SlideShare une entreprise Scribd logo

Operating Systems 1 (4/12) - Architectures (Windows)

Peter Tröger
Peter Tröger

Some architectural details of the Windows operating system family.

Formation
1  sur  28
Télécharger pour lire hors ligne
Operating System Architectures - Windows Beuth Hochschule Summer Term 2014
Operating Systems I PT / FF 2014 Example: Windows Operating System Family • Since Windows XP (2001), all kernels are successors of the original NT development • Requirements for the original NT project • Provide a true 32-bit, preemptive, reentrant, virtual memory operating system • Run on multiple hardware architectures and platforms • Run and scale well on symmetric multiprocessing systems • Be a great distributed computing platform (Client & Server) • Run most existing 16-bit MS-DOS and Microsoft Windows 3.1 applications • Meet government requirements for POSIX 1003.1 compliance and security • Meet government and industry requirements for operating system security • Be easily adaptable to the global market by supporting Unicode 2
Operating Systems I PT / FF 2014 Windows Operating System Family • Extensibility: Code must be able to grow and change as market requirements change. • Portability: The system must be able to run on multiple hardware architectures and must be able to move with relative ease to new ones as market demands dictate. • Dependability: Protection against internal malfunction and external tampering. • Applications should not be able to harm the OS or other running applications. • Compatibility: User interface and APIs should be compatible with older versions of Windows as well as older operating systems such as MS-DOS. • It should also interoperate well with UNIX, OS/2, and NetWare. • Performance: Within the constraints of the other design goals, the system should be as fast and responsive as possible on each hardware platform. 3
Operating Systems I PT / FF 2014 Windows Versions • Each Windows version comes in different flavors differing in ... • ... number of physical processors being supported (not cores) • ... amount of physical memory supported • ... number of concurrent network connections supported • ... support for TabletPC and/or Media Center Edition • ... more than 100 configurable software licensing values (e.g. BitLocker, DVD burn) • Example: • Windows Server 2008 Standard Edition: max. 4 CPUs, max. 32 GB RAM • Windows Server 2008 Datacenter Edition: max. 64 CPUs, max. 2048 GB RAM • All flavors of one version are built from the same core components 4
Operating Systems I PT / FF 2014 Simplified Windows Architecture 5 dowsdows on architectureson architectures Tools OS/2 Windows POSIX Environment Subsystems User Application Subsystem DLL User Mode Kernel Mode System & Service Processes Windows Windows User/GDI Device Driver Executive Device Drivers Kernel Hardware Abstraction Layer (HAL) Mode
Operating Systems I PT / FF 2014 Windows Portability • Past and present: x86 (initial), MIPS (initial), Alpha AXP (initial), PowerPC (NT 3.51), Itanium (Windows XP/2003), ARM (Windows 8) instruction set architectures • PowerPC and MIPS dropped soon after NT 4 release, Alpha AXP dropped in 1999 
 (supported through SP6) • Layered design: Architecture-specific functions located in kernel • Windows kernel components are primarily written in C (executive, drivers) • UI and graphics subsystem are written in C++ • HW-specific/performance-sensitive parts written in assembly language 
 (e.g. interrupt trap handler, context switching) • HAL (Hardware Abstraction Layer) • Machine-specific functions located in HAL • Became pluggable in Windows 8 to support different core components 
 (e.g. separate drivers for the interrupt controller) 6
Operating Systems I PT / FF 2014 Windows Hardware Abstraction Layer (HAL) • Responsible for a small part of “hardware abstraction” - 
 components on the motherboard not handled by drivers • System timers, Cache coherency, and flushing, SMP, interrupt priorities • Subroutine library for the kernel & device drivers • Isolates Kernel and Executive from platform-specific details • Presents uniform model of I/O hardware interface to drivers • Windows Vista and later automatically detect HAL version to be used on startup • HAL also implements some functions that appear to be in the Executive and Kernel • Selected at installation time, can select manually at boot time with /HAL= in boot.ini • Special kit only for vendors that must write custom HALs (requires MS approval) 7 Program Development Tools Layered Products (Apps) Layered design for VAX/VMS operating system OS/2 Windows POSIX Environment Subsystems User Application Subsystem DLL User Mode Kernel Mode System & Service Processes Windows 46 System-wide data structures Memory Management I/O Subsystem Process and time management System services Kernel Record Management Service (RMS) Executive Command Language Interpreter (CLI) Supervisor Platform-Adaptation Layer (PAL) - Alpha Support LibrariesUtilities User Windows high-level architecture Windows User/GDI Device Driver Executive Device Drivers Kernel Hardware Abstraction Layer (HAL) Mode
Operating Systems I PT / FF 2014 Windows Hardware Abstraction Layer (HAL) 8 HalBugCheckSystem This function stops the system because of an uncorrectable hardware error. KeAcquireSpinLock The KeAcquireSpinLock routine acquires a spin lock so the caller can synchronize access to shared data in a multiprocessor-safe way by raising IRQL. HalAllocateHardwareCounters The HalAllocateHardwareCounters routine allocates a set of hardware performance counters. HalProcessorIdle Enter power saving mode of the CPU hardware HalQueryRealTimeClock Initialize system time KeQueryPerformanceCounter The KeQueryPerformanceCounter routine provides the finest grained running count available in the system, can disable system-wide interrupts for a minimal interval. READ_PORT_UCHAR READ_PORT_UCHAR returns the byte that is read from the specified port address. geoffchappell.com Program Development Tools Layered Products (Apps) Layered design for VAX/VMS operating system OS/2 Windows POSIX Environment Subsystems User Application Subsystem DLL User Mode Kernel Mode System & Service Processes Windows 46 System-wide data structures Memory Management I/O Subsystem Process and time management System services Kernel Record Management Service (RMS) Executive Command Language Interpreter (CLI) Supervisor Platform-Adaptation Layer (PAL) - Alpha Support LibrariesUtilities User Windows high-level architecture Windows User/GDI Device Driver Executive Device Drivers Kernel Hardware Abstraction Layer (HAL) Mode
Operating Systems I PT / FF 2014 Simplified Windows Architecture 9 dowsdows on architectureson architectures Tools OS/2 Windows POSIX Environment Subsystems User Application Subsystem DLL User Mode Kernel Mode System & Service Processes Windows Windows User/GDI Device Driver Executive Device Drivers Kernel Hardware Abstraction Layer (HAL) Mode
Operating Systems I PT / FF 2014 Windows Kernel • Lower layers of the operating system • Implements processor-dependent functions (x86 vs. Itanium etc.) • Also implements many processor-independent functions that are closely associated with processor-dependent functions • Main services • Thread waiting, scheduling & context switching • Exception and interrupt dispatching • Operating system synchronization primitives (different for MP vs. UP) , 
 a few of them are exposed to user mode • Not a classic “microkernel”, since it shares the memory with rest of the kernel 10 Program Development Tools Layered Products (Apps) Layered design for VAX/VMS operating system OS/2 Windows POSIX Environment Subsystems User Application Subsystem DLL User Mode Kernel Mode System & Service Processes Windows 46 System-wide data structures Memory Management I/O Subsystem Process and time management System services Kernel Record Management Service (RMS) Executive Command Language Interpreter (CLI) Supervisor Platform-Adaptation Layer (PAL) - Alpha Support LibrariesUtilities User Windows high-level architecture Windows User/GDI Device Driver Executive Device Drivers Kernel Hardware Abstraction Layer (HAL) Mode
Operating Systems I PT / FF 2014 Simplified Windows Architecture 11 dowsdows on architectureson architectures Tools OS/2 Windows POSIX Environment Subsystems User Application Subsystem DLL User Mode Kernel Mode System & Service Processes Windows Windows User/GDI Device Driver Executive Device Drivers Kernel Hardware Abstraction Layer (HAL) Mode
Operating Systems I PT / FF 2014 Windows Device Drivers • Device drivers (*.sys) • Hardware device drivers translate user I/O function calls into specific hardware device I/O requests, based on kernel and HAL functions • Concept of virtual devices - system volumes and network protocols • Programming models over the years: Windows NT driver model, Windows Driver Model (WDM) since Windows 2000, Windows Driver Foundation (WDF) since Vista • Windowing and Graphics Driver (Win32k.sys) • Graphical user interface (GUI) functions (USER and GDI) • Windows, user interface controls, and drawing • Hardware Abstraction Layer (Hal.dll) in itself is a driver 12 Program Development Tools Layered Products (Apps) Layered design for VAX/VMS operating system OS/2 Windows POSIX Environment Subsystems User Application Subsystem DLL User Mode Kernel Mode System & Service Processes Windows 46 System-wide data structures Memory Management I/O Subsystem Process and time management System services Kernel Record Management Service (RMS) Executive Command Language Interpreter (CLI) Supervisor Platform-Adaptation Layer (PAL) - Alpha Support LibrariesUtilities User Windows high-level architecture Windows User/GDI Device Driver Executive Device Drivers Kernel Hardware Abstraction Layer (HAL) Mode
Operating Systems I PT / FF 2014 Windows Device Drivers • Separate loadable modules (drivername.SYS) • Linked like .EXE files • Typically linked against NTOSKRNL.EXE and HAL.DLL • Only one version of each driver binary for both 
 uniprocessor (UP) and multiprocessor (MP) systems -
 driver relies on kernel support for the according management • Several types • “ordinary”, file system drivers, NDIS mini-port drivers, SCSI mini-port drivers 
 (linked against port drivers), bus drivers • Use driverquery /v to list loaded drivers • drivers.exe from resource kit for older Windows versions 13 – Typically linked against NTOSKRNL.EXE and HAL.DLL – Only one version of each driver binary for both uniprocessor (UP) and multiprocessor (MP) systems… – …  but  drivers  call  routines  in  the  kernel  that  behave  differently  for  UP  vs.  MP  Versions • Defined in registry • Several types: – “ordinary”,  file  system,  NDIS  miniport,   SCSI miniport (linked against port drivers), bus drivers – More information in I/O subsystem section • To view loaded drivers, run drivers.exe – Also see list at end of output from pstat.exe – includes addresses of each driver • To update & control: – System properties->Hardware Tab->Device Manager – Computer Management->Software Environment->Drivers 16 File System Driver Port Driver Port Driver RAID Driver Program Development Tools Layered Products (Apps) Layered design for VAX/VMS operating system OS/2 Windows POSIX Environment Subsystems User Application Subsystem DLL User Mode Kernel Mode System & Service Processes Windows 46 System-wide data structures Memory Management I/O Subsystem Process and time management System services Kernel Record Management Service (RMS) Executive Command Language Interpreter (CLI) Supervisor Platform-Adaptation Layer (PAL) - Alpha Support LibrariesUtilities User Windows high-level architecture Windows User/GDI Device Driver Executive Device Drivers Kernel Hardware Abstraction Layer (HAL) Mode
