Скачать презентацию Windows OS Overview Instructor Hengming Zou Ph D Скачать презентацию Windows OS Overview Instructor Hengming Zou Ph D

99c240252f2fb10ec4e67d10bd0c0606.ppt

  • Количество слайдов: 101

Windows OS Overview Instructor: Hengming Zou, Ph. D. In Pursuit of Absolute Simplicity 求于至简,归于永恒 Windows OS Overview Instructor: Hengming Zou, Ph. D. In Pursuit of Absolute Simplicity 求于至简,归于永恒

Copyright Notice Ü This PPT presentation is developed by Hengming Zou of Shanghai Jiao Copyright Notice Ü This PPT presentation is developed by Hengming Zou of Shanghai Jiao Tong University under permission and with support from Microsoft Research Ü The material contained in the PPT is based on and derived from copyrighted material from Microsoft Ü Any non-profit use of this material is hereby granted provided that this notice page is shown 2

Roadmap Ü History of Operating Systems Ü Tasks of an Operating System Ü OS Roadmap Ü History of Operating Systems Ü Tasks of an Operating System Ü OS as extension of the hardware Ü Main concepts: processes, files, system calls Ü Operating system structuring 3

Operating Systems Concepts Ü System software manages resources Ü OS hides complexity of underlying Operating Systems Concepts Ü System software manages resources Ü OS hides complexity of underlying hardware Ü Layered architectures Banking system Airline reservation Web browser Compilers Editors Command interpreter Application programs System programs Operating system Machine language Microprogramming Hardware Physical devices 4

History of operating systems Ü Batch processing The elements of the basic IBM 1401 History of operating systems Ü Batch processing The elements of the basic IBM 1401 system are the 1401 Processing Unit, 1402 Card Read-Punch, and 1403 Printer. Ü Punching cards Multiprocessing programming Job 3 Job 2 Job 1 OS Memory partitions 5

Evolution of OS Functionality Ü Batch Job Processing –Linkage of library routines to programs Evolution of OS Functionality Ü Batch Job Processing –Linkage of library routines to programs –Management of files, I/O devices, secondary storage Ü Multiprogramming –Resource managment and sharing for multiple programs –Quasi-simultaneous program execution –Single user 6

Evolution of OS Functionality Ü Multiuser/Timesharing Systems –Management of multiple simultaneous users interconnected via Evolution of OS Functionality Ü Multiuser/Timesharing Systems –Management of multiple simultaneous users interconnected via terminals –Fair resource management: CPU scheduling, spooling, mutual exclusion Ü Real-Time Systems (process control systems) –Management of time-critical processes –High requirements with respect to reliability and availability 7

Tasks of an Operating System Ü Processor management - Scheduling –Fairness –Non-blocking behavior –Priorities Tasks of an Operating System Ü Processor management - Scheduling –Fairness –Non-blocking behavior –Priorities Ü Memory management –Virtual versus physical memory, memory hierarchy –Protection of competing/conurrent programs Ü Storage management – File system –Access to external storage media 8

Tasks of an Operating System Ü Device management –Hiding of hardware dependencies –Management of Tasks of an Operating System Ü Device management –Hiding of hardware dependencies –Management of concurrent accesses Ü Batch processing –Definition of an execution order; –throughput maximization 9

Kernel- and User Mode Programs Ü Typical functionality implemented in either mode: –Kernel and Kernel- and User Mode Programs Ü Typical functionality implemented in either mode: –Kernel and user mode Ü Kernel mode: Privileged mode Ü Strict assumptions about reliability/security of code Ü Memory resident –CPU-, memory-, Input/Output managment –Multiprocessor management, diagnosis, test –Parts of file system and of the networking interface 10

Kernel- and User Mode Programs Ü User Space: Ü More flexible Ü Simpler maintenance Kernel- and User Mode Programs Ü User Space: Ü More flexible Ü Simpler maintenance and debugging –Compiler, assembler, interpreter, linker/loader –File system management, telecommunication –network management –Editors, spreadsheets, user applications 11

Layered Model of OS Concepts No Name Typical Objects Typical Operations 1 Integrated circuits Layered Model of OS Concepts No Name Typical Objects Typical Operations 1 Integrated circuits register, gate, bus Nand, Nor, Exor 2 Machine language instruction counter, ALU Add, Move, Load, Store 3 Subroutine linkage procedure block Stack Call, JSR, RTS 4 Interrupts interrupt handlers Bus error, Reset 5 Simple processes 6 Local memory data block, I/O channel read, write, open, close 7 Virtual model page, frame read, write, swap 8 Process communication channel (pipe), message read, write, open 9 File management files read, write, open, copy process, semaphore wait, ready, execute 10 Device management ext. memory, terminals read, write 11 I/O data streams open, close, read, write 12 User processes user processes login, logout, fork 13 Directory management internal tables create, delete, modify 14 Graphical user interface window, menu, icon OS system calls 12

