C:\Windows\System32\kernel32.dll
HelloWorld.exe RegOpenKey HKLM\Software\Microsoft\Windows\CurrentVersion\SideBySide\AssemblyStorageRoots
HelloWorld.exe RegOpenKey HKLM\COMPONENTS\AssemblyStorageRoots
HelloWorld.exe RegOpenKey HKLM\System\CurrentControlSet\Control\SafeBoot\Option
HelloWorld.exe RegOpenKey HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
HelloWorld.exe RegQueryValue HKLM\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\TransparentEnabled
HelloWorld.exe RegCloseKey HKLM\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers
HelloWorld.exe RegOpenKey HKCU\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
HelloWorld.exe Load Image C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_bcb86ed6ac711f91\msvcr90.dll
HelloWorld.exe RegOpenKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
HelloWorld.exe RegOpenKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DllNXOptions
HelloWorld.exe RegQueryValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DllNXOptions\MSVCR90.dll
HelloWorld.exe RegOpenKey HKLM\System\CurrentControlSet\Control\Session Manager
HelloWorld.exe RegQueryValue HKLM\System\CurrentControlSet\Control\Session Manager\SafeDllSearchMode
HelloWorld.exe RegQueryValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DllNXOptions\ntdll.dll
HelloWorld.exe RegQueryValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DllNXOptions\kernel32.dll
HelloWorld.exe RegOpenKey HKLM\System\CurrentControlSet\Control\Nls\CustomLocale
HelloWorld.exe RegQueryValue HKLM\System\CurrentControlSet\Control\Nls\CustomLocale\en-US
HelloWorld.exe RegCloseKey HKLM\System\CurrentControlSet\Control\Nls\CustomLocale
HelloWorld.exe Thread Exit
HelloWorld.exe Process Exit
Sreekarun...
ReplyDelete[...] something about sreekarun[...]...