Operating Systems I PT / FF 2014 Simplified Windows Architecture 14 dowsdows on architectureson architectures Tools OS/2 Windows POSIX Environment Subsystems User Application Subsystem DLL User Mode Kernel Mode System & Service Processes Windows Windows User/GDI Device Driver Executive Device Drivers Kernel Hardware Abstraction Layer (HAL) Mode
Operating Systems I PT / FF 2014 Windows Executive • Upper layer of the operating system • Process and thread manager - additional semantics to lower level objects • Object manager - manages representation of resources • Configuration manager - implementation of the system registry • Memory manager / cache manager - implementation of virtual memory • Security reference monitor (SRM) - policy enforcement, auditing, object protection • I/O manager - device-independent I/O dispatching • Power manager, Plug-and-Play manager, LPC (local procedure call) facility • Almost completely portable C code, runs in kernel mode • Most interfaces to executive services not officially documented 15 Program Development Tools Layered Products (Apps) Layered design for VAX/VMS operating system OS/2 Windows POSIX Environment Subsystems User Application Subsystem DLL User Mode Kernel Mode System & Service Processes Windows 46 System-wide data structures Memory Management I/O Subsystem Process and time management System services Kernel Record Management Service (RMS) Executive Command Language Interpreter (CLI) Supervisor Platform-Adaptation Layer (PAL) - Alpha Support LibrariesUtilities User Windows high-level architecture Windows User/GDI Device Driver Executive Device Drivers Kernel Hardware Abstraction Layer (HAL) Mode
Operating Systems I PT / FF 2014 Simplified Windows Architecture 16 dowsdows on architectureson architectures Tools OS/2 Windows POSIX Environment Subsystems User Application Subsystem DLL User Mode Kernel Mode System & Service Processes Windows Windows User/GDI Device Driver Executive Device Drivers Kernel Hardware Abstraction Layer (HAL) Mode
Operating Systems I PT / FF 2014 Windows Subsystem • Documented callable Windows API functions • Examples: CreateProcess, CreateFile, GetMessage • Subsystem DLLs translate Windows API calls to NTOSKRNL.EXE and WIN32K.SYS system service calls • Undocumented functions, callable from user space • Example: NtCreateProcess is used by Windows CreateProcess and POSIX fork() • Prior to Windows NT 4.0, the window manager and graphics services were part of the user-mode Win32 subsystem process - more stable ? • Internal routines of the Windows subsystem • Callable only from kernel mode, such as ExAllocatePool for Windows system heap 17 Program Development Tools Layered Products (Apps) Layered design for VAX/VMS operating system OS/2 Windows POSIX Environment Subsystems User Application Subsystem DLL User Mode Kernel Mode System & Service Processes Windows 46 System-wide data structures Memory Management I/O Subsystem Process and time management System services Kernel Record Management Service (RMS) Executive Command Language Interpreter (CLI) Supervisor Platform-Adaptation Layer (PAL) - Alpha Support LibrariesUtilities User Windows high-level architecture Windows User/GDI Device Driver Executive Device Drivers Kernel Hardware Abstraction Layer (HAL) Mode
Operating Systems I PT / FF 2014 Calling Windows Kernel from User Mode • Kernel-mode functions are invoked from user mode via a protected mechanism • x86: INT 2E (as of XP: SYSENTER on x86, SYSCALL on AMD) • Last thing that happens in user mode is this “change mode to kernel” instruction • Causes an exception or interrupt, handled by the system service dispatcher (KiSystemService) in kernel mode • Return to user mode is done by dismissing the interrupt or exception • The desired system function is selected by the “system service number” • Every Windows function exported to user mode has a unique number • This number is stored in a register just before the “change mode” instruction • This number is an index into the system service dispatch table • Table gives kernel-mode entry point address and argument list length for each function 18
Operating Systems I PT / FF 2014 Calling Windows Kernel from User Mode • All validity checks are done after the user to kernel mode transition • KiSystemService: probes argument list, copies it to kernel-mode stack, 
 calls the executive or kernel routine pointed to by the table • Service-specific routine checks argument values, probes pointed-to buffers, etc. • Once past that point, everything is “trusted” • This is safe, because: • System service table is in kernel-protected memory • Kernel mode routines pointed to by the system service table are in kernel-protected memory • User mode code can’t supply the code to be run in kernel mode, just select • Arguments are copied to the kernel mode stack before validation, other threads in the process can’t corrupt the arguments “out from under” the service 19
Operating Systems I PT / FF 2014 Calling Windows Kernel from User Mode • Representation of Windows kernel functions in NTDLL.DLL user mode library • User-mode routines have the same function names and arguments as the kernel mode routines they invoke • Example: NtWriteFile in NTDLL.DLL invokes NtWriteFile in NTOSKRNL.EXE • Some counter examples exits (e.g. NtQuerySystemInformation) • Used by subsystem DLLs • Other examples, marked by method name prefix • Image loader (“Ldr”), 
 debug infrastructure (“Dbg”),
 CSRSS support routines (“Csr”), 
 RTL routines (“Rtl”), 
 tracing routines (“Etw”)
 20 VMS and WindowsVMS and Windows -- a bird’sa bird’s--eye view on architectureseye view on architectures Program Development Tools Layered Products (Apps) Layered design for VAX/VMS operating system OS/2 Windows POSIX Environment Subsystems User Application Subsystem DLL User Mode Kernel Mode System & Service Processes Windows System services Record Management Service (RMS) Executive Command Language Interpreter (CLI) Supervisor Support LibrariesUtilities User Windows high-level architecture Windows User/GDI Device Driver Executive Device Drivers Kernel Hardware Abstraction Layer (HAL) Mode
Operating Systems I PT / FF 2014 Windows Subsystem Call 21 Example: Invoking a Windows Kernel API 20 call WriteFile(…) call NtWriteFile return to caller do the operation return to caller Int 2E or SYSCALL or SYSENTER return to caller call NtWriteFile dismiss interrupt Windows application WriteFile in Kernel32.Dll NtWriteFile in NtDll.Dll KiSystemService in NtosKrnl.Exe NtWriteFile in NtosKrnl.Exe Windows- specific used by all subsystems software interrupt U K
Operating Systems I PT / FF 2014 Windows Subsystem GDI Call 22 Invoking (most) User and GDI Services 26 call  user  or  GDI  service(…) do the operation return to caller call Windows routine dismiss interrupt application Gdi32.Dll or User32.Dll KiSystemService in NtosKrnl.Exe service entry point in Win32K.Sys Windows- specific software interrupt U K Int 2E return to caller
Operating Systems I PT / FF 2014 Key Windows System Files 23 VMS and WindowsVMS and Windows -- a bird’sa bird’s--eye view on architectureseye view on architectures Program Development Tools Layered Products (Apps) Layered design for VAX/VMS operating system OS/2 Windows POSIX Environment Subsystems User Application Subsystem DLL User Mode Kernel Mode System & Service Processes Windows Record Management Service (RMS) Executive Command Language Interpreter (CLI) Supervisor Support LibrariesUtilities User Windows Windows User/GDI Device Driver Executive Device Drivers Kernel Hardware Abstraction Layer (HAL) Mode • Core components • NTOSKRNL.EXE (executive and kernel) • HAL.DLL (hardware abstraction layer) • NTDLL.DLL 
 (dispatch stubs to executive) • Core system processes • SMSS.EXE (session manager process) • WINLOGON.EXE (logon process) • SERVICES.EXE 
 (service controller process) • LSASS.EXE 
 (local security authority subsystem) • Windows subsystem • CSRSS.EXE 
 (Windows subsystem process) • WIN32K.SYS 
 (User and GDI kernel components) • KERNEL32/USER32.GDI32.DLL (Windows subsystem DLLs)
Operating Systems I PT / FF 2014 Compatibility - Windows API • Originally named as Win32 API to distinguish it from the Windows 2.0 Win16 API • Thousands of Windows subsystem functions • Base services, component services, user interface services, graphics and multimedia services, messaging and collaboration, networking, web services • Most internal text strings are stored / processed as 16bit Unicode strings • Windows API string functions typically have 2 versions • Unicode (wide) version: L“This string uses 16-bit characters“ • ANSI (narrow) version: “This string uses 8-bit characters“ • Windows 95/98/ME had Windows API but no Unicode characters • Unique property in comparison to Unix systems 24
Operating Systems I PT / FF 2014 Windows API • System resources are kernel objects referenced by a handle • handle vs. UNIX file descriptors & PIDs • Kernel objects can be manipulated only via a subsystem API • Objects have security attributes • Files, processes, threads, IPC pipes, memory mappings, events • Windows API is rich & flexible • Convenience functions often combine common sequences of function calls • Function names are long and descriptive (as in VMS) • WaitForSingleObject(), WaitForMultipleObjects() • Windows API offers numerous synchronization and communication mechanisms 25
Operating Systems I PT / FF 2014 Windows Security • Foundational concepts: Objects and handles • Objects are placeholders for (protected) system resources that may be shared • Process, thread, file, event objects from user space are mapped on executive objects • Object services offer read/write access to attributes • All security and protection based on NT Executive objects • Discretionary control: read/write/access rights • Privileged access: administrator may take ownership of files • Windows API take handles to system “objects” as parameter • Handle table in kernel adress space, unique per process, • Security check at handle creation time only 26
Operating Systems I PT / FF 2014 Windows Architecture 27 Windows Architecture 40 hardware interfaces (buses, I/O devices, interrupts, interval timers, DMA, memory cache control, etc., etc.) System Service Dispatcher Task Manager Explorer SvcHost.Exe WinMgt.Exe SpoolSv.Exe Service Control Mgr. LSASS Object Mgr. Windows USER, GDI File System Cache I/O Mgr Environment Subsystems User Application Subsystem DLLs System Processes Services Applications Original copyright by Microsoft Corporation. Used by permission. System Threads User Mode Kernel Mode NTDLL.DLL Device & File Sys. Drivers WinLogon Session Manager Services.Exe POSIX Windows DLLs Plugand PlayMgr. Power Mgr. Security Reference Monitor Virtual Memory Processes & Threads Local Procedure Call Graphics Drivers Kernel Hardware Abstraction Layer (HAL) (kernel mode callable interfaces) Configura- tionMgr (registry) OS/2 Windows
Operating Systems I PT / FF 2014 Demos for Windows • Spending time in user mode vs. kernel mode - mouse and window movements • Applications vs. processes in task manager and SysInternals process explorer • Determine the utilized HAL with device manager • Using dependency walker with ntoskrnl.exe • List of open handles (Process Explorer) • Stack trace checking (Process Explorer) • Suspending notepad • Killing the Windows subsystem (csrss.exe) • Killing security (lsass.exe) • Minimal process set: Killing first smss.exe and then winlogon.exe 28

