Local Procedure Call
Encyclopedia
The Local Procedure Call (LPC, often also referred to as Lightweight Procedure Call or Local Inter-Process Communication) is an internal, undocumented inter-process communication
facility provided by the Microsoft
Windows NT
kernel for lightweight IPC
between process
es on the same computer. As of Windows Vista
, LPC has been rewritten as Advanced Local Procedure Call (ALPC) in order to provide a high-speed scalable communication mechanism required to efficiently implement User-Mode Driver Framework, whose user-mode parts require an efficient communication channel with UMDF's components in the executive.
The (A)LPC interface is part of Windows NT's undocumented Native API
, and as such is not available to applications for direct use. However, it can be used indirectly in the following instances:
s, allowing e.g. only specific SID
s to use them) and allow identification of the process on the other side of the connection. Individual messages are also securable: applications can set per-message SIDs, and also test for changes of the security context in the token associated with the (A)LPC message.
The typical communication scenario between the server and the client is as follows:
(A)LPC supports the following three modes of message exchange between the server and client:
ALPC has a performance advantage over the former LPC interface, as it can be configured to use I/O completion ports
instead of synchronous request/reply mechanism that LPC exclusively uses. This enables ALPC ports high-speed communication which automatically balances the number of messages and threads. Additionally, ALPC messages can be batched together so as to minimize user-mode/kernel-mode switches.
The Local Security Authority Subsystem Service
(LSASS), Session Manager (SMSS), and Service Control Manager
all use (A)LPC ports directly to communicate with client processes. Winlogon
and the Security Reference Monitor
use it to communicate with the LSASS process.
As mentioned, RPC can use (A)LPC as a transport when the client and server are both on the same machine. Many services that are designed to communicate only on the local computer use (A)LPC as the only transport through RPC. The implementation of remote OLE
and DCOM
in many cases uses (A)LPC for local communication as well.
Inter-process communication
In computing, Inter-process communication is a set of methods for the exchange of data among multiple threads in one or more processes. Processes may be running on one or more computers connected by a network. IPC methods are divided into methods for message passing, synchronization, shared...
facility provided by the Microsoft
Microsoft
Microsoft Corporation is an American public multinational corporation headquartered in Redmond, Washington, USA that develops, manufactures, licenses, and supports a wide range of products and services predominantly related to computing through its various product divisions...
Windows NT
Windows NT
Windows NT is a family of operating systems produced by Microsoft, the first version of which was released in July 1993. It was a powerful high-level-language-based, processor-independent, multiprocessing, multiuser operating system with features comparable to Unix. It was intended to complement...
kernel for lightweight IPC
Inter-process communication
In computing, Inter-process communication is a set of methods for the exchange of data among multiple threads in one or more processes. Processes may be running on one or more computers connected by a network. IPC methods are divided into methods for message passing, synchronization, shared...
between process
Process (computing)
In computing, a process is an instance of a computer program that is being executed. It contains the program code and its current activity. Depending on the operating system , a process may be made up of multiple threads of execution that execute instructions concurrently.A computer program is a...
es on the same computer. As of Windows Vista
Windows Vista
Windows Vista is an operating system released in several variations developed by Microsoft for use on personal computers, including home and business desktops, laptops, tablet PCs, and media center PCs...
, LPC has been rewritten as Advanced Local Procedure Call (ALPC) in order to provide a high-speed scalable communication mechanism required to efficiently implement User-Mode Driver Framework, whose user-mode parts require an efficient communication channel with UMDF's components in the executive.
The (A)LPC interface is part of Windows NT's undocumented Native API
Native API
The Native API is the publicly- and incompletely-documented application programming interface used internally by the Windows NT family of operating systems produced by Microsoft.. It is predominately used during system boot, when other components of Windows are unavailable. The Program Entry point...
, and as such is not available to applications for direct use. However, it can be used indirectly in the following instances:
- when using Remote Procedure CallRemote procedure callIn computer science, a remote procedure call is an inter-process communication that allows a computer program to cause a subroutine or procedure to execute in another address space without the programmer explicitly coding the details for this remote interaction...