OS acts as Extension of Hardware Ü System view: layered model of OS –Implementation OS acts as Extension of Hardware Ü System view: layered model of OS –Implementation details on one layer are hidden from higher layers Ü Same machine, different operating systems: –IBM PC: DOS, Linux, Ne. XTSTEP, Windows NT, SCO Unix –DEC VAX: VMS, Ultrix-32, 4. 3 BSD UNIX 13

OS Acts as Extension of Hardware Ü Same OS, different machines: UNIX –PC (XENIX OS Acts as Extension of Hardware Ü Same OS, different machines: UNIX –PC (XENIX 286, APPLE A/UX) –CRAY-Y/MP (UNICOS - AT&T Sys V) –IBM 360/370 (Amdahl UNIX UTS/580, IBM UNIX AIX/ESA) Ü Windows XP (or Windows NT/2000) –Intel i 386 (i 486 an NT 4. 0), Alpha, Power. PC, MIPS, Itanium 14

Operating Systems Evolution 55 IOCS IBSYS 60 CTSS 65 DOS/360 70 75 DOS/VDSE MVS/370 Operating Systems Evolution 55 IOCS IBSYS 60 CTSS 65 DOS/360 70 75 DOS/VDSE MVS/370 SYSTEM III VS MVS/XA VM/XA SYSTEM V VS/ESA MVS/ES VM/ESA SYSTEM V. 4 RSX-11 M UNIXV. 7 VM/370 90 95 UNIX TSO 80 85 MULTICS CP/CM 5 VMS 1. 0 4. 1 BSD XENIX MS-DOS 1. 0 SUN OS 4. 2 BSD AIX POSIX MACH OSF/1 4. 3 BSD AIX/370 LINUX AIX/ESA SOLARIS 2 00 03 RT-11 4. 4 BSD CP/M OS/2 WIN 3. 0 VMS 5. 4 DR/DOS WIN 3. 1 WIN NT WIN 9 X VMS 7. 3 WIN 2000 LINUX 2. 6 SOLARIS 10 WIN XP WIN Server 2003 15

Main Concepts: processes Ü Processes, process table, core image Ü Command interpreter, shell Ü Main Concepts: processes Ü Processes, process table, core image Ü Command interpreter, shell Ü Child processes A new B finished ready C running D blocked E F Process tree Ü Scheduling, signals Ü User identification, group identification 16

Main Concepts: Files Root directory Ü Files, directories, root Ü Path, working directory Ü Main Concepts: Files Root directory Ü Files, directories, root Ü Path, working directory Ü Protection, rwx bits Ü File descriptor, handle tmp etc usr mia pit Ü Special files, I/O devices Ü Block I/O, character I/O Ü Standard input/output/error Ü pipes 17

Main concepts: system calls Ü User programs access OS services via system calls Ü Main concepts: system calls Ü User programs access OS services via system calls Ü Parameter transmission via trap, register, stack –count=read(file, buffer, nbytes); Ü 5 general classes of system calls: –Process control –File manipulation –Device manipulation –Information maintenance –communications 18

Main concepts: shell Ü Command interpreter Ü Displays prompt, implements input/output redirection Ü Background Main concepts: shell Ü Command interpreter Ü Displays prompt, implements input/output redirection Ü Background processes, job control, pseudo terminals $ date >file $ sort file 2 $ cat file 1 file 2 file 3 > /dev/lp 1 $ make all >log 2>&1 & 19

Structuring of Operating Systems Ü Monolithical systems Ü Unstructured Ü Supervisor call changes App Structuring of Operating Systems Ü Monolithical systems Ü Unstructured Ü Supervisor call changes App User Mode Kernel Mode System services from user mode into kernel mode OS procedures Hardware 20

Layered OS Ü Each layer is given access only to lower-level interfaces Application Program Layered OS Ü Each layer is given access only to lower-level interfaces Application Program User Mode Kernel Mode System Services File System Memory and I/O Device Management Processor Scheduling Hardware 21

Microkernel OS (Client/server OS) Ü Kernel implements: –Scheduling Client App Memory Server Network Server Microkernel OS (Client/server OS) Ü Kernel implements: –Scheduling Client App Memory Server Network Server –Memory Management –IPC Process Server File Server Ü User-mode servers Display Server User Mode Kernel Mode request Microkernel reply Hardware 22

Mach Microkernel OS Extended Memory Managment Paging handled by user-space server map memory object Mach Microkernel OS Extended Memory Managment Paging handled by user-space server map memory object (vm_map()) Client Lookup service Port: comm. endpoint, network-wide page faults get memory object netmsgsrv Kernel upcalls handles faults and consistency Pager advertise service Paging handled by user-space server 23

