Revision as of 00:06, 6 March 2011 edit Ivan Štambuk (talk \| contribs) Extended confirmed users 8,292 edits No edit summary ← Previous edit		Revision as of 00:15, 6 March 2011 edit undo Ivan Štambuk (talk \| contribs) Extended confirmed users 8,292 edits No edit summary Next edit →
Line 1: The '''Local Procedure Call''' ('''LPC''', often also referred to as '''Lightweight Procedure Call''' or '''Local Inter-Process Communication''') ~~facility~~ is an internal, undocumented [[inter-process communication]] facility provided by the [[Microsoft]] [[Windows NT]] [[Kernel (computer science)\|kernel]] for ~~light weight~~lightweight [[~~message~~inter-process ~~queue~~communication\|IPC]] between [[process (computing)\|process]]es on the same computer. As of [[Windows Vista]], LPC has been rewritten as '''Advanced Local Procedure Call''' ('''ALPC''') in order to provide a high-speed scalable communication mechanism required to efficiently implement [[User-Mode Driver Framework]], whose user-mode parts require an efficient communication channel with UMDF's components in the [[Architecture_of_Windows_NT#Executive\|executive]].<ref>{{Harvcoltxt\|Russinovich\|Solomon\|Ionescu\|2009\|p=201}}</ref> The (A)LPC interface is part of Windows NT's undocumented [[Native API]], and as such is not available to applications for direct use. However, it can be used indirectly in the following instances: * when using [[Remote Procedure Call]] API to communicate locally, i.e. between the processes on the same machine * by calling Windows API which use (A)LPC (see below) ==Implementation== (A)LPC is implemented using kernel "port" objects, which are securable (with [[Access control list\|ACL]]s, allowing e.g. only specific [[Security Identifier\|SID]]s to use them) and allow identification of the process on the other side of the connection. Individual messages are also securable: applications can set per-message SIDs, and also test for changes of the security context in the token associated with the (A)LPC message. The typical communication scenario between the server and the client is as follows: # A server process first creates a ''named server connection port'' object, and waits for clients to connect. # A client requests a connection to that named port by sending a connect message. # If the server accepts the connection, two ''unnamed'' ports are created: #* ''client communication port'' - used by client threads to communicate with a particular server #* ''server communication port'' - used by the server to ~~communication~~communicate with a particular client; one such port per client is created # The client receives a handle to the client communication port, and server receives a handle to the server communication port, and the inter-process communication channel is established. (A)LPC supports the following three modes of message exchange between the server and client:<ref>{{Harvcoltxt\|Russinovich\|Solomon\|Ionescu\|2009\|p=203}}</ref> * For short messages (fewer than 256 bytes) the kernel copies the message buffers between processes, from the [[address space]] of the sending process to the system address space, and from there to the receiving process' address space. * ~~Long~~For messages longer than 256 bytes a shared memory section must be used to transfer data, which the (A)LPC service maps between the sending and receiving processes. First the sender places data into the shared memory, and then sends a notification (e.g. a small message, using the first method of (A)LPC) to the receiving process pointing to the sent data in the shared memory section. * Server can directly read and write data from the client's address space, when the amount of data is too large to fit in a shared section. ALPC has a performance advantage over the former LPC interface, as it can be configured to use [[Input/output completion port\|I/O completion ports]] instead of synchronous request/reply mechanism that LPC exclusively uses.<ref>{{Harvcoltxt\|Russinovich\|Solomon\|Ionescu\|2009\|p=204}}</ref> This enables ALPC ports high-speed communication which automatically ~~balance~~balances the number of messages and threads. Additionally, ALPC messages can be batched together so as to minimize user-mode/kernel-mode switches. ==Known usage== (A)LPC is used heavily in communication between internal subsystems in Windows NT. The Win32 subsystem ~~used~~uses (A)LPC heavily for communication between client and the subsystem server ([[Client/Server Runtime Subsystem\|CSRSS]]). Quick LPC was introduced in version 3.51 of Windows NT to make these calls faster. This method was largely abandoned in version 4.0 in favor of moving the performance critical server portions into kernel mode (win32k.sys). The [[Local Security Authority Subsystem Service]] (LSASS), [[Session Manager]] (SMSS), and [[Service Control Manager]] all use (A)LPC ports directly to communicate with client processes. [[Winlogon]] and the [[Reference monitor\|Security Reference Monitor]] use it to communicate with the LSASS process.

Local Inter-Process Communication: Difference between revisions