Presentation is loading. Please wait.

Presentation is loading. Please wait.

Windows OS Overview Instructor: Hengming Zou, Ph.D. In Pursuit of Absolute Simplicity 求于至简,归于永恒.

Similar presentations


Presentation on theme: "Windows OS Overview Instructor: Hengming Zou, Ph.D. In Pursuit of Absolute Simplicity 求于至简,归于永恒."— Presentation transcript:

1 Windows OS Overview Instructor: Hengming Zou, Ph.D. In Pursuit of Absolute Simplicity 求于至简,归于永恒

2 22 Copyright Notice  This PPT presentation is developed by Hengming Zou of Shanghai Jiao Tong University under permission and with support from Microsoft Research  The material contained in the PPT is based on and derived from copyrighted material from Microsoft  Any non-profit use of this material is hereby granted provided that this notice page is shown

3 33 Roadmap  History of Operating Systems  Tasks of an Operating System  OS as extension of the hardware  Main concepts: processes, files, system calls  Operating system structuring

4 44 Operating Systems Concepts  System software manages resources  OS hides complexity of underlying hardware  Layered architectures Physical devices Microprogramming Machine language Operating system CompilersEditors Command interpreter Banking system Airline reservation Web browser Application programs Hardware System programs

5 55 History of operating systems  Batch processing  Punching cardsMultiprocessing programming The elements of the basic IBM 1401 system are the 1401 Processing Unit, 1402 Card Read-Punch, and 1403 Printer. Job 3 Job 2 Job 1 OS Memory partitions

6 66 Evolution of OS Functionality  Batch Job Processing –Linkage of library routines to programs –Management of files, I/O devices, secondary storage  Multiprogramming –Resource managment and sharing for multiple programs –Quasi-simultaneous program execution –Single user

7 77 Evolution of OS Functionality  Multiuser/Timesharing Systems –Management of multiple simultaneous users interconnected via terminals –Fair resource management: CPU scheduling, spooling, mutual exclusion  Real-Time Systems (process control systems) –Management of time-critical processes –High requirements with respect to reliability and availability

8 88 Tasks of an Operating System  Processor management - Scheduling –Fairness –Non-blocking behavior –Priorities  Memory management –Virtual versus physical memory, memory hierarchy –Protection of competing/conurrent programs  Storage management – File system –Access to external storage media

9 99 Tasks of an Operating System  Device management –Hiding of hardware dependencies –Management of concurrent accesses  Batch processing –Definition of an execution order; –throughput maximization

10 10 Kernel- and User Mode Programs  Typical functionality implemented in either mode: –Kernel and user mode  Kernel mode: Privileged mode  Strict assumptions about reliability/security of code  Memory resident –CPU-, memory-, Input/Output managment –Multiprocessor management, diagnosis, test –Parts of file system and of the networking interface

11 11 Kernel- and User Mode Programs  User Space:  More flexible  Simpler maintenance and debugging –Compiler, assembler, interpreter, linker/loader –File system management, telecommunication –network management –Editors, spreadsheets, user applications

12 12 Layered Model of OS Concepts No Name Typical Objects Typical Operations 1 Integrated circuitsregister, gate, bus Nand, Nor, Exor 2Machine languageinstruction counter, ALU Add, Move, Load, Store 3 Subroutine linkageprocedure block Stack Call, JSR, RTS 4 Interrupts interrupt handlersBus error, Reset 5Simple processes process, semaphorewait, ready, execute 6 Local memory data block, I/O channel read, write, open, close 7 Virtual model page, frame read, write, swap 8 Process communication channel (pipe), message read, write, open 9 File management filesread, write, open, copy 10 Device managementext.memory, terminals read, write 11 I/O data streams data streamsopen, close, read, write 12 User processesuser processeslogin, logout, fork 13 Directory managementinternal tablescreate, delete, modify 14 Graphical user interfacewindow, menu, icon OS system calls

13 13 OS acts as Extension of Hardware  System view: layered model of OS –Implementation details on one layer are hidden from higher layers  Same machine, different operating systems: –IBM PC: DOS, Linux, NeXTSTEP, Windows NT, SCO Unix –DEC VAX: VMS, Ultrix-32, 4.3 BSD UNIX

14 14 OS Acts as Extension of Hardware  Same OS, different machines: UNIX –PC (XENIX 286, APPLE A/UX) –CRAY-Y/MP (UNICOS - AT&T Sys V) –IBM 360/370 (Amdahl UNIX UTS/580, IBM UNIX AIX/ESA)  Windows XP (or Windows NT/2000) –Intel i386 (i486 an NT 4.0), Alpha, PowerPC, MIPS, Itanium

