160 likes | 357 Views
Windows Under the Hood. The Registry. Stores information on everything Windows Found in WindowsSystem32config if you want to know Rarely do we go straight to the Registry; use Device Manager, Control Panel Regedit or Regedt32 will get you to same place; Start | Run
E N D
The Registry • Stores information on everything Windows • Found in Windows\System32\config if you want to know • Rarely do we go straight to the Registry; use Device Manager, Control Panel • Regedit or Regedt32 will get you to same place; Start | Run • Be careful, you can break Windows easily
Registry Root Keys • HKEY_CLASSES_ROOT; class objects, file associations, type of icon, program to open it • HKEY_CURRENT_USER; current user preferences, desktop color and pattern • HKEY_USERS; All users for the computer • HKEY_LOCAL_MACHINE (HKLM); system’s non-user-specific configurations • HKEY_CURRENT_CONFIG; hardware currently being used
Registry Edits • Use either program: REGEDIT or REGEDT32 • Make a backup before you change anything (File | Export) – use .REG extension • Be careful of value types if adding key(s) • Saves are automatic; no recovery from deletes
Types of Data in Registry • String value: any form of data • Binary value: Ones and zeros • Dword value: Binary but limited to 32-bits • Qword value: Binary but limited to 64-bits
XP Boot Process • System files start the boot process • NTLDR, boot.ini, and ntdetect.com (ntbootdd.sys); on system partition • Edit boot.ini from System | Advanced |Startup and Recovery • Later files: ntoskrnl.exe, hal.dll, Registry, device drivers and winlogon.exe found in boot partition (Windows)
System Partition Files • NTLDR – MBR starts it; reads Boot.ini to find Windows installations • Boot.ini uses Advanced RISC Computing (ARC) naming system to identify partitions; edit from System applet in Control Panel • Ntldr starts protected mode and then calls on ntdetect.com to find hardware
Vista/7 Boot • 32-bit BIOS scans for master boot record; loads boot sector; bootmgr • 64-bit UEFI loads bootmgr directly • Bootmgr asks which OS to load using Boot Configuration Data (BCD) file. Edit with bcdedit.exe; then loads winload.exe; then the OS kernel • Vista/7 boot files and the system files must all reside on the same partition
Processes, Services and Threads • Applications are processes loaded into RAM; have a window and end when you close the window • Processes without need for a window are called Services
Task Manager • One-stop place for Applications, Processes and Services • CTRL-SHIFT-ESC, CTRL-ALT-DELETE, Start|Run | taskmgr • Click View | Select Columns for Process Identifier (PID) • Can log off a user from Users tab if they did not
Task Manager, 2 • Applications tab; shows all running applications; go here to force application to stop • Processes tab; everything is a process; can end processes but for some, Windows won’t allow you to end them • Performance tab; quick check of what is going on – CPU use and memory use • Networking and Users tabs; not really exciting; can see how busy network is
Services Applet • Control Panel |Administrative Tools | Services • Click on Services button in Services pane of Task Manager • Run services.msc • Can start, or stop, a service from here; Windows will not let you stop critical services • This has services in alphabetic order where Task Manager does not
Performance Console • Object is a system component that is given a set of characteristics and is a single entity • Counters track specific information about objects • Lots of counters; not many books on the Console, read over Michael’s section
Performance – Vista and 7 • Reliability and Performance Monitor in Vista • Performance Monitor in 7 • Start with Performance Information and Tools in Control Panel • Wander with it to get a sense of what it can tell you – we will do that in lab sessions
Honorable Mention • Component Services: Allows sharing of objects between programs • Data Sources: Open DataBase Connectivity (ODBC); sharing of databases among programs