????????
??????????????????????????????????????????????????????????????????????????????????????
????1. System Support Processes
??????Щ??????????????????????????????????
????????logon process(winlogon.exe)??Session manager??smss.exe????

 

Session Manager????????????????????[smss.exe]
Local Session Manager???????????? [lsm.exe]
Service Control Manager??????????[services.exe]
Local Security Authority?????? ??[lsass.exe]
Winlogon????????????????????????????[winlogon.exe]
Wininit???????????????????????????? [wininit.exe]

???????????????service????????????????SCM(Service Control Manager)??????
????lsass.exe??lsm.exe??service??
????2. Service Processes
????Service????????SCM????????????user logon?????????????Щservice??????????winlogon.exe???硣
????Task Scheduler??Print Spooler????services??
????Service Host    [svchost.exe]
????3. User Applications
????????????ó???
????4. Environment Subsystem Server Processes
??????????“????????”?????“Win32????”??
????[csrss.exe]
????Subsystem Dynamic Libraries
?????????dll????
????Kernel32.dll
????Advapi32.dll
????User32.dll
????Gdi32.dll
???????????????Service Processes??User Applications??????????dll?????????????????????????????
?????????????????Service Processes??User Applications??Win32 API????
????Win32 API?????????????
????1. ??????????dll?????????
????2. ????????dll????????????(????????????????????)????
????3. ?????dll??Environment Subsystem Server Processes????C/S???????dll???client????Win32??????server???????????????????????????
????????
?????????????????????
????1. Windows Executive
?????????????????????????????????????????
????????????????飬??????????????飬?????飬IO??飬??????飬?????????????顣
????2. Windows Kernel
??????????????????????е??????????????????????л????ж????????????????????????????
?????????????麯????????
????3. Device Driver
??????????????