So how does console subsystem work ? I understand high level stuff such as windows automatically creates console window for programs and then gives handle to console window to which you can write and read with WriteConsole and ReadConsole, but how does window itself work ? does windows use GDI to draw characters into console ? or some hidden internal functions ? what happens behind the curtains ?
This question is too vague to really answer in a detailed fashion but I'll give it a shot.
There are at least 3 different implementations of the console in 32-bit Windows:
- MS-DOS box in Windows 95/98/ME
- CSRSS owned console windows on NT4/2000/XP/2003/Vista
- ConHost owned console windows on 7 and later
The NT based consoles use IPC to communicate between the client application and the console owner process. The ReadFile
and WriteFile
functions have a special hack and also communicate with the console owner when given a console handle (instead of calling into the kernel like they do with a "normal" handle).
The console window is a normal HWND and for the most part uses normal GDI.
The older console also supports native hardware full screen mode where it probably uses BIOS/VGA stuff directly. In windowed mode I believe it uses the undocumented GdiConsoleTextOut
function. Because CSRSS is a core process they might be calling some undocumented NT functions to avoid loading higher level DLLs but there is nothing really special about the actual drawing code.
In newer versions of Windows the full screen mode was removed because of the DWM and a unprivileged process (ConHost.exe) owns the console window to prevent shatter attacks against CSRSS. ConHost.exe imports PolyTextOutW
so I assume that is what it uses to draw the text.
The NT consoles also support a undocumented bitmap graphics mode and I assume that also uses plain GDI.
All of this is of course undocumented implementation details and could change at any time. The closest you will get to official documentation is probably this blog post where they also reveal that the IPC method used is the undocumented LPC feature.
来源:https://stackoverflow.com/questions/45442359/how-does-windows-console-subsystem-work