Mach Distributed Shared Memory System Ü Access remote memories, port access rights - ACL Mach Distributed Shared Memory System Ü Access remote memories, port access rights - ACL 24

Windows 2000/NT background/history Dave Cutler: Ü OS Developer at DEC since 1971 Ü RSX-11 Windows 2000/NT background/history Dave Cutler: Ü OS Developer at DEC since 1971 Ü RSX-11 M, PDP-11 (16 bit mini): Size is the Goal –Multitasking, hierarchical file system, real-time scheduling –Application swapping, utilities – 32 kb of memory (!) – 16 kb Kernel, 16 kb utilities, overlay structures, assembly language –Time-to-market: 18 months Ü Lack of address bits: VAX architecture (32 bit) –Most successful architecture in ´ 70 s and ´ 80 s 25

DEC (VMS) and MS Windows NT Ü VMS=Virtual Memory System Ü Cutler was leader DEC (VMS) and MS Windows NT Ü VMS=Virtual Memory System Ü Cutler was leader of VMS development effort Ü VAX-11 hardware had PDP-11 compatibility mode –RSX-11 M was the compatibility environment to be supported by VMS –Binary and file system compatibility Ü Biggest mistake: VMS written in assembly language –Size restrictions, no compiler available, engineering expertise 26

DEC (VMS) and MS Windows NT Ü Summer 88: call from Bill Gates –New DEC (VMS) and MS Windows NT Ü Summer 88: call from Bill Gates –New OS for PC architecture –Portability, security, POSIX, compatibility, multiprocessor, extensibility –Similar goals as for PDP-11/VAX transition Ü Windows NT came to market in 1993 27

Windows NT Origins Ü Design began in late 1988/early 1989 after Dave Cutler and Windows NT Origins Ü Design began in late 1988/early 1989 after Dave Cutler and a handful of Digital employees started at MS –Dave Cutler—legend in the operating system world –Internally, many similarities to Digital’s VMS (scheduling, memory management, I/O and driver model) –VMS+1=WNT just a coincidence Ü Original goal was replacement for OS/2 28

Windows NT Origins Ü Later goal changed to be: replacement for Windows 3. 0 Windows NT Origins Ü Later goal changed to be: replacement for Windows 3. 0 –The name “Windows NT” was born –NT=“New Technology” Ü But at a high level, the architecture and user interface are not really that “new” –as compared to most 32 -bit OS’s Ü The i 860 RISC CPU NT was originally targeted at was code named N-Ten 29

Windows NT Origins Ü Interesting book on the early years of NT: –Show-stopper!: The Windows NT Origins Ü Interesting book on the early years of NT: –Show-stopper!: The Breakneck Race to Create Windows NT and the Next Generation at Microsoft –By G. Pascal Zachary, ISBN: 0029356717 30

VMS and Windows NT Layered design for VAX/VMS OS Layered Products (Apps) Program Development VMS and Windows NT Layered design for VAX/VMS OS Layered Products (Apps) Program Development Tools Utilities Environment Subsystems User Mode System & Service Kernel. Processes Mode User Application Subsystem DLL OS/2 Windows POSIX Windows Support Libraries User Command Language Interpreter (CLI) Supervisor Record Management Service (RMS) Executive System services Kernel Memory Management I/O Subsystem Process and time management Executive Device Drivers Hardware Abstraction Layer (HAL) Kernel Windows User/GDI Device Driver Windows NT high-level architecture System-wide data structures Platform-Adaptation Layer (PAL) - Alpha 31

Release History Ü Product name has varied internally Ü each version identified by a Release History Ü Product name has varied internally Ü each version identified by a “build number” Ü Internal identification: –increments each time NT is built from source –(5 -6 times a week) Ü Interesting timeline: –http: //windows 2000. about. com/library/weekly/aa 010218 a. htm 32

Release History Build# 297 511 807 1057 1381 2195 2600 3790 4051 Version PDC Release History Build# 297 511 807 1057 1381 2195 2600 3790 4051 Version PDC developer release NT 3. 1 NT 3. 51 NT 4. 0 Windows 2000 (NT 5. 0) Windows XP (NT 5. 1) Windows Server 2003 (NT 5. 2) Longhorn PDC Developer Preview Date Jul 1992 Jul 1993 Sep 1994 May 1995 Jul 1996 Dec 1999 Aug 2001 Mar 2003 Oct 2003 33

