Comment by mrob
4 years ago
You opt into inheriting specific contexts from the parent, instead of copying everything by default:
https://docs.microsoft.com/en-us/windows/win32/api/processth...
4 years ago
You opt into inheriting specific contexts from the parent, instead of copying everything by default:
https://docs.microsoft.com/en-us/windows/win32/api/processth...
More importantly, all syscalls also take a target process as an argument, making the Windows version both simpler and more powerful than can be done with fork. Spawn is also a lot slower on Windows, but that is an implementation issue.
> Spawn is also a lot slower on Windows, but that is an implementation issue.
afaik most of that slowdown is because malware scanners (including Windows Defender) hook spawn to do blocking verification of what to launch. Which is an issue also present on eg. MacOS, and why it's also kinda slow to launch new processes (and can be subject to extreme latencies): https://www.engadget.com/macos-slow-apps-launching-221445977...
Which is yes an implementation problem, but also a problem that potentially changes/impacts the design. Like maybe it'd make sense to get a handle to a pre-verified process so that repeated spawns of it don't need to hit that path (for eg. something like Make or Ninja that just spam the same executable over and over and over again). Or the kernel/trusted module needs to in some way be involved & can recognize that an executable was already scanned & doesn't need to be re-scanned.
It's not just that; process creation in Win32 is generally slower / more expensive, and has been since forever.
3 replies →