Recommandé

Windows Architecture Explained by Stacksol
Windows Architecture Explained by StacksolWindows Architecture Explained by Stacksol
Windows Architecture Explained by Stacksol
Stacksol
 
Exokernel operating systems
Exokernel operating systemsExokernel operating systems
Exokernel operating systems
Gaurav Dalvi
 
Distance Vector Routing
Distance Vector RoutingDistance Vector Routing
Distance Vector Routing
ShouvikDhali
 
Assembly Language for x86 Processors 7th Edition Chapter 1: Basic Concepts
Assembly Language for x86 Processors 7th Edition Chapter 1: Basic Concepts Assembly Language for x86 Processors 7th Edition Chapter 1: Basic Concepts
Assembly Language for x86 Processors 7th Edition Chapter 1: Basic Concepts
ssuser65bfce
 
USB protocol
USB protocolUSB protocol
USB protocol
Jagadeesh Jaggu
 
Windows OS Architecture in Summery
Windows OS Architecture in SummeryWindows OS Architecture in Summery
Windows OS Architecture in Summery
Asanka Dilruk
 
RPC: Remote procedure call
RPC: Remote procedure callRPC: Remote procedure call
RPC: Remote procedure call
Sunita Sahu
 
RTOS - Real Time Operating Systems
RTOS - Real Time Operating SystemsRTOS - Real Time Operating Systems
RTOS - Real Time Operating Systems
Emertxe Information Technologies Pvt Ltd
 

Recommandé

Windows Architecture Explained by Stacksol
Windows Architecture Explained by StacksolWindows Architecture Explained by Stacksol
Windows Architecture Explained by Stacksol
Stacksol
 
Exokernel operating systems
Exokernel operating systemsExokernel operating systems
Exokernel operating systems
Gaurav Dalvi
 
Distance Vector Routing
Distance Vector RoutingDistance Vector Routing
Distance Vector Routing
ShouvikDhali
 