Windows And Linux Evolution Ü Windows and Linux kernels are based on foundations developed Windows And Linux Evolution Ü Windows and Linux kernels are based on foundations developed in the mid-1970 s 1990 4. NT W W in do w s VM S NT v 1 3. 1 2000 1980 1990 2000 v 2. 2 v 2. 3. 4 v 2. 6 . 0 v 2 v 1 x nu Li V 6 IX UN UN IX bo r n pu b lic 1970 0 in do W ws in 2 d 0 Se ow 00 rv s X er P 20 03 1980. 0 1970 (see http: //www. levenez. com for diagrams showing history of Windows & Unix) 34

Further Reading Ü Dennis M. Ritchie, The Evolution of the Unix Time- sharing System, Further Reading Ü Dennis M. Ritchie, The Evolution of the Unix Time- sharing System, –in Proc. of Lang. Design and Programming Meth. Conf. , Sydney, Australia, Sept 1979, Lecture Notes in Computer Science #79, Springer-Verlag, 1980. Ü David Donald Miller, Open. VMS Operating System Concepts, – 2 nd Ed. , Digital Press, 1997. –History of Digital Operating Systems (pp. 447 ff. ) 35

Further Reading Ü Mark E. Russinovich and David A. Solomon, Microsoft Windows Internals, – Further Reading Ü Mark E. Russinovich and David A. Solomon, Microsoft Windows Internals, – 4 th Edition, Microsoft Press, 2004. –Historical Perspective (pp. xix ff. ) Ü G. Pascal Zachary, Show Stopper! The Breakneck Race to Create Windows NT and the Next Generation at Microsoft, –ISBN: 0029356717, Free Press, 1994 36

Windows Operating System Family Concepts & Tools 37 Windows Operating System Family Concepts & Tools 37

Roadmap for Section 1. 3. High-level Overview on Windows Concepts Ü Processes, Threads Ü Roadmap for Section 1. 3. High-level Overview on Windows Concepts Ü Processes, Threads Ü Virtual Memory, Protection Ü Objects and Handles Windows is thoroughly instrumented Ü Key monitoring tools Ü Extra resources at www. sysinternals. com 38

Requirements and Design Goals Ü Provide a true 32 -bit, preemptive, reentrant, virtual memory Requirements and Design Goals Ü Provide a true 32 -bit, preemptive, reentrant, virtual memory operating system Ü Run on multiple hardware architectures and platforms Ü Run/scale well on symmetric multiprocessing systems Ü Distributed computing platform (Client/Server) Ü Run most existing 16 -bit DOS and Windows 3. 1 apps Ü Meet government req. for POSIX 1003. 1 compliance Ü Meet government and industry req. for OS security 39

Requirements and Design Goals Ü Support Unicode Ü Extensibility –Code must be able to Requirements and Design Goals Ü Support Unicode Ü Extensibility –Code must be able to grow and change as market change Ü Portability –must be able to run on multiple hardware architectures and move with relative ease to new ones as market demands dictate Ü Reliability and Robustness –Protection against internal malfunction and external tampering –Apps should not be able to harm the OS or other running apps 40

Goals (contd. ) Ü Compatibility –UI and APIs should be compatible with older versions Goals (contd. ) Ü Compatibility –UI and APIs should be compatible with older versions of Windows as well as older OS such as MS-DOS –Should also interoperate well with UNIX, OS/2, and Net. Ware Ü Performance –Should be as fast/responsive as possible on each HW platform 41

Portability Ü HAL (Hardware Abstraction Layer): –support for x 86 (initial), MIPS (initial) –Alpha Portability Ü HAL (Hardware Abstraction Layer): –support for x 86 (initial), MIPS (initial) –Alpha AXP, Power. PC (NT 3. 51), Itanium (Windows XP/2003) –Machine-specific functions located in HAL Ü Layered design: –architecture-specific functions located in kernel 42

Portability Ü Windows NT/2000/XP/2003 kernel components are primarily written in C: –OS executive, utilities, Portability Ü Windows NT/2000/XP/2003 kernel components are primarily written in C: –OS executive, utilities, drivers –UI and graphics subsystem - written in C++ Ü HW-specific/performance-sensitive parts: –written in assembly language –int trap handler, context switching 43

Windows API & Subsystems Ü Windows API (application programming interface) –Common programming interface to Windows API & Subsystems Ü Windows API (application programming interface) –Common programming interface to Windows NT/2000/XP, Windows 95/98/ME and Windows CE –OS implement (different) subsets of the API –MSDN: http: //msdn. microsoft. com 44

Windows API & Subsystems Ü Windows supports multiple subsystems (APIs): –Windows (primary), POSIX, OS/2 Windows API & Subsystems Ü Windows supports multiple subsystems (APIs): –Windows (primary), POSIX, OS/2 –User space app access OS functionality via subsystems Ü Subsystems define APIs, process, file system semantics –OS/2 used to be primary subsystem for Windows NT 45

