540 likes | 776 Views
Operating systems history. Windows 3.11 Windows 9x Windows NT Windows 2000 Windows 2003. Windows 2000 Key requirements. 32 Bit OS Demand Paged virtual memory Multiple hardware architectures Multiprocessor systems Networking Reliability and robustness POSIX Security.
E N D
Operating systems history • Windows 3.11 • Windows 9x • Windows NT • Windows 2000 • Windows 2003
Windows 2000 Key requirements • 32 Bit OS • Demand Paged virtual memory • Multiple hardware architectures • Multiprocessor systems • Networking • Reliability and robustness • POSIX • Security
Fundamental concepts What is a Process? An instance of a running program
Fundamental concepts What is a Thread ? An unit of execution
Fundamental concepts Threads Share the process address space
Fundamental concepts Why have multiple threads ? Perceived user responsiveness
Fundamental concepts • 4GB Address space • 2GB process space • 2GB system space
Kernel mode (ring 0) • The privileged mode of operation in which code has direct access to all hardware and all memory addresses. • Can access hardware directly. • Can access all of the memory on the computer. • Cannot be moved to the virtual memory page file on the hard disk. • Is processed at a higher priority than user mode processes.
User Mode (ring 3) • A less privileged processor mode than kernel mode and has no direct access to hardware. • Code running in user mode can run only in its own address space. • It uses the Windows APIs to request system services. • User mode processes have no direct access to hardware.
Fundamental concepts • No process can corrupt other process memory • No process can corrupt system memory • Threads change from user to kernel mode on system calls
Architecture overview מיפוי או תרגום של הפונקציות המתועדות (חשופות) של מערכת ההפעלה לפונקציות הפנימיות של מערכת ההפעלה (windows nt create file function > ntcreatefile)
Architecture overview Process & thread services I/O subsystem Inter process communication Undocumented – accessed through subsystem DLLS
Architecture overview Lowest level component of core OS Provides thread scheduling, interrupt dispatching, exception dispatching. Both executive and kernel are contained In NTOSKERNEL.EXE
Architecture overview Access to hardware devices. Translate user i/o functions to hardware specific i/o requests. Virtual device drivers – file system, network protocol.
Architecture overview Window management and graphic operations Win32k.sys Drawing, ui controls Prior nt4 was at user mode
Architecture overview Hardware abstraction layer Built for different hardware platforms. “Device driver for the motherboard”
Architecture overview Always on processes Idle process – fake process to account for idle cpu cycles System process – home for kernel mode system threads Smss.exe – session manager subsystem Csrss.exe – win32 subsystem Winlogon.exe – logon process Services.exe – service control manager Lsass.exe – local security authentication
Architecture overview • System process – home for kernel mode system threads • pieces of OS or driver code that run as independent threads • memory manager, swapper, file server driver • Created at boot time
Architecture overview Task scheduler Spooler Web server…
Architecture overview • All kernel components share a common address space. • Other 32 Bit OS have a similar design • Most OS and drivers are written in a portable language (C) • Kernel components use formal interfaces to interact with each other.
Symmetric multiprocessing • Everything is the same – no master/slave • Processors Share one memory space • A processor can reschedule what the other is doing
Environment subsystems • Subsystems DLLs • Translate documented system calls to internal undocumented NT system calls • Expose operating system calls • Posix, os/2 win32 • Ntdll.dll – interface to native system calls • Win32 is the primary subsystem • NT native API mapping of win32 www.sysinternals.com
Kernel mode components Contained in ntoskernel.exe Six variants of ntoskernel.exe
Kernel mode components • Key EXECUTIVE subsys components: • Process &threads manager • Memory manager • Security manager • i/o manager • Plug and play manager • Power manager • Cache manager • Accessed through subsystem DLLs
Kernel mode components • Key kernel subsys components: • Cpu abstraction • Context switching • Exception and interrupt dispatch
Management mechanisms • Registry • Win32 services • WMI
Management mechanisms • Registry • Windows Configuration database • Control drivers loading, process startup • System wide application settings • Per user settings • A window into in-memory system state • Remotely accessible
Management mechanisms • Registry • Read at: • Boot time • Logon time • Application startup • Changed at: • When you install software • System setting change • Regedt32, regedit
Management mechanisms • Registry • Read at: • Boot time • Logon time • Application startup • Changed at: • When you install software • System setting change
Management mechanisms • Win32 services • A service is • A process crested by the service control manager • Starts independent of user logon • Configured to start at boot time • No user interface
Management mechanisms Windows Management Instrumentation Works locally and remotely Bi-directional Extensible Natively scriptable
Processes and threads • Components of process • Private address space • Executable image • DLLs • Private storage • Working set – subset of virtual image • Access token • Table of open objects
Processes and threads • Components of thread • Execution context- (hardware state) • Two stacks – (user and kernel) • Scheduling state • Current and base priority • Current access mode • Thread access token
Processes and threads • Job object • Apply quotas and restriction to a group of processes. • Also useful to control a single process
Processes and threads • Controls of jobs • Total CPU time • Total active processes • Maximum priority for job • Which processors to run on • Security restrictions • Scheduling class
Processes exit and crashes • When does a process exit? • Call to exit process() • Last thread exits • Task manager demo
Processes and threads • Threads run, not processes • Most tools report current, not base priority
Processes and threads • Thread scheduling • No attempt to share processor(s) among processes • No guarantied execution period before preemption. • If higher than running thread, runs right away • If same or lower, waits its turn to run • Threads at the same priority each get a turn.
Processes and threads • Quantum – length of time a thread runs before another thread at the same priority gets a turn. • Length of quantum on server • 12 clock intervals • 120 ms if clock runs on 10 ms
Memory management • Memory manager features • Demand paged virtual memory • Supports up to 64 GB physical memory • Provides 4GB flat virtual address space • 3 states – commited, free, reserved • Shared memory • Mapped files • File mapping objects (in win32 API) • Bytes in file mapped to virtual address space
Memory management • Process address space (useraccessible) • Contains executable image (EXE) and dynamically linked libraries (DLLs) • Private storage • System address space (kernel mode) • Operating system image (NTOSKERNEL.exe) • HAL • Driver files • Kernel mode stacks • File system cache
Memory management • Virtual memory concepts • Applications reference “virtual address” • Page tables – hardware and software translators to physical address • Unit of protection and usage • Called page • X86 uses 4096 byte pages
Memory management • Methods for processes to share memory • Local procedure calls • Threads share address space • Process share memory sections • Called file mapping objects • Full NT security • Windows automatically shares sharable pages – code pages in .EXE • All win32 programs use common set of libraries (DLLs)
Memory management • Copy-on-write pages • Pages are originally set up as shared read only • Gives process a private copy upon write request • Saves physical memory, eliminates unnecessary copies.
How windows executes code The Windows operating system uses two modes to maintain operating system efficiency and integrity: user mode and kernel mode. The architecture of 80386 and higher processors defines four privilege levels, called rings, to protect system code and data from being overwritten inadvertently or maliciously by less privileged code. This is called the Intel Protection model.
How windows executes code Kernel mode (ring 0) is the privileged mode of operation in which code has direct access to all hardware and all memory addresses. Software that runs in kernel mode has the following attributes: It can access hardware directly. It can access all of the memory on the computer. It cannot be moved to the virtual memory page file on the hard disk. It is processed at a higher priority than user mode processes. User mode (ring 3) is a less privileged processor mode than kernel mode and has no direct access to hardware. Code running in user mode can run only in its own address space. It uses the Windows APIs to request system services. User mode processes: Have no direct access to hardware.