15 15 Operating Systems Evolution 55 60 65 70 75 80 85 90 95 00 03 IOCS DOS/360 DOS/VDSE VS VS/ESA OS/360 MVS/370 MVS/XA MVS/ES TSO IBSYS CTSS CP/CM5 VM/370 VM/XA VM/ESA SYSTEM III SYSTEM V SYSTEM V.4 MULTICS UNIX UNIXV.7 AIX/370 AIX SUN OS POSIX SOLARIS 2 4.1BSD 4.2BSD 4.3BSD 4.4BSD MACH OSF/1 AIX/ESA XENIX MS-DOS 1.0 CP/M DR/DOS OS/2 WIN 3.0 WIN NT WIN 2000 WIN 9X WIN XP LINUX RSX-11M VMS 1.0 VMS 5.4 VMS 7.3 WIN 3.1 SOLARIS 10 RT-11 LINUX 2.6 WIN Server 2003

16 16 Main Concepts: processes readyrunning blocked finishednew A BC FED Process tree  Processes, process table, core image  Command interpreter, shell  Child processes  Scheduling, signals  User identification, group identification

17 17 Main Concepts: Files Root directory tmpusretc pitmia  Files, directories, root  Path, working directory  Protection, rwx bits  File descriptor, handle  Special files, I/O devices  Block I/O, character I/O  Standard input/output/error  pipes

18 18 Main concepts: system calls  User programs access OS services via system calls  Parameter transmission via trap, register, stack –count=read(file, buffer, nbytes);  5 general classes of system calls: –Process control –File manipulation –Device manipulation –Information maintenance –communications

19 19 Main concepts: shell  Command interpreter  Displays prompt, implements input/output redirection  Background processes, job control, pseudo terminals $ date $ date >file $ sort file2 $ cat file1 file2 file3 > /dev/lp1 $ make all >log 2>&1 &

20 20 Structuring of Operating Systems  Monolithical systems  Unstructured  Supervisor call changes from user mode into kernel mode App System services Hardware OS procedures User Mode Kernel Mode

21 21 Layered OS Application Program Application Program Application Program System Services File System Memory and I/O Device Management Processor Scheduling Hardware User Mode Kernel Mode  Each layer is given access only to lower-level interfaces

22 22 Microkernel OS (Client/server OS) Memory Server Client App Network Server Process Server File Server Display Server Microkernel Hardware request reply User Mode Kernel Mode  Kernel implements: –Scheduling –Memory Management –IPC  User-mode servers

23 23 Mach Microkernel OS Extended Memory Managment Paging handled by user-space server Port: comm. endpoint, network-wide Client netmsgsrvPager Kernel map memory object (vm_map()) page faults get memory object Lookup service advertise service handles faults and consistency upcalls Paging handled by user-space server

24 24 Mach Distributed Shared Memory System  Access remote memories, port access rights - ACL

25 25 Windows 2000/NT background/history Dave Cutler:  OS Developer at DEC since 1971  RSX-11M, PDP-11 (16 bit mini): Size is the Goal –Multitasking, hierarchical file system, real-time scheduling –Application swapping, utilities –32 kb of memory (!) –16 kb Kernel, 16 kb utilities, overlay structures, assembly language –Time-to-market: 18 months  Lack of address bits: VAX architecture (32 bit) –Most successful architecture in ´70s and ´80s

26 26 DEC (VMS) and MS Windows NT  VMS=Virtual Memory System  Cutler was leader of VMS development effort  VAX-11 hardware had PDP-11 compatibility mode –RSX-11M was the compatibility environment to be supported by VMS –Binary and file system compatibility  Biggest mistake: VMS written in assembly language –Size restrictions, no compiler available, engineering expertise

27 27 DEC (VMS) and MS Windows NT  Summer 88: call from Bill Gates –New OS for PC architecture –Portability, security, POSIX, compatibility, multiprocessor, extensibility –Similar goals as for PDP-11/VAX transition  Windows NT came to market in 1993

28 28  Design began in late 1988/early 1989 after Dave Cutler and a handful of Digital employees started at MS –Dave Cutler—legend in the operating system world –Internally, many similarities to Digital’s VMS (scheduling, memory management, I/O and driver model) –VMS+1=WNT just a coincidence  Original goal was replacement for OS/2 Windows NT Origins

29 29  Later goal changed to be: replacement for Windows 3.0 –The name “Windows NT” was born –NT=“New Technology”  But at a high level, the architecture and user interface are not really that “new” –as compared to most 32-bit OS’s  The i860 RISC CPU NT was originally targeted at was code named N-Ten Windows NT Origins

30 30  Interesting book on the early years of NT: –Show-stopper!: The Breakneck Race to Create Windows NT and the Next Generation at Microsoft –By G. Pascal Zachary, ISBN: 0029356717 Windows NT Origins

31 31 VMS and Windows NT Layered design for VAX/VMS OS Windows NT high-level architecture OS/2 Windows POSIX Environment Subsystems User Application Subsystem DLL Windows User/GDI Device Driver Executive Device DriversKernel Hardware Abstraction