Assembly Language for x86 Processors 7th Edition Chapter 1: Basic Concepts
Assembly Language for x86 Processors 7th Edition Chapter 1: Basic Concepts Assembly Language for x86 Processors 7th Edition Chapter 1: Basic Concepts
Assembly Language for x86 Processors 7th Edition Chapter 1: Basic Concepts
ssuser65bfce
 
USB protocol
USB protocolUSB protocol
USB protocol
Jagadeesh Jaggu
 
Windows OS Architecture in Summery
Windows OS Architecture in SummeryWindows OS Architecture in Summery
Windows OS Architecture in Summery
Asanka Dilruk
 
RPC: Remote procedure call
RPC: Remote procedure callRPC: Remote procedure call
RPC: Remote procedure call
Sunita Sahu
 
RTOS - Real Time Operating Systems
RTOS - Real Time Operating SystemsRTOS - Real Time Operating Systems
RTOS - Real Time Operating Systems
Emertxe Information Technologies Pvt Ltd
 
TCP & UDP ( Transmission Control Protocol and User Datagram Protocol)
TCP & UDP ( Transmission Control Protocol and User Datagram Protocol)TCP & UDP ( Transmission Control Protocol and User Datagram Protocol)
TCP & UDP ( Transmission Control Protocol and User Datagram Protocol)
Kruti Niranjan
 
Threads in Operating System | Multithreading | Interprocess Communication
Threads in Operating System | Multithreading | Interprocess CommunicationThreads in Operating System | Multithreading | Interprocess Communication
Threads in Operating System | Multithreading | Interprocess Communication
Shivam Mitra
 
Delay , Loss & Throughput
Delay , Loss & ThroughputDelay , Loss & Throughput
Delay , Loss & Throughput
Tutor in Tuition Classes
 
Disk and File System Management in Linux
Disk and File System Management in LinuxDisk and File System Management in Linux
Disk and File System Management in Linux
Henry Osborne
 
Usb 2
Usb 2Usb 2
Usb 2
Vinchipsytm Vlsitraining
 
Bit torrent ppt
Bit torrent pptBit torrent ppt
Bit torrent ppt
Santosh Kumar
 
Tcp ip
Tcp ipTcp ip
Tcp ip
Dhani Ahmad
 
Transport layer
Transport layer Transport layer
Transport layer
Mukesh Chinta
 
The Android Story - versions and history
The Android Story - versions and history The Android Story - versions and history
The Android Story - versions and history
Devakumar Kp
 
Apartment Management System REport.docx
Apartment Management System REport.docxApartment Management System REport.docx
Apartment Management System REport.docx
WorkStation12
 
ContikiMAC : Radio Duty Cycling Protocol
ContikiMAC : Radio Duty Cycling ProtocolContikiMAC : Radio Duty Cycling Protocol
ContikiMAC : Radio Duty Cycling Protocol
Salah Amean
 
Error detection and correction
Error detection and correctionError detection and correction
Error detection and correction
Sisir Ghosh
 
Booting and Start-up Sequence
Booting and Start-up SequenceBooting and Start-up Sequence
Booting and Start-up Sequence
Trinity Dwarka
 
OS Process and Thread Concepts
OS Process and Thread ConceptsOS Process and Thread Concepts
OS Process and Thread Concepts
sgpraju
 
Operating system kernal
Operating system kernalOperating system kernal
Operating system kernal
Sumit Rajpal
 
Inter process communication using Linux System Calls
Inter process communication using Linux System CallsInter process communication using Linux System Calls
Inter process communication using Linux System Calls
jyoti9vssut
 
Multithreading
MultithreadingMultithreading
Multithreading
A B Shinde
 
Media Access Methods
Media Access MethodsMedia Access Methods
Media Access Methods
nizam143
 
TCP and UDP
TCP and UDP TCP and UDP
TCP and UDP
Ramesh Giri
 
File System FAT And NTFS
File System FAT And NTFSFile System FAT And NTFS
File System FAT And NTFS
Inocentshuja Ahmad
 
Operating Systems 1 (3/12) - Architectures
Operating Systems 1 (3/12) - ArchitecturesOperating Systems 1 (3/12) - Architectures
Operating Systems 1 (3/12) - Architectures
Peter Tröger
 
Linux-Internals-and-Networking
Linux-Internals-and-NetworkingLinux-Internals-and-Networking
Linux-Internals-and-Networking
Emertxe Information Technologies Pvt Ltd
 

Contenu connexe

Tendances

ContikiMAC : Radio Duty Cycling Protocol
ContikiMAC : Radio Duty Cycling ProtocolContikiMAC : Radio Duty Cycling Protocol
ContikiMAC : Radio Duty Cycling Protocol
Salah Amean
 
Error detection and correction
Error detection and correctionError detection and correction
Error detection and correction
Sisir Ghosh
 
Inter process communication using Linux System Calls
Inter process communication using Linux System CallsInter process communication using Linux System Calls
Inter process communication using Linux System Calls
jyoti9vssut
 

Tendances (20)

TCP & UDP ( Transmission Control Protocol and User Datagram Protocol)
TCP & UDP ( Transmission Control Protocol and User Datagram Protocol)TCP & UDP ( Transmission Control Protocol and User Datagram Protocol)
TCP & UDP ( Transmission Control Protocol and User Datagram Protocol)
 
Threads in Operating System | Multithreading | Interprocess Communication
Threads in Operating System | Multithreading | Interprocess CommunicationThreads in Operating System | Multithreading | Interprocess Communication
Threads in Operating System | Multithreading | Interprocess Communication
 
Delay , Loss & Throughput
Delay , Loss & ThroughputDelay , Loss & Throughput
Delay , Loss & Throughput
 
Disk and File System Management in Linux
Disk and File System Management in LinuxDisk and File System Management in Linux
Disk and File System Management in Linux
 
Usb 2
Usb 2Usb 2
Usb 2
 
Bit torrent ppt
Bit torrent pptBit torrent ppt
Bit torrent ppt
 
Tcp ip
Tcp ipTcp ip
Tcp ip
 
Transport layer
Transport layer Transport layer
Transport layer
 
The Android Story - versions and history
The Android Story - versions and history The Android Story - versions and history
The Android Story - versions and history
 
Apartment Management System REport.docx
Apartment Management System REport.docxApartment Management System REport.docx
Apartment Management System REport.docx
 
ContikiMAC : Radio Duty Cycling Protocol
ContikiMAC : Radio Duty Cycling ProtocolContikiMAC : Radio Duty Cycling Protocol
ContikiMAC : Radio Duty Cycling Protocol
 
Error detection and correction
Error detection and correctionError detection and correction
Error detection and correction
 
Booting and Start-up Sequence
Booting and Start-up SequenceBooting and Start-up Sequence
Booting and Start-up Sequence
 
OS Process and Thread Concepts
OS Process and Thread ConceptsOS Process and Thread Concepts
OS Process and Thread Concepts
 
Operating system kernal
Operating system kernalOperating system kernal
Operating system kernal
 
Inter process communication using Linux System Calls
Inter process communication using Linux System CallsInter process communication using Linux System Calls
Inter process communication using Linux System Calls
 
Multithreading
MultithreadingMultithreading
Multithreading
 
Media Access Methods
Media Access MethodsMedia Access Methods
Media Access Methods
 
TCP and UDP
TCP and UDP TCP and UDP
TCP and UDP
 
File System FAT And NTFS
File System FAT And NTFSFile System FAT And NTFS
File System FAT And NTFS
 

Similaire à Operating Systems 1 (4/12) - Architectures (Windows)

Embedded Linux Talk Uni Forum
Embedded Linux Talk Uni ForumEmbedded Linux Talk Uni Forum
Embedded Linux Talk Uni Forum
Sumant Diwakar
 

Similaire à Operating Systems 1 (4/12) - Architectures (Windows) (20)

Operating Systems 1 (3/12) - Architectures
Operating Systems 1 (3/12) - ArchitecturesOperating Systems 1 (3/12) - Architectures
Operating Systems 1 (3/12) - Architectures
 