64 -bit vs. 32 -bit Windows APIs Ü Pointers and types derived from pointer 64 -bit vs. 32 -bit Windows APIs Ü Pointers and types derived from pointer are 64 -bit Ü A few others go 64 –e. g. WPARAM, LRESULT, SIZE_T Ü Rest are the same –e. g. , 32 -bit INT, DWRD, LONG 46

64 -bit vs. 32 -bit Windows APIs Ü Only 5 e replacement APIs! Ü 64 -bit vs. 32 -bit Windows APIs Ü Only 5 e replacement APIs! Ü 4 for Window/Class Data –Replaced by Polymorphic (_ptr) versions –Updated constants used by these APIs Ü 1 (_ptr) version for flat scroll bars properties 47

64 -bit vs. 32 -bit Windows APIs Win 32 and Win 64 are consistently 64 -bit vs. 32 -bit Windows APIs Win 32 and Win 64 are consistently named the Windows API Data Model int long pointer Win 32 ILP 32 32 Win 64 LLP 64 32 32 64 UNIXes LP 64 32 64 64 48

Services, Functions, and Routines Ü Windows API functions: –Documented, callable subroutines –Create. Process, Create. Services, Functions, and Routines Ü Windows API functions: –Documented, callable subroutines –Create. Process, Create. File, Get. Message Ü Windows system services: –Undocumented functions, callable from user space –Nt. Create. Process is used by Windows Create. Process and POSIX fork() as an internal service 49

Windows Internal Routines Ü Subroutines inside Windows executive/kernel/ HAL Ü Callable from kernel mode Windows Internal Routines Ü Subroutines inside Windows executive/kernel/ HAL Ü Callable from kernel mode only –(device driver, NT OS components) Ü For Example: –Ex. Allocate. Pool allocates memory on system heap 50

Windows Services: Ü Processes started by the Service Control Manager Ü Example: –The Schedule Windows Services: Ü Processes started by the Service Control Manager Ü Example: –The Schedule service supports the at-command 51

DLL (Dynamic Link Library) Ü Subroutines in binary format –contained in dynamically loadable files DLL (Dynamic Link Library) Ü Subroutines in binary format –contained in dynamically loadable files Ü Examples: –MSVCRT. DLL – MS Visual C++ run-time library –KERNEL 32. DLL – one of the Windows API libraries 52

Processes Ü Represents an instance of a running program –you create a process to Processes Ü Represents an instance of a running program –you create a process to run a program –starting an application creates a process Ü Process defined by: –Address space –Resources (e. g. open handles) –Security profile (token) 53

Threads Ü An execution context within a process Ü Unit of scheduling (threads run, Threads Ü An execution context within a process Ü Unit of scheduling (threads run, processes don’t run) Ü All threads in a process share same address space –can synchronize access to shared resources –(critical sections, mutexes, events, semaphores) Ü All threads in the system are scheduled as peers to all others, without regard to their “parent” process 54

Processes and Threads Per-process address space Thread System wide Address Space 55 Processes and Threads Per-process address space Thread System wide Address Space 55

Processes and Threads Ü System calls for process and thread creation: –Create. Process and Processes and Threads Ü System calls for process and thread creation: –Create. Process and Create. Thread Ü Primary argument to Create. Process is: –image file name (or command line) Ü Primary argument to Create. Thread is: –a function entry point address 56

Processes and Threads Ü Every process starts with one thread Ü First thread executes Processes and Threads Ü Every process starts with one thread Ü First thread executes the program’s “main” function –Can create other threads in the same process –Can create additional processes Ü Why divide an application into multiple threads? 57

Why Divide Process into Threads Ü Perceived user responsiveness Ü parallel/background execution Ü Examples: Why Divide Process into Threads Ü Perceived user responsiveness Ü parallel/background execution Ü Examples: Word background print –can continue to edit during print 58

Why Divide Process into Threads Ü Take advantage of multiple processors Ü On an Why Divide Process into Threads Ü Take advantage of multiple processors Ü On an MP system with n CPUs –n threads can literally run at the same time Ü Question: given a single threaded application, will adding a 2 nd processor make it run faster? 59

Why Divide Process into Threads Ü Does add complexity Ü Synchronization Ü Scalability well Why Divide Process into Threads Ü Does add complexity Ü Synchronization Ü Scalability well is a different question… –# of multiple runnable threads vs # CPUs –too many runnable threads causes excess context switch 60

A Process and Its Resources Access token Process object Handle table VAD VAD Virtual A Process and Its Resources Access token Process object Handle table VAD VAD Virtual address space descriptors (VADs) Object thread Access token 61

