Windows – a virtualized process

processwindows

I have MinGW and MSYS installed and never really cared about how the binaries work. However, today I opened Process Explorer and realized that I have some virtualized processes:

I know that usually make/gcc/sh/mintty are for POSIX/unix-like systems, however I thought that the MinGW/MSYS projects would provide native executables. Virtualized is usually a term I associate with virtual machines and it confuses me a little bit. The task manager actually calls the according column "UAC virtualization".

So what does the virtualized flag in Windows mean? Is it some kind of compatibility layer for pre Vista executables?

Best Answer

It's basically a file system and registry 'wrapper' that redirects file write attempts if the user does not have the correct write permissions, see the Wikipedia article about UAC for more information:

Applications written with the assumption that the user will be running with administrator privileges experienced problems in earlier versions of Windows when run from limited user accounts, often because they attempted to write to machine-wide or system directories (such as Program Files) or registry keys (notably HKLM). UAC attempts to alleviate this using File and Registry Virtualization, which redirects writes (and subsequent reads) to a per-user location within the user's profile.

For example, if an application attempts to write to a directory such as "C:\Program Files\appname\settings.ini" to which the user does not have write permission, the write will be redirected to "C:\Users\username\AppData\Local\VirtualStore\Program Files\appname\settings.ini". The redirection feature is only provided for non-elevated 32-bit applications, and only if they do not include a manifest that requests specific privileges.

Best Answer

Related Solutions

Windows – What Does the svchost.exe Process Do?

Windows – the Nalpeiron process

Related Question