Linux-Internals-and-Networking
Linux-Internals-and-NetworkingLinux-Internals-and-Networking
Linux-Internals-and-Networking
 
Windows 2000
Windows 2000Windows 2000
Windows 2000
 
Operating system
Operating systemOperating system
Operating system
 
Embedded linux
Embedded linuxEmbedded linux
Embedded linux
 
EOS
EOSEOS
EOS
 
Linux
LinuxLinux
Linux
 
docslide-3df5a529-2ffd-ef23.ppt
docslide-3df5a529-2ffd-ef23.pptdocslide-3df5a529-2ffd-ef23.ppt
docslide-3df5a529-2ffd-ef23.ppt
 
Embedded Linux Talk Uni Forum
Embedded Linux Talk Uni ForumEmbedded Linux Talk Uni Forum
Embedded Linux Talk Uni Forum
 
Develop Your Own Operating Systems using Cheap ARM Boards
Develop Your Own Operating Systems using Cheap ARM BoardsDevelop Your Own Operating Systems using Cheap ARM Boards
Develop Your Own Operating Systems using Cheap ARM Boards
 
Embedded Os [Linux & Co.]
Embedded Os [Linux & Co.]Embedded Os [Linux & Co.]
Embedded Os [Linux & Co.]
 
Device Drivers
Device DriversDevice Drivers
Device Drivers
 
Embedded Android : System Development - Part I
Embedded Android : System Development - Part IEmbedded Android : System Development - Part I
Embedded Android : System Development - Part I
 
Real Time Operating System
Real Time Operating SystemReal Time Operating System
Real Time Operating System
 
Os concepts
Os conceptsOs concepts
Os concepts
 
Chapter 1 - Introduction to Operating System.pptx
Chapter 1 - Introduction to Operating System.pptxChapter 1 - Introduction to Operating System.pptx
Chapter 1 - Introduction to Operating System.pptx
 
Windows Server 2008 R2 Dev Session 01
Windows Server 2008 R2 Dev Session 01Windows Server 2008 R2 Dev Session 01
Windows Server 2008 R2 Dev Session 01
 
Embedded Systems: Lecture 5: A Tour in RTOS Land
Embedded Systems: Lecture 5: A Tour in RTOS LandEmbedded Systems: Lecture 5: A Tour in RTOS Land
Embedded Systems: Lecture 5: A Tour in RTOS Land
 
Visão geral do hardware do servidor System z e Linux on z - Concurso Mainframe
Visão geral do hardware do servidor System z e Linux on z - Concurso MainframeVisão geral do hardware do servidor System z e Linux on z - Concurso Mainframe
Visão geral do hardware do servidor System z e Linux on z - Concurso Mainframe
 
Bootcamp 2017 - SQL Server on Linux
Bootcamp 2017 - SQL Server on LinuxBootcamp 2017 - SQL Server on Linux
Bootcamp 2017 - SQL Server on Linux
 

Plus de Peter Tröger

Plus de Peter Tröger (20)

WannaCry - An OS course perspective
WannaCry - An OS course perspectiveWannaCry - An OS course perspective
WannaCry - An OS course perspective
 
Cloud Standards and Virtualization
Cloud Standards and VirtualizationCloud Standards and Virtualization
Cloud Standards and Virtualization
 
Distributed Resource Management Application API (DRMAA) Version 2
Distributed Resource Management Application API (DRMAA) Version 2Distributed Resource Management Application API (DRMAA) Version 2
Distributed Resource Management Application API (DRMAA) Version 2
 
OpenSubmit - How to grade 1200 code submissions
OpenSubmit - How to grade 1200 code submissionsOpenSubmit - How to grade 1200 code submissions
OpenSubmit - How to grade 1200 code submissions
 
Design of Software for Embedded Systems
Design of Software for Embedded SystemsDesign of Software for Embedded Systems
Design of Software for Embedded Systems
 
Humans should not write XML.
Humans should not write XML.Humans should not write XML.
Humans should not write XML.
 
What activates a bug? A refinement of the Laprie terminology model.
What activates a bug? A refinement of the Laprie terminology model.What activates a bug? A refinement of the Laprie terminology model.
What activates a bug? A refinement of the Laprie terminology model.
 
Dependable Systems - Summary (16/16)
Dependable Systems - Summary (16/16)Dependable Systems - Summary (16/16)
Dependable Systems - Summary (16/16)
 
Dependable Systems - Hardware Dependability with Redundancy (14/16)
Dependable Systems - Hardware Dependability with Redundancy (14/16)Dependable Systems - Hardware Dependability with Redundancy (14/16)
Dependable Systems - Hardware Dependability with Redundancy (14/16)
 
Dependable Systems - System Dependability Evaluation (8/16)
Dependable Systems - System Dependability Evaluation (8/16)Dependable Systems - System Dependability Evaluation (8/16)
Dependable Systems - System Dependability Evaluation (8/16)
 
Dependable Systems - Structure-Based Dependabiilty Modeling (6/16)
Dependable Systems - Structure-Based Dependabiilty Modeling (6/16)Dependable Systems - Structure-Based Dependabiilty Modeling (6/16)
Dependable Systems - Structure-Based Dependabiilty Modeling (6/16)
 
Dependable Systems -Software Dependability (15/16)
Dependable Systems -Software Dependability (15/16)Dependable Systems -Software Dependability (15/16)
Dependable Systems -Software Dependability (15/16)
 
Dependable Systems -Reliability Prediction (9/16)
Dependable Systems -Reliability Prediction (9/16)Dependable Systems -Reliability Prediction (9/16)
Dependable Systems -Reliability Prediction (9/16)
 
Dependable Systems -Fault Tolerance Patterns (4/16)
Dependable Systems -Fault Tolerance Patterns (4/16)Dependable Systems -Fault Tolerance Patterns (4/16)
Dependable Systems -Fault Tolerance Patterns (4/16)
 
Dependable Systems - Introduction (1/16)
Dependable Systems - Introduction (1/16)Dependable Systems - Introduction (1/16)
Dependable Systems - Introduction (1/16)
 
Dependable Systems -Dependability Means (3/16)
Dependable Systems -Dependability Means (3/16)Dependable Systems -Dependability Means (3/16)
Dependable Systems -Dependability Means (3/16)
 
Dependable Systems - Hardware Dependability with Diagnosis (13/16)
Dependable Systems - Hardware Dependability with Diagnosis (13/16)Dependable Systems - Hardware Dependability with Diagnosis (13/16)
Dependable Systems - Hardware Dependability with Diagnosis (13/16)
 
Dependable Systems -Dependability Attributes (5/16)
Dependable Systems -Dependability Attributes (5/16)Dependable Systems -Dependability Attributes (5/16)
Dependable Systems -Dependability Attributes (5/16)
 
Dependable Systems -Dependability Threats (2/16)
Dependable Systems -Dependability Threats (2/16)Dependable Systems -Dependability Threats (2/16)
Dependable Systems -Dependability Threats (2/16)
 
Verteilte Software-Systeme im Kontext von Industrie 4.0
Verteilte Software-Systeme im Kontext von Industrie 4.0Verteilte Software-Systeme im Kontext von Industrie 4.0
Verteilte Software-Systeme im Kontext von Industrie 4.0
 

Dernier

Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
ZurliaSoop
 
Salient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functionsSalient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functions
KarakKing
 

Dernier (20)

Plant propagation: Sexual and Asexual propapagation.pptx
Plant propagation: Sexual and Asexual propapagation.pptxPlant propagation: Sexual and Asexual propapagation.pptx
Plant propagation: Sexual and Asexual propapagation.pptx
 
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
 
Graduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - EnglishGraduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - English
 
Fostering Friendships - Enhancing Social Bonds in the Classroom
Fostering Friendships - Enhancing Social Bonds in the ClassroomFostering Friendships - Enhancing Social Bonds in the Classroom
Fostering Friendships - Enhancing Social Bonds in the Classroom
 
