* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Download Windows - Part I
Security-focused operating system wikipedia , lookup
Copland (operating system) wikipedia , lookup
Burroughs MCP wikipedia , lookup
Spring (operating system) wikipedia , lookup
Distributed operating system wikipedia , lookup
Unix security wikipedia , lookup
Windows NT startup process wikipedia , lookup
Operating systems history •Windows 3.11 •Windows 9x •Windows NT •Windows 2000 •Windows 2003 Windows 2000 Key requirements •32 Bit OS •Demand Paged virtual memory •Multiple hardware architectures •Multiprocessor systems •Networking •Reliability and robustness •POSIX •Security Fundamental concepts What is a Process? An instance of a running program Fundamental concepts What is a Thread ? An unit of execution Fundamental concepts Threads Share the process address space Fundamental concepts Why have multiple threads ? Perceived user responsiveness Fundamental concepts 4GB Address space •2GB process space •2GB system space Kernel mode (ring 0) The privileged mode of operation in which code has direct access to all hardware and all memory addresses. •Can access hardware directly. •Can access all of the memory on the computer. •Cannot be moved to the virtual memory page file on the hard disk. •Is processed at a higher priority than user mode processes. User Mode (ring 3) A less privileged processor mode than kernel mode and has no direct access to hardware. •Code running in user mode can run only in its own address space. •It uses the Windows APIs to request system services. •User mode processes have no direct access to hardware. Fundamental concepts •No process can corrupt other process memory •No process can corrupt system memory •Threads change from user to kernel mode on system calls Architecture overview Architecture overview מיפוי או תרגום של הפונקציות המתועדות (חשופות) של מערכת ההפעלה לפונקציות הפנימיות של מערכת ההפעלה ()windows nt create file function > ntcreatefile Architecture overview Process & thread services I/O subsystem Inter process communication Undocumented – accessed through subsystem DLLS Architecture overview Lowest level component of core OS Provides thread scheduling, interrupt dispatching, exception dispatching. Both executive and kernel are contained In NTOSKERNEL.EXE Architecture overview Access to hardware devices. Translate user i/o functions to hardware specific i/o requests. Virtual device drivers – file system, network protocol. Architecture overview Window management and graphic operations Win32k.sys Drawing, ui controls Prior nt4 was at user mode Architecture overview Hardware abstraction layer Built for different hardware platforms. “Device driver for the motherboard” Architecture overview Always on processes Idle process – fake process to account for idle cpu cycles System process – home for kernel mode system threads Smss.exe – session manager subsystem Csrss.exe – win32 subsystem Winlogon.exe – logon process Services.exe – service control manager Lsass.exe – local security authentication Architecture overview System process – home for kernel mode system threads • pieces of OS or driver code that run as independent threads • memory manager, swapper, file server driver • Created at boot time Architecture overview Task scheduler Spooler Web server… Architecture overview •All kernel components share a common address space. •Other 32 Bit OS have a similar design •Most OS and drivers are written in a portable language (C) •Kernel components use formal interfaces to interact with each other. Symmetric multiprocessing •Everything is the same – no master/slave •Processors Share one memory space •A processor can reschedule what the other is doing Environment subsystems Subsystems DLLs •Translate documented system calls to internal undocumented NT system calls •Expose operating system calls •Posix, os/2 win32 •Ntdll.dll – interface to native system calls •Win32 is the primary subsystem NT native API mapping of win32 www.sysinternals.com Kernel mode components Contained in ntoskernel.exe Six variants of ntoskernel.exe Kernel mode components Key EXECUTIVE subsys components: •Process &threads manager •Memory manager •Security manager •i/o manager •Plug and play manager •Power manager •Cache manager Accessed through subsystem DLLs Kernel mode components Key kernel subsys components: •Cpu abstraction •Context switching •Exception and interrupt dispatch Management mechanisms •Registry •Win32 services •WMI Management mechanisms Registry •Windows Configuration database •Control drivers loading, process startup •System wide application settings •Per user settings •A window into in-memory system state •Remotely accessible Management mechanisms Registry Read at: •Boot time •Logon time •Application startup Changed at: •When you install software •System setting change Regedt32, regedit Management mechanisms Registry Read at: •Boot time •Logon time •Application startup Changed at: •When you install software •System