1 / 51

Lecture 2 System architecture

Lecture 2 System architecture. xlanchen@03/04/2005. Review of last class. Win32 API and its functions System service (int 2e) Win32 services Process and threads in windows 2000 Virtual memory (0G~2G~4G) Kernel mode vs. user mode Objects and handles. Contents of this lecture.

osmond
Download Presentation

Lecture 2 System architecture

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Lecture 2 System architecture xlanchen@03/04/2005

  2. Review of last class • Win32 API and its functions • System service (int 2e) • Win32 services • Process and threads in windows 2000 • Virtual memory (0G~2G~4G) • Kernel mode vs. user mode • Objects and handles Understanding the Inside of Windows2000

  3. Contents of this lecture • Design goals • Operating system model • Key system components Understanding the Inside of Windows2000

  4. Design Goals • True 32-bit, pre-emptive, re-entrant, virtual memory • Multiple hardware platforms • Symmetric multi-processor architecture • Support networked computing • Support 16-bit MS-DOS and Win3.x apps • POSIX 1003.1 compliance • TCSEC C2 certification • Support Unicode Understanding the Inside of Windows2000

  5. Design Goals • Extensibility • Portability • Reliability and robustness • Compatibility • Performance Understanding the Inside of Windows2000

  6. Windows 2000 VS. Consumer Windows • Consumer Windows • Windows 95, Windows 98, and Windows Millennium Edition • Both are part of the "Windows family of operating systems • Sharing a common subset API (Win32 and COM) and in some cases operating system code • And WDM (Windows Driver Model) except 95 Understanding the Inside of Windows2000

  7. Windows 2000 VS. Consumer Windows • Multiprocessor systems, security • True 32-bit • Fully reentrant • Address space for 16-bit Windows applications • Visibility of shared memory • Writable system pages from user mode • Fully compatibility with MS-DOS and Windows 3.1 Understanding the Inside of Windows2000

  8. Operating system model • Similar to most UNIX systems • Kernel mode VS. User mode • most of OS and device driver code shares the same kernel-mode protected memory space • Then, Windows 2000 • Monolithic operating systemORMicrokernel-Based System Understanding the Inside of Windows2000

  9. Kernel-mode components and OO • Not an strict OO system • Follows Basic OO design principles • Mostly C not C++ • C doesn't directly support OO constructs, such as dynamic binding of data types, polymorphic functions, or class inheritance • What C brings? Understanding the Inside of Windows2000

  10. Portability • Windows 2000 achieves portability across hardware architectures and platforms in two primary ways • Layered design • Language C Understanding the Inside of Windows2000

  11. Multitasking vs. multiprocessing • Multitasking: sharing a single processor among multiple threads of execution • Multiprocessing • SMP vs. ASMP Understanding the Inside of Windows2000

  12. Understanding the Inside of Windows2000

  13. Architecture Overview • Key system components Understanding the Inside of Windows2000

  14. Architecture Overview • Four basic types of user-mode processes User applications Service processes Environment subsystems System support processes Understanding the Inside of Windows2000

  15. User mode processes [1] • Systemsupport processes • not Windows 2000 services (not started by the service control manager) • Example: • Logon process • Session manager Understanding the Inside of Windows2000

  16. User mode processes [2] • Service processes • Windows 2000 services • Example: • Task scheduler • Spooler • … Understanding the Inside of Windows2000

  17. User mode processes [3] • User applications • One of five types • Win32 • Windows 3.1 • MS-DOS • POSIX • OS/2 1.2 Understanding the Inside of Windows2000

  18. User mode processes [4] • Environment subsystems • Environment subsystems expose the native operating system services to user applications through a set of callable functions • Three environment subsystems • Win32, POSIX, and OS/2 Understanding the Inside of Windows2000

  19. Architecture Overview Subsystem DLLs Understanding the Inside of Windows2000

  20. Architecture Overview • Subsystem DLLs • User applicationsthrough one or more subsystem DLLs to call the native Windows 2000 operating system servicesindirectly • Role of the subsystem DLLs • Function  appropriate internal 2K system service calls • Sometimes, sending a message to the appropriate environment subsystem process Understanding the Inside of Windows2000

  21. Architecture Overview Kernel mode component Understanding the Inside of Windows2000

  22. Kernel mode component • Executive: Base OS services • memory management, process and thread management, security, I/O, and IPC • Kernel: low-level OS functions • thread scheduling, interrupt and exception dispatching, and multiprocessor synchronization • Device drivers • HAL = hardware abstraction layer • Windowing and graphics system Understanding the Inside of Windows2000

  23. Core Windows 2000 System Files • Ntoskrnl.exe • Executive and kernel • Ntkrnlpa.exe • Executive and kernel with support for PAE • Hal.dll • Different hardware platform has different HAL User mode Kernel mode Ntoskrnl.exe Hal.dll Understanding the Inside of Windows2000

  24. Core Windows 2000 System Files • Kernel32.dll • Win32 API functions • Advapi32.dll • Advance application interface • Ntdll.dll • Internal support functions • system service dispatch stubs Core Win32 subsystem DLLs Understanding the Inside of Windows2000

  25. Core Windows 2000 System Files • Why kernel32/advapi32 + Ntdll? Advapi32.dll Kernel32.dll Ntdll.dll User mode int 0x2e Kernel mode Ntoskrnl.exe Understanding the Inside of Windows2000

  26. Core Windows 2000 System Files • User32.dll • Gdi32.dll • Win32k.sys • a particular diver • Kernel-mode part of the Win32 subsystem Core Win32 subsystem DLLs User32.dll Gdi32.dll User mode int 0x2e Kernel mode Win32k.sys Understanding the Inside of Windows2000