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
 
How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17
 
This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdf
 
REMIFENTANIL: An Ultra short acting opioid.pptx
REMIFENTANIL: An Ultra short acting opioid.pptxREMIFENTANIL: An Ultra short acting opioid.pptx
REMIFENTANIL: An Ultra short acting opioid.pptx
 
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
 
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptxHMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
 
How to setup Pycharm environment for Odoo 17.pptx
How to setup Pycharm environment for Odoo 17.pptxHow to setup Pycharm environment for Odoo 17.pptx
How to setup Pycharm environment for Odoo 17.pptx
 
Interdisciplinary_Insights_Data_Collection_Methods.pptx
Interdisciplinary_Insights_Data_Collection_Methods.pptxInterdisciplinary_Insights_Data_Collection_Methods.pptx
Interdisciplinary_Insights_Data_Collection_Methods.pptx
 
Single or Multiple melodic lines structure
Single or Multiple melodic lines structureSingle or Multiple melodic lines structure
Single or Multiple melodic lines structure
 
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdf
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdfUnit 3 Emotional Intelligence and Spiritual Intelligence.pdf
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdf
 
COMMUNICATING NEGATIVE NEWS - APPROACHES .pptx
COMMUNICATING NEGATIVE NEWS - APPROACHES .pptxCOMMUNICATING NEGATIVE NEWS - APPROACHES .pptx
COMMUNICATING NEGATIVE NEWS - APPROACHES .pptx
 
Understanding Accommodations and Modifications
Understanding Accommodations and ModificationsUnderstanding Accommodations and Modifications
Understanding Accommodations and Modifications
 
Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdf
 
Python Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docxPython Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docx
 
Salient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functionsSalient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functions
 

Operating Systems 1 (4/12) - Architectures (Windows)