setting change Management mechanisms Win32 services A service is •A process crested by the service control manager •Starts independent of user logon •Configured to start at boot time •No user interface Management mechanisms Windows Management Instrumentation Works locally and remotely Bi-directional Extensible Natively scriptable Processes and threads Components of process •Private address space •Executable image •DLLs •Private storage •Working set – subset of virtual image •Access token •Table of open objects Processes and threads Components of thread •Execution context- (hardware state) •Two stacks – (user and kernel) •Scheduling state •Current and base priority •Current access mode •Thread access token Processes and threads Job object •Apply quotas and restriction to a group of processes. •Also useful to control a single process Processes and threads Controls of jobs •Total CPU time •Total active processes •Maximum priority for job •Which processors to run on •Security restrictions •Scheduling class Processes exit and crashes When does a process exit? •Call to exit process() •Last thread exits Task manager demo Processes and threads •Threads run, not processes •Most tools report current, not base priority Processes and threads Thread scheduling •No attempt to share processor(s) among processes •No guarantied execution period before preemption. •If higher than running thread, runs right away •If same or lower, waits its turn to run •Threads at the same priority each get a turn. Processes and threads Quantum – length of time a thread runs before another thread at the same priority gets a turn. Length of quantum on server •12 clock intervals •120 ms if clock runs on 10 ms Memory management Memory manager features •Demand paged virtual memory •Supports up to 64 GB physical memory •Provides 4GB flat virtual address space •3 states – commited, free, reserved •Shared memory •Mapped files •File mapping objects (in win32 API) •Bytes in file mapped to virtual address space Memory management Process address space (user accessible) •Contains executable image (EXE) and dynamically linked libraries (DLLs) •Private storage System address space (kernel mode) •Operating system image (NTOSKERNEL.exe) •HAL •Driver files •Kernel mode stacks •File system cache Memory management Virtual memory concepts •Applications reference “virtual address” •Page tables – hardware and software translators to physical address •Unit of protection and usage •Called page •X86 uses 4096 byte pages Memory management Methods for processes to share memory •Local procedure calls •Threads share address space Process share memory sections •Called file mapping objects •Full NT security Windows automatically shares sharable pages – code pages in .EXE All win32 programs use common set of libraries (DLLs) Memory management Copy-on-write pages •Pages are originally set up as shared read only •Gives process a private copy upon write request •Saves physical memory, eliminates unnecessary copies. How windows executes code The Windows operating system uses two modes to maintain operating system efficiency and integrity: user mode and kernel mode. The architecture of 80386 and higher processors defines four privilege levels, called rings, to protect system code and data from being overwritten inadvertently or maliciously by less privileged code. This is called the Intel Protection model. How windows executes code Kernel mode (ring 0) is the privileged mode of operation in which code has direct access to all hardware and all memory addresses. Software that runs in kernel mode has the following attributes: It can access hardware directly. It can access all of the memory on the computer. It cannot be moved to the virtual memory page file on the hard disk. It is processed at a higher priority than user mode processes. User mode (ring 3) is a less privileged processor mode than kernel mode and has no direct access to hardware. Code running in user mode can run only in its own address space. It uses the Windows APIs to request system services. User mode processes: Have no direct access to hardware. multitasking • Multitasking is the ability of an operating system to run more than one program, or task, at the same time. Multitasking contrasts with single tasking, where one process must be completed before another can begin. MS-DOS is a singletasking environment, while Windows 95 and Windows NT are both multitasking environments. Memory Management
 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
                                             
                                             
                                             
                                             
                                             
                                             
                                             
                                             
                                             
                                            