  27. Key System Components • Windows 2000 archtecture Understanding the Inside of Windows2000

  28. Understanding the Inside of Windows2000

  29. Environment Subsystems and DLLs • Win32 subsystem • POSIX Subsystem • OS/2 Subsystem • See registry key HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems Understanding the Inside of Windows2000

  30. An example (your system may different) Understanding the Inside of Windows2000

  31. Win32 subsystem [1] • Implemented in the Csrss.exe process • Supports basic text windows • Creating and deleting Win32 processes/threads • and in the kernel mode driver WIN32K.SYS • Parts of the Windows manager (“User”) • Parts of the GDI • And in subsystem DLLs mapping Win32 calls onto NT supervisor functions • Kernel32.dll, Advapi32.dll User32.dll, Gdi32.dll • And Graphics device drivers Understanding the Inside of Windows2000

  32. Win32 subsystem [2] • E.g. App create windows by calling USER functions which call GDI functions which call graphic device drivers App Win32 (csrss.exe) User32.dll, Kernel32.dll, Gdi32.dll Ntdll.dll User mode Kernel mode Ntoskrnl.exe, win32k.sys Understanding the Inside of Windows2000

  33. Window manager and graphics • In win32 process or kernel • Prior to NT4.0 • Required multiple thread and process context switches which consumed considerable CPU cycles and memory resources • In NT4.0 • moving the windowing and graphics system into kernel mode Understanding the Inside of Windows2000

  34. POSIX Subsystem • a portable operating system interface based on UNIX • Standard: POSIX 1 • a mandatory goal for Windows 2000 • Fairly limited in usefulness Understanding the Inside of Windows2000

  35. OS/2 Subsystem • Supports only OS/2 1.2 16-bit character-based or video I/O (VIO) applications Understanding the Inside of Windows2000

  36. Key components (cont.) • NTDLL.DLL: • Stubs to Executive entry points • NTCreateFile, NtSetEvent etc. • Support functions for subsystems Understanding the Inside of Windows2000

  37. Key components (cont.) • Executive (Ntoskrnl.exe), include • Functions • User mode callable or kernel mode callable • components • Such as configuration manager, process and thread manager, I/O manager, plug and play manager, power manager, virtual memory manager, and so on. • Support functions • Object manager, LPC, synchronisation primitives Understanding the Inside of Windows2000

  38. Key components (cont.) • Kernel (in Ntoskrnl.exe) • provide fundamental mechanisms used by the executive components • Kernel objects, thread scheduling, trap and exception handling, interrupt handling Understanding the Inside of Windows2000

  39. Ntoskrnl.exe Understanding the Inside of Windows2000

  40. Key components (cont.) • Hardware Abstraction Layer (Hal.dll) • List of Hals • Hal.dll for Standard PCs • Halacpi.dll for ACPI PCs • Halapic.dll for APIC PCs • Halaacpi.dll for APIC ACPI PCs • Halmps.dll for Multiprocessor PCs • Halmacpi.dll for Multiprocessor ACPI PCs • Halborg.dll for Silicon Graphics Workstation (no longer marketed) • Halsp.dll for Compaq SystemPro Hal.dll Hardware Understanding the Inside of Windows2000

  41. Key components (cont.) • EXPERIMENT: Determining Which HAL You're Running • Open \Winnt\Repair\Setup.log, search for Hal.dll Or, • In Device Manager, look at the Computer device(My ComputerPropertiesHardwareDevice Manager) • ACPI= Advanced Configuration and Power Interface • APIC= Advanced Programmable Interrupt Controller Understanding the Inside of Windows2000

  42. Key components (cont.) • Device Drivers • loadable kernel-mode modules (mostly .sys) • run in kernel mode in one of three contexts • a user thread that initiated an I/O function • a kernel-mode system thread • an interrupt handling I/O Manager Drivers HAL Hardware Understanding the Inside of Windows2000

  43. Device drivers • Types of device drivers • Hardware device drivers • Handle different physical devices • File system drivers • Implement file abstraction • File system filter drivers • e.g. disk mirroring, encryption and so on • Network redirectors and servers • Transmit I/O requests across network • Protocol drivers • Kernel streaming filter drivers Understanding the Inside of Windows2000

  44. EXPERIMENTViewing the Installed Device Drivers • Run msinfo32 • An example: Understanding the Inside of Windows2000

  45. Understanding the Inside of Windows2000

  46. Undocumented functions • EXPERIMENTListing Undocumented Functions • Depends.exe open system32\Ntoskrnel.exe • An example: Understanding the Inside of Windows2000

  47. Understanding the Inside of Windows2000

  48. System processes • System process (0)Idle process System (8)System process smss.exe (144)Session manager csrss.exe (172) Win32 subsystem process winlogon.exe (192) Logon process services.exe (220) Service control manager svchost.exe (384)Generic service host image spoolsv.exe (480) Spooler service regsvc.exe (636) Remote registry servicemstask.exe (664) Task scheduler service lsass.exe (232) Local security authentication server Understanding the Inside of Windows2000

  49. System Processes • Idle Process (ID 0) • System process • Always process ID 8 • The home for kernel mode system threads • Session Manager (SMSS.EXE) • First user-mode process • Completes system initialization • Win32 subsystem (csrss.exe) • Logon (winlogon.exe) Understanding the Inside of Windows2000

  50. Logon (winlogon.exe) • Handles interactive user logons and logoffs • SAS: Ctrl+Alt+Delete • Calls Userinit.exe to create user proc • performs some initialization • creates a process to run the system-defined shell (Explorer.exe) • Exit • Local Security Authentication Server (Lsass.exe) • Validates authentication data and creates access token Understanding the Inside of Windows2000

More Related