Virtual Memory Ü 32 -bit address space (4 GB) – 2 GB user space Virtual Memory Ü 32 -bit address space (4 GB) – 2 GB user space (per process) – 2 GB operating system Ü 64 -bit address space – 7192 GB user space (Itanium) – 8192 GB user space (x 64) –~6000 GB operating system Ü Memory manager maps virtual onto physical memory 62

Default 32 -bit Layout Unique per process 2 GB User Process space System wide Default 32 -bit Layout Unique per process 2 GB User Process space System wide 2 GB system Kernel/HAL Boot drivers System cache Paged pool Nonpaged pool 63

Memory Protection Model Ü No user process can touch another user process address space Memory Protection Model Ü No user process can touch another user process address space –without first opening a handle to the process, –which means passing through NT security Ü Separate process page tables prevent this Ü Current page table changed on context switch from a thread in 1 process to a thread in another process 64

Memory Protection Model Ü No user process can touch kernel memory Ü Page protection Memory Protection Model Ü No user process can touch kernel memory Ü Page protection in process page tables prevent this Ü OS pages only accessible from “kernel mode” –x 86: Ring 0, Itanium: Privilege Level 0 Ü Threads change from user to kernel mode and back (via a secure interface) to execute kernel code –Does not affect scheduling (not a context switch) 65

Kernel Mode vs. User Mode Ü No protection for components running in kernel mode Kernel Mode vs. User Mode Ü No protection for components running in kernel mode Ü Transition from user to kernel mode through special instruction (processor changes privilege level) –OS traps this instruction and validates arguments to syscalls –Transition from user to kernel mode does not affect thread scheduling 66

Kernel Mode vs. User Mode Ü Performance Counters: System/Processor/Process/ Thread – Privileged Time/User time Kernel Mode vs. User Mode Ü Performance Counters: System/Processor/Process/ Thread – Privileged Time/User time –Windows kernel is thoroughly instrumented –Hundreds of performance counters throughout the system Ü Performance Monitor – perfmon. msc - MMC snap in 67

Performance Monitor 68 Performance Monitor 68

Objects and Handles Ü Process, thread, file, event objects in Windows are mapped on Objects and Handles Ü Process, thread, file, event objects in Windows are mapped on NT executive objects Ü Object services read/write object attributes Ü Objects: – Human-readable names for system resources – Resource sharing among processes – Resource protection against unauthorized access 69

Objects and Handles Ü Security/Protection based on NT executive objects Ü 2 forms of Objects and Handles Ü Security/Protection based on NT executive objects Ü 2 forms of access control: Ü Discretionary control: –read/write/access rights Ü Privileged access: –administrator may take ownership of files 70

Networking Ü Integral, application-transparent networking services –Basic file and print sharing and using services Networking Ü Integral, application-transparent networking services –Basic file and print sharing and using services Ü A platform for distributed applications –Application-level inter-process communication (IPC) Ü Windows provides an expandable platform for other network components 71

Security Ü Windows 2000 supports C 2 -level security –Do. D 5200. 23 -STD, Security Ü Windows 2000 supports C 2 -level security –Do. D 5200. 23 -STD, December 1985 Ü Discretionary protection (need-to-know) for shareable system objects –files, directories, processes, threads) Ü Security auditing –accountability of subjects and their actions) Ü Password authentication at logon Ü Prevention of access to un-initialized resources –memory, disk space 72

Security Ü Windows NT 3. 51 was formally evaluated for C 2 Ü Windows Security Ü Windows NT 3. 51 was formally evaluated for C 2 Ü Windows NT 4. 0 SP 6 a passed C 2 in December 1999 –Networked workstation configuration Ü European IT Security Criteria FC 2/E 3 security level 73

Registry Ü System wide software settings: –boot & configuration info Ü Security database Ü Registry Ü System wide software settings: –boot & configuration info Ü Security database Ü Per-user profile settings Ü In-memory volatile data (current hardware state) –What devices are loaded? –Resources used by devices –Performance counters are accessed through registry functions 74

Registry Ü Regedit. exe used to view/modify registry settings –HKEY_LOCAL_MACHINESystemCurrent. Control. SetControl –HKEY_LOCAL_MACHINESystemCurrent. Control. Registry Ü Regedit. exe used to view/modify registry settings –HKEY_LOCAL_MACHINESystemCurrent. Control. SetControl –HKEY_LOCAL_MACHINESystemCurrent. Control. SetServices –HKEY_LOCAL_MACHINESoftware 75

Unicode Ü Most internal text strings are stored/processed as 16 -bit wide Unicode strings Unicode Ü Most internal text strings are stored/processed as 16 -bit wide Unicode strings Ü Windows API string functions have 2 versions Ü Unicode (wide) version – L“This string uses 16 -bit characters“ Ü ANSI(narrow) version – “This string uses 8 -bit characters“ 76

Unicode Ü Generic character representation in Windows API – _T (“This string uses generic Unicode Ü Generic character representation in Windows API – _T (“This string uses generic characters“) Ü Win 95/98/ME have Win API but no Unicode characters Ü Win CE has Windows API but Unicode characters only 77

Tools Used to Dig In Ü Many tools available to dig into Windows internals Tools Used to Dig In Ü Many tools available to dig into Windows internals –Helps to see internals behavior “in action” Ü We’ll use these tools to explore the internals –Many of these tools are also used in the labs 78

Tools Used to Dig In Ü Several sources of tools –Support Tools –Resource Kit Tools Used to Dig In Ü Several sources of tools –Support Tools –Resource Kit Tools –Debugging Tools –Sysinternals. com Ü Additional tool packages with internals information –Platform Software Development Kit (SDK) –Device Driver Development Kit (DDK) 79

Tools for Viewing Windows Internals Tool Image Name Origin Startup Programs Viewer Dependency Walker Tools for Viewing Windows Internals Tool Image Name Origin Startup Programs Viewer Dependency Walker DLL List EFS Information Dumper File Monitor Global Flags Handle Viewer Junction tool Kernel debuggers AUTORUNS DEPENDS LISTDLLS EFSDUMP FILEMON GFLAGS HANDLE JUNCTION WINDBG, KD Live Kernel Debugging Logon Sessions Object Viewer Open Handles Page Fault Monitor LIVEKD LOGINSESSIONS WINOBJ OH PFMON Pending File Moves PENDMOVES www. sysinternals. com Support Tools, Platform SDK www. sysinternals. com* www. sysinternals. com Support Tools www. sysinternals. com Debugging tools, Platform SDK, Windows DDK www. sysinternals. com Resource kits Support Tools, Resource kits, Platform SDK www. sysinternals. com 80

Tools for Viewing Windows Internals Tool Image Name Origin Performance tool Pipe. List tool Tools for Viewing Windows Internals Tool Image Name Origin Performance tool Pipe. List tool Pool Monitor Process Explorer Get SID tool Process Statistics PERFMON. MSC PIPELIST POOLMON PROCEXP PSGETSID PSTAT Windows built-in tool www. sysinternals. com Support Tools, Windows DDK www. sysinternals. com Support Tools, Windows 2000 Resource kits, Platform SDK, www. reskit. com Process Viewer Quick Slice Registry Monitor Service Control PVIEWER (in the Support Tools) or PVIEW (in the Platform SDK) QSLICE REGMON SC Task (Process) List Task Manager TDImon TLIST TASKMGR TDIMON Platform SDK Windows 2000 resource kits www. sysinternals. com Windows XP, Platform SDK, Windows 2000 resource kits Debugging tools Windows built-in tool www. sysinternals. com 81

Support Tools Ü Tools that used to be in the NT 4 Resource Kit Support Tools Ü Tools that used to be in the NT 4 Resource Kit –Win 2 K: 40+ tools, Win. XP: 70+ tools Ü Located on Windows OS CD in supporttools Ü Not a subset of the Resource Kit –So, you have to install this and the Resource Kit Ü In NT 4, the NT 4 Server Resource Kit included the NT 4 Resource Kit Support Tools 82

Windows Resource Kit Tools Ü W 2 K Server Resource Kit Tools (Supplement 1 Windows Resource Kit Tools Ü W 2 K Server Resource Kit Tools (Supplement 1 is latest) –Not freely downloadable üComes with MSDN & Tech. Net, so most sites have it –May be installed on as many PCs as you want at one site –Installs fine on 2000/XP Professional (superset of 2000 Professional Resource Kit) Ü Windows XP Resource Kit: no tools, just documentation 83

Windows Resource Kit Tools Ü Windows Server 2003 Resource Kit Tools –Free download – Windows Resource Kit Tools Ü Windows Server 2003 Resource Kit Tools –Free download – visit –http: //www. microsoft. com/windows/reskits/default. asp –Tool updates are at http: //www. microsoft. com/windowsserver 2003/techinfo/reskit/too ls/default. mspx Ü NOTE: Windows 2000 Server Resource Kit has more tools than 2003 Resource Kit (225 vs 115. EXEs) –Many tools dropped due to lack of support –Tools are still officially unsupported üBut, can send bug reports to ntreskit@microsoft. com 84

Windows Debugging Tools Ü Separate package of advanced debugging tools –Installs on NT 4, Windows Debugging Tools Ü Separate package of advanced debugging tools –Installs on NT 4, Win 2000, XP, 2003 Ü Download latest version from: –http: //www. microsoft. com/whdc/ddk/debugging 85

Windows Debugging Tools Ü User-mode and kernel-mode debuggers –Kd – command line interface –Win. Windows Debugging Tools Ü User-mode and kernel-mode debuggers –Kd – command line interface –Win. Dbg – GUI interface (kernel debugging still mostly “command line”) –Allow exploring internal system state & data structures Ü Ntsd, Cdb – command line user-mode debugger (newer versions than what ships with OS) Ü Misc other tools (some are also in Support Tools): –kill, remote, tlist, –logger/logview (API logging tool), Autodump 86

Live Kernel Debugging Ü Useful for investigating internal system state not available from other Live Kernel Debugging Ü Useful for investigating internal system state not available from other tools –Previously, required 2 computers (host and target) –Target would be halted while host debugger in use Ü XP & Server 2003 support live local kernel debugging –Technically requires system to be booted /DEBUG to work correctly –You can edit kernel memory on the live system (!) –But, not all commands work 87

Live Kernel Debugging Ü Live. Kd (www. sysinternals. com) Ü Tricks standard Microsoft kernel Live Kernel Debugging Ü Live. Kd (www. sysinternals. com) Ü Tricks standard Microsoft kernel debuggers into thinking they are looking at a crash dump Ü Works on NT 4, Windows 2000, Windows XP, & Server 2003 Ü Was originally shipped on Inside W 2 K book CD-ROM Ü Now is free on Sysinternals 88

Live Kernel Debugging Ü Commands that fail in local kernel debugging work: –Kernel stacks Live Kernel Debugging Ü Commands that fail in local kernel debugging work: –Kernel stacks (!process, !thread) –Lm (list modules) –Can snapshot a live system (. dump) Ü Does not guarantee consistent view of system memory –Thus can loop or fail with access violation –Just quit and restart 89

Sysinternals Tools Ü Freeware tools from www. sysinternals. com –Written by Mark Russinovich & Sysinternals Tools Ü Freeware tools from www. sysinternals. com –Written by Mark Russinovich & Bryce Cogswell Ü Useful for developers, system administrators, and power users –Most popular: Filemon, Regmon, Process Explorer Ü Generated via reverse engineering (no source access) 90

Sysinternals Tools Ü Require no installation –run them directly after downloading and unzipping Ü Sysinternals Tools Ü Require no installation –run them directly after downloading and unzipping Ü Many tools require administrative privileges –Some load a device driver Ü Tools regularly updated –so make sure to check for updated versions –Subscribe to free Sysinternals newsletter 91

Process Explorer (Sysinternals) Ü Super Task Manager Ü Shows full image path, command line, Process Explorer (Sysinternals) Ü Super Task Manager Ü Shows full image path, command line, Ü environment variables, parent process, Ü security access token, open handles, Ü loaded DLLs & mapped files 92

Process Explorer (Sysinternals) 93 Process Explorer (Sysinternals) 93

Platform SDK Ü Contains header files, libraries, documentation, & sample code for entire Windows Platform SDK Ü Contains header files, libraries, documentation, & sample code for entire Windows “platform” API – 14 separate SDKs –Core SDK contains core services, COM, messaging, active directory, management, etc. Ü Freely downloadable from www. microsoft. com/msdownload/platformsdk/sdkupdate –Part of MSDN Professional (or higher) subscription 94

Platform SDK Ü Always matches operating system revision –E. g. Platform SDK revised with Platform SDK Ü Always matches operating system revision –E. g. Platform SDK revised with new release (or beta) as new APIs are added Ü Not absolutely required for Win 32 development –because VC++ comes with the Win 32 API header files Ü but…VC++ headers, libs, doc won’t reflect APIs added after VC++ was mastered Ü Also provides a few tools (e. g. Win. Obj, Working Set Tuner) not available elsewhere 95

Further Reading Ü Microsoft Windows Internals –By Mark E. Russinovich and David A. Solomon, Further Reading Ü Microsoft Windows Internals –By Mark E. Russinovich and David A. Solomon, Ü 4 th Edition, Microsoft Press, 2004. Ü Concepts and Tools (pp. 1 ff. ) Ü Digging into Windows Internals (pp. 25 ff. ) 96

Windows Roadmap Windows Roadmap

Windows Client Roadmap 2004 H 2 2005 H 1 Future Service Pack 2 “Lonestar” Windows Client Roadmap 2004 H 2 2005 H 1 Future Service Pack 2 “Lonestar” Beta 64 bit for Extended Systems

Windows Server Roadmap 2003 2005 H 1 2005 H 2 Future Service Pack 1 Windows Server Roadmap 2003 2005 H 1 2005 H 2 Future Service Pack 1 R 2 Service Pack 2

Thoughts Change Life 意念改变生活 Thoughts Change Life 意念改变生活