I have been trying to find the state model used by Windows for its processes and can't find anything on the internet. I tried research papers and normal images and none of them have anything concrete.
Some of them try to give examples by explaining the 5-states or 7-states process model diagram and say windows uses states like this, but they never tell what is actually the model used by windows. One of them even said something about a hybrid but there was no clear explanation.
I was able to find Unix's but not windows. So can anyone tell me which one it is?
CodePudding user response:
A process on Windows is basically just a container for its threads, the process itself never executes code. A process starts its life with a single thread, this thread might run right away or can be requested to start suspended. A process is running as long as it has applicable threads in it. When there are no more threads to run (ExitProcess/TerminateProcess called etc.) the process object becomes signaled. Threads in other processes can wait for this signal (WaitForSingleObject etc.).
When the process is signaled and all handles to the process object have been closed the kernel frees all the memory and resources related to the process and deletes the process object.
The state of a thread is more complicated. In basic terms the states are
- Suspended.
- Ready to run.
- Blocked/Waiting (waiting on a kernel object or I/O).
- Running.
- Ended (signaled, will never execute code again).
I recommend the Windows Internals books for a full in-depth tour of the Windows kernel.