API to communicate locally, i.e. between the processes on the same machine - by calling Windows API which use (A)LPC (see below)
Implementation
(A)LPC is implemented using kernel "port" objects, which are securable (with ACLAccess control list
An access control list , with respect to a computer file system, is a list of permissions attached to an object. An ACL specifies which users or system processes are granted access to objects, as well as what operations are allowed on given objects. Each entry in a typical ACL specifies a subject...
s, allowing e.g. only specific SID
Security Identifier
In the context of the Microsoft Windows NT line of operating systems, a Security Identifier is a unique name which is assigned by a Windows Domain controller during the log on process that is used to identify a subject, such as a user or a group of users in a network of NT/2000...
s to use them) and allow identification of the process on the other side of the connection. Individual messages are also securable: applications can set per-message SIDs, and also test for changes of the security context in the token associated with the (A)LPC message.
The typical communication scenario between the server and the client is as follows:
- A server process first creates a named server connection port object, and waits for clients to connect.
- A client requests a connection to that named port by sending a connect message.
- If the server accepts the connection, two unnamed ports are created:
- client communication port - used by client threads to communicate with a particular server
- server communication port - used by the server to communicate with a particular client; one such port per client is created
- The client receives a handle to the client communication port, and server receives a handle to the server communication port, and the inter-process communication channel is established.
(A)LPC supports the following three modes of message exchange between the server and client:
- For short messages (fewer than 256 bytes) the kernel copies the message buffers between processes, from the address spaceAddress spaceIn computing, an address space defines a range of discrete addresses, each of which may correspond to a network host, peripheral device, disk sector, a memory cell or other logical or physical entity.- Overview :...
of the sending process to the system address space, and from there to the receiving process' address space. - For messages longer than 256 bytes a shared memory section must be used to transfer data, which the (A)LPC service maps between the sending and receiving processes. First the sender places data into the shared memory, and then sends a notification (e.g. a small message, using the first method of (A)LPC) to the receiving process pointing to the sent data in the shared memory section.
- Server can directly read and write data from the client's address space, when the amount of data is too large to fit in a shared section.
ALPC has a performance advantage over the former LPC interface, as it can be configured to use I/O completion ports
Input/output completion port
Input/Output Completion Port is an API for performing multiple simultaneous asynchronous input/output operations in Windows NT versions 3.5 and later, AIX and on Solaris 10 and later. An input/output completion port object is created and associated with a number of sockets or file handles...
instead of synchronous request/reply mechanism that LPC exclusively uses. This enables ALPC ports high-speed communication which automatically balances the number of messages and threads. Additionally, ALPC messages can be batched together so as to minimize user-mode/kernel-mode switches.
Known usage
(A)LPC is used heavily in communication between internal subsystems in Windows NT. The Win32 subsystem uses (A)LPC heavily for communication between client and the subsystem server (CSRSS). Quick LPC was introduced in version 3.51 of Windows NT to make these calls faster. This method was largely abandoned in version 4.0 in favor of moving the performance critical server portions into kernel mode (win32k.sys).The Local Security Authority Subsystem Service
Local Security Authority Subsystem Service
Local Security Authority Subsystem Service , is a process in Microsoft Windows operating systems that is responsible for enforcing the security policy on the system. It verifies users logging on to a Windows computer or server, handles password changes, and creates access tokens...
(LSASS), Session Manager (SMSS), and Service Control Manager
Service Control Manager
Service Control Manager is a special system process under Windows NT family of operating systems, which starts, stops and interacts with Windows service processes. It is located in %SystemRoot%\services.exe executable...
all use (A)LPC ports directly to communicate with client processes. Winlogon
Winlogon
In computing, Winlogon is the component of Microsoft Windows operating systems that is responsible for handling the secure attention sequence, loading the user profile on logon, and optionally locking the computer when a screensaver is running...
and the Security Reference Monitor
Reference monitor
In operating systems architecture a reference monitor concept defines a set of design requirements on a reference validation mechanism, which enforces an access control policy over subjects' ability to perform operations on objects on a system...
use it to communicate with the LSASS process.
As mentioned, RPC can use (A)LPC as a transport when the client and server are both on the same machine. Many services that are designed to communicate only on the local computer use (A)LPC as the only transport through RPC. The implementation of remote OLE
Object Linking and Embedding
Object Linking and Embedding is a technology developed by Microsoft that allows embedding and linking to documents and other objects. For developers, it brought OLE Control eXtension , a way to develop and use custom user interface elements...
and DCOM
Distributed component object model
Distributed Component Object Model is a proprietary Microsoft technology for communication among software components distributed across networked computers. DCOM, which originally was called "Network OLE", extends Microsoft's COM, and provides the communication substrate under Microsoft's COM+...
in many cases uses (A)LPC for local communication as well.
External links
- Local Procedure Call - Includes explanation of undocumented functions
- LPC Communication