  • 1. Operating System Architectures - Windows Beuth Hochschule Summer Term 2014
  • 2. Operating Systems I PT / FF 2014 Example: Windows Operating System Family • Since Windows XP (2001), all kernels are successors of the original NT development • Requirements for the original NT project • Provide a true 32-bit, preemptive, reentrant, virtual memory operating system • Run on multiple hardware architectures and platforms • Run and scale well on symmetric multiprocessing systems • Be a great distributed computing platform (Client & Server) • Run most existing 16-bit MS-DOS and Microsoft Windows 3.1 applications • Meet government requirements for POSIX 1003.1 compliance and security • Meet government and industry requirements for operating system security • Be easily adaptable to the global market by supporting Unicode 2
  • 3. Operating Systems I PT / FF 2014 Windows Operating System Family • Extensibility: Code must be able to grow and change as market requirements change. • Portability: The system must be able to run on multiple hardware architectures and must be able to move with relative ease to new ones as market demands dictate. • Dependability: Protection against internal malfunction and external tampering. • Applications should not be able to harm the OS or other running applications. • Compatibility: User interface and APIs should be compatible with older versions of Windows as well as older operating systems such as MS-DOS. • It should also interoperate well with UNIX, OS/2, and NetWare. • Performance: Within the constraints of the other design goals, the system should be as fast and responsive as possible on each hardware platform. 3
  • 4. Operating Systems I PT / FF 2014 Windows Versions • Each Windows version comes in different flavors differing in ... • ... number of physical processors being supported (not cores) • ... amount of physical memory supported • ... number of concurrent network connections supported • ... support for TabletPC and/or Media Center Edition • ... more than 100 configurable software licensing values (e.g. BitLocker, DVD burn) • Example: • Windows Server 2008 Standard Edition: max. 4 CPUs, max. 32 GB RAM • Windows Server 2008 Datacenter Edition: max. 64 CPUs, max. 2048 GB RAM • All flavors of one version are built from the same core components 4
  • 5. Operating Systems I PT / FF 2014 Simplified Windows Architecture 5 dowsdows on architectureson architectures Tools OS/2 Windows POSIX Environment Subsystems User Application Subsystem DLL User Mode Kernel Mode System & Service Processes Windows Windows User/GDI Device Driver Executive Device Drivers Kernel Hardware Abstraction Layer (HAL) Mode
  • 6. Operating Systems I PT / FF 2014 Windows Portability • Past and present: x86 (initial), MIPS (initial), Alpha AXP (initial), PowerPC (NT 3.51), Itanium (Windows XP/2003), ARM (Windows 8) instruction set architectures • PowerPC and MIPS dropped soon after NT 4 release, Alpha AXP dropped in 1999 
 (supported through SP6) • Layered design: Architecture-specific functions located in kernel • Windows kernel components are primarily written in C (executive, drivers) • UI and graphics subsystem are written in C++ • HW-specific/performance-sensitive parts written in assembly language 
 (e.g. interrupt trap handler, context switching) • HAL (Hardware Abstraction Layer) • Machine-specific functions located in HAL • Became pluggable in Windows 8 to support different core components 
 (e.g. separate drivers for the interrupt controller) 6
  • 7. Operating Systems I PT / FF 2014 Windows Hardware Abstraction Layer (HAL) • Responsible for a small part of “hardware abstraction” - 
 components on the motherboard not handled by drivers • System timers, Cache coherency, and flushing, SMP, interrupt priorities • Subroutine library for the kernel & device drivers • Isolates Kernel and Executive from platform-specific details • Presents uniform model of I/O hardware interface to drivers • Windows Vista and later automatically detect HAL version to be used on startup • HAL also implements some functions that appear to be in the Executive and Kernel • Selected at installation time, can select manually at boot time with /HAL= in boot.ini • Special kit only for vendors that must write custom HALs (requires MS approval) 7 Program Development Tools Layered Products (Apps) Layered design for VAX/VMS operating system OS/2 Windows POSIX Environment Subsystems User Application Subsystem DLL User Mode Kernel Mode System & Service Processes Windows 46 System-wide data structures Memory Management I/O Subsystem Process and time management System services Kernel Record Management Service (RMS) Executive Command Language Interpreter (CLI) Supervisor Platform-Adaptation Layer (PAL) - Alpha Support LibrariesUtilities User Windows high-level architecture Windows User/GDI Device Driver Executive Device Drivers Kernel Hardware Abstraction Layer (HAL) Mode
  • 8. Operating Systems I PT / FF 2014 Windows Hardware Abstraction Layer (HAL) 8 HalBugCheckSystem This function stops the system because of an uncorrectable hardware error. KeAcquireSpinLock The KeAcquireSpinLock routine acquires a spin lock so the caller can synchronize access to shared data in a multiprocessor-safe way by raising IRQL. HalAllocateHardwareCounters The HalAllocateHardwareCounters routine allocates a set of hardware performance counters. HalProcessorIdle Enter power saving mode of the CPU hardware HalQueryRealTimeClock Initialize system time KeQueryPerformanceCounter The KeQueryPerformanceCounter routine provides the finest grained running count available in the system, can disable system-wide interrupts for a minimal interval. READ_PORT_UCHAR READ_PORT_UCHAR returns the byte that is read from the specified port address. geoffchappell.com Program Development Tools Layered Products (Apps) Layered design for VAX/VMS operating system OS/2 Windows POSIX Environment Subsystems User Application Subsystem DLL User Mode Kernel Mode System & Service Processes Windows 46 System-wide data structures Memory Management I/O Subsystem Process and time management System services Kernel Record Management Service (RMS) Executive Command Language Interpreter (CLI) Supervisor Platform-Adaptation Layer (PAL) - Alpha Support LibrariesUtilities User Windows high-level architecture Windows User/GDI Device Driver Executive Device Drivers Kernel Hardware Abstraction Layer (HAL) Mode
  • 9. Operating Systems I PT / FF 2014 Simplified Windows Architecture 9 dowsdows on architectureson architectures Tools OS/2 Windows POSIX Environment Subsystems User Application Subsystem DLL User Mode Kernel Mode System & Service Processes Windows Windows User/GDI Device Driver Executive Device Drivers Kernel Hardware Abstraction Layer (HAL) Mode
  • 10. Operating Systems I PT / FF 2014 Windows Kernel • Lower layers of the operating system • Implements processor-dependent functions (x86 vs. Itanium etc.) • Also implements many processor-independent functions that are closely associated with processor-dependent functions • Main services • Thread waiting, scheduling & context switching • Exception and interrupt dispatching • Operating system synchronization primitives (different for MP vs. UP) , 
 a few of them are exposed to user mode • Not a classic “microkernel”, since it shares the memory with rest of the kernel 10 Program Development Tools Layered Products (Apps) Layered design for VAX/VMS operating system OS/2 Windows POSIX Environment Subsystems User Application Subsystem DLL User Mode Kernel Mode System & Service Processes Windows 46 System-wide data structures Memory Management I/O Subsystem Process and time management System services Kernel Record Management Service (RMS) Executive Command Language Interpreter (CLI) Supervisor Platform-Adaptation Layer (PAL) - Alpha Support LibrariesUtilities User Windows high-level architecture Windows User/GDI Device Driver Executive Device Drivers Kernel Hardware Abstraction Layer (HAL) Mode
  • 11. Operating Systems I PT / FF 2014 Simplified Windows Architecture 11 dowsdows on architectureson architectures Tools OS/2 Windows POSIX Environment Subsystems User Application Subsystem DLL User Mode Kernel Mode System & Service Processes Windows Windows User/GDI Device Driver Executive Device Drivers Kernel Hardware Abstraction Layer (HAL) Mode
  • 12. Operating Systems I PT / FF 2014 Windows Device Drivers • Device drivers (*.sys) • Hardware device drivers translate user I/O function calls into specific hardware device I/O requests, based on kernel and HAL functions • Concept of virtual devices - system volumes and network protocols • Programming models over the years: Windows NT driver model, Windows Driver Model (WDM) since Windows 2000, Windows Driver Foundation (WDF) since Vista • Windowing and Graphics Driver (Win32k.sys) • Graphical user interface (GUI) functions (USER and GDI) • Windows, user interface controls, and drawing • Hardware Abstraction Layer (Hal.dll) in itself is a driver 12 Program Development Tools Layered Products (Apps) Layered design for VAX/VMS operating system OS/2 Windows POSIX Environment Subsystems User Application Subsystem DLL User Mode Kernel Mode System & Service Processes Windows 46 System-wide data structures Memory Management I/O Subsystem Process and time management System services Kernel Record Management Service (RMS) Executive Command Language Interpreter (CLI) Supervisor Platform-Adaptation Layer (PAL) - Alpha Support LibrariesUtilities User Windows high-level architecture Windows User/GDI Device Driver Executive Device Drivers Kernel Hardware Abstraction Layer (HAL) Mode
  • 13. Operating Systems I PT / FF 2014 Windows Device Drivers • Separate loadable modules (drivername.SYS) • Linked like .EXE files • Typically linked against NTOSKRNL.EXE and HAL.DLL • Only one version of each driver binary for both 
 uniprocessor (UP) and multiprocessor (MP) systems -
 driver relies on kernel support for the according management • Several types • “ordinary”, file system drivers, NDIS mini-port drivers, SCSI mini-port drivers 
 (linked against port drivers), bus drivers • Use driverquery /v to list loaded drivers • drivers.exe from resource kit for older Windows versions 13 – Typically linked against NTOSKRNL.EXE and HAL.DLL – Only one version of each driver binary for both uniprocessor (UP) and multiprocessor (MP) systems… – …  but  drivers  call  routines  in  the  kernel  that  behave  differently  for  UP  vs.  MP  Versions • Defined in registry • Several types: – “ordinary”,  file  system,  NDIS  miniport,   SCSI miniport (linked against port drivers), bus drivers – More information in I/O subsystem section • To view loaded drivers, run drivers.exe – Also see list at end of output from pstat.exe – includes addresses of each driver • To update & control: – System properties->Hardware Tab->Device Manager – Computer Management->Software Environment->Drivers 16 File System Driver Port Driver Port Driver RAID Driver Program Development Tools Layered Products (Apps) Layered design for VAX/VMS operating system OS/2 Windows POSIX Environment Subsystems User Application Subsystem DLL User Mode Kernel Mode System & Service Processes Windows 46 System-wide data structures Memory Management I/O Subsystem Process and time management System services Kernel Record Management Service (RMS) Executive Command Language Interpreter (CLI) Supervisor Platform-Adaptation Layer (PAL) - Alpha Support LibrariesUtilities User Windows high-level architecture Windows User/GDI Device Driver Executive Device Drivers Kernel Hardware Abstraction Layer (HAL) Mode
  • 14. Operating Systems I PT / FF 2014 Simplified Windows Architecture 14 dowsdows on architectureson architectures Tools OS/2 Windows POSIX Environment Subsystems User Application Subsystem DLL User Mode Kernel Mode System & Service Processes Windows Windows User/GDI Device Driver Executive Device Drivers Kernel Hardware Abstraction Layer (HAL) Mode
  • 15. Operating Systems I PT / FF 2014 Windows Executive • Upper layer of the operating system • Process and thread manager - additional semantics to lower level objects • Object manager - manages representation of resources • Configuration manager - implementation of the system registry • Memory manager / cache manager - implementation of virtual memory • Security reference monitor (SRM) - policy enforcement, auditing, object protection • I/O manager - device-independent I/O dispatching • Power manager, Plug-and-Play manager, LPC (local procedure call) facility • Almost completely portable C code, runs in kernel mode • Most interfaces to executive services not officially documented 15 Program Development Tools Layered Products (Apps) Layered design for VAX/VMS operating system OS/2 Windows POSIX Environment Subsystems User Application Subsystem DLL User Mode Kernel Mode System & Service Processes Windows 46 System-wide data structures Memory Management I/O Subsystem Process and time management System services Kernel Record Management Service (RMS) Executive Command Language Interpreter (CLI) Supervisor Platform-Adaptation Layer (PAL) - Alpha Support LibrariesUtilities User Windows high-level architecture Windows User/GDI Device Driver Executive Device Drivers Kernel Hardware Abstraction Layer (HAL) Mode
  • 16. Operating Systems I PT / FF 2014 Simplified Windows Architecture 16 dowsdows on architectureson architectures Tools OS/2 Windows POSIX Environment Subsystems User Application Subsystem DLL User Mode Kernel Mode System & Service Processes Windows Windows User/GDI Device Driver Executive Device Drivers Kernel Hardware Abstraction Layer (HAL) Mode
  • 17. Operating Systems I PT / FF 2014 Windows Subsystem • Documented callable Windows API functions • Examples: CreateProcess, CreateFile, GetMessage • Subsystem DLLs translate Windows API calls to NTOSKRNL.EXE and WIN32K.SYS system service calls • Undocumented functions, callable from user space • Example: NtCreateProcess is used by Windows CreateProcess and POSIX fork() • Prior to Windows NT 4.0, the window manager and graphics services were part of the user-mode Win32 subsystem process - more stable ? • Internal routines of the Windows subsystem • Callable only from kernel mode, such as ExAllocatePool for Windows system heap 17 Program Development Tools Layered Products (Apps) Layered design for VAX/VMS operating system OS/2 Windows POSIX Environment Subsystems User Application Subsystem DLL User Mode Kernel Mode System & Service Processes Windows 46 System-wide data structures Memory Management I/O Subsystem Process and time management System services Kernel Record Management Service (RMS) Executive Command Language Interpreter (CLI) Supervisor Platform-Adaptation Layer (PAL) - Alpha Support LibrariesUtilities User Windows high-level architecture Windows User/GDI Device Driver Executive Device Drivers Kernel Hardware Abstraction Layer (HAL) Mode
  • 18. Operating Systems I PT / FF 2014 Calling Windows Kernel from User Mode • Kernel-mode functions are invoked from user mode via a protected mechanism • x86: INT 2E (as of XP: SYSENTER on x86, SYSCALL on AMD) • Last thing that happens in user mode is this “change mode to kernel” instruction • Causes an exception or interrupt, handled by the system service dispatcher (KiSystemService) in kernel mode • Return to user mode is done by dismissing the interrupt or exception • The desired system function is selected by the “system service number” • Every Windows function exported to user mode has a unique number • This number is stored in a register just before the “change mode” instruction • This number is an index into the system service dispatch table • Table gives kernel-mode entry point address and argument list length for each function 18
  • 19. Operating Systems I PT / FF 2014 Calling Windows Kernel from User Mode • All validity checks are done after the user to kernel mode transition • KiSystemService: probes argument list, copies it to kernel-mode stack, 
 calls the executive or kernel routine pointed to by the table • Service-specific routine checks argument values, probes pointed-to buffers, etc. • Once past that point, everything is “trusted” • This is safe, because: • System service table is in kernel-protected memory • Kernel mode routines pointed to by the system service table are in kernel-protected memory • User mode code can’t supply the code to be run in kernel mode, just select • Arguments are copied to the kernel mode stack before validation, other threads in the process can’t corrupt the arguments “out from under” the service 19
  • 20. Operating Systems I PT / FF 2014 Calling Windows Kernel from User Mode • Representation of Windows kernel functions in NTDLL.DLL user mode library • User-mode routines have the same function names and arguments as the kernel mode routines they invoke • Example: NtWriteFile in NTDLL.DLL invokes NtWriteFile in NTOSKRNL.EXE • Some counter examples exits (e.g. NtQuerySystemInformation) • Used by subsystem DLLs • Other examples, marked by method name prefix • Image loader (“Ldr”), 
 debug infrastructure (“Dbg”),
 CSRSS support routines (“Csr”), 
 RTL routines (“Rtl”), 
 tracing routines (“Etw”)
 20 VMS and WindowsVMS and Windows -- a bird’sa bird’s--eye view on architectureseye view on architectures Program Development Tools Layered Products (Apps) Layered design for VAX/VMS operating system OS/2 Windows POSIX Environment Subsystems User Application Subsystem DLL User Mode Kernel Mode System & Service Processes Windows System services Record Management Service (RMS) Executive Command Language Interpreter (CLI) Supervisor Support LibrariesUtilities User Windows high-level architecture Windows User/GDI Device Driver Executive Device Drivers Kernel Hardware Abstraction Layer (HAL) Mode
  • 21. Operating Systems I PT / FF 2014 Windows Subsystem Call 21 Example: Invoking a Windows Kernel API 20 call WriteFile(…) call NtWriteFile return to caller do the operation return to caller Int 2E or SYSCALL or SYSENTER return to caller call NtWriteFile dismiss interrupt Windows application WriteFile in Kernel32.Dll NtWriteFile in NtDll.Dll KiSystemService in NtosKrnl.Exe NtWriteFile in NtosKrnl.Exe Windows- specific used by all subsystems software interrupt U K
  • 22. Operating Systems I PT / FF 2014 Windows Subsystem GDI Call 22 Invoking (most) User and GDI Services 26 call  user  or  GDI  service(…) do the operation return to caller call Windows routine dismiss interrupt application Gdi32.Dll or User32.Dll KiSystemService in NtosKrnl.Exe service entry point in Win32K.Sys Windows- specific software interrupt U K Int 2E return to caller
  • 23. Operating Systems I PT / FF 2014 Key Windows System Files 23 VMS and WindowsVMS and Windows -- a bird’sa bird’s--eye view on architectureseye view on architectures Program Development Tools Layered Products (Apps) Layered design for VAX/VMS operating system OS/2 Windows POSIX Environment Subsystems User Application Subsystem DLL User Mode Kernel Mode System & Service Processes Windows Record Management Service (RMS) Executive Command Language Interpreter (CLI) Supervisor Support LibrariesUtilities User Windows Windows User/GDI Device Driver Executive Device Drivers Kernel Hardware Abstraction Layer (HAL) Mode • Core components • NTOSKRNL.EXE (executive and kernel) • HAL.DLL (hardware abstraction layer) • NTDLL.DLL 
 (dispatch stubs to executive) • Core system processes • SMSS.EXE (session manager process) • WINLOGON.EXE (logon process) • SERVICES.EXE 
 (service controller process) • LSASS.EXE 
 (local security authority subsystem) • Windows subsystem • CSRSS.EXE 
 (Windows subsystem process) • WIN32K.SYS 
 (User and GDI kernel components) • KERNEL32/USER32.GDI32.DLL (Windows subsystem DLLs)
  • 24. Operating Systems I PT / FF 2014 Compatibility - Windows API • Originally named as Win32 API to distinguish it from the Windows 2.0 Win16 API • Thousands of Windows subsystem functions • Base services, component services, user interface services, graphics and multimedia services, messaging and collaboration, networking, web services • Most internal text strings are stored / processed as 16bit Unicode strings • Windows API string functions typically have 2 versions • Unicode (wide) version: L“This string uses 16-bit characters“ • ANSI (narrow) version: “This string uses 8-bit characters“ • Windows 95/98/ME had Windows API but no Unicode characters • Unique property in comparison to Unix systems 24
  • 25. Operating Systems I PT / FF 2014 Windows API • System resources are kernel objects referenced by a handle • handle vs. UNIX file descriptors & PIDs • Kernel objects can be manipulated only via a subsystem API • Objects have security attributes • Files, processes, threads, IPC pipes, memory mappings, events • Windows API is rich & flexible • Convenience functions often combine common sequences of function calls • Function names are long and descriptive (as in VMS) • WaitForSingleObject(), WaitForMultipleObjects() • Windows API offers numerous synchronization and communication mechanisms 25
  • 26. Operating Systems I PT / FF 2014 Windows Security • Foundational concepts: Objects and handles • Objects are placeholders for (protected) system resources that may be shared • Process, thread, file, event objects from user space are mapped on executive objects • Object services offer read/write access to attributes • All security and protection based on NT Executive objects • Discretionary control: read/write/access rights • Privileged access: administrator may take ownership of files • Windows API take handles to system “objects” as parameter • Handle table in kernel adress space, unique per process, • Security check at handle creation time only 26
  • 27. Operating Systems I PT / FF 2014 Windows Architecture 27 Windows Architecture 40 hardware interfaces (buses, I/O devices, interrupts, interval timers, DMA, memory cache control, etc., etc.) System Service Dispatcher Task Manager Explorer SvcHost.Exe WinMgt.Exe SpoolSv.Exe Service Control Mgr. LSASS Object Mgr. Windows USER, GDI File System Cache I/O Mgr Environment Subsystems User Application Subsystem DLLs System Processes Services Applications Original copyright by Microsoft Corporation. Used by permission. System Threads User Mode Kernel Mode NTDLL.DLL Device & File Sys. Drivers WinLogon Session Manager Services.Exe POSIX Windows DLLs Plugand PlayMgr. Power Mgr. Security Reference Monitor Virtual Memory Processes & Threads Local Procedure Call Graphics Drivers Kernel Hardware Abstraction Layer (HAL) (kernel mode callable interfaces) Configura- tionMgr (registry) OS/2 Windows
  • 28. Operating Systems I PT / FF 2014 Demos for Windows • Spending time in user mode vs. kernel mode - mouse and window movements • Applications vs. processes in task manager and SysInternals process explorer • Determine the utilized HAL with device manager • Using dependency walker with ntoskrnl.exe • List of open handles (Process Explorer) • Stack trace checking (Process Explorer) • Suspending notepad • Killing the Windows subsystem (csrss.exe) • Killing security (lsass.exe) • Minimal process set: Killing first smss.exe and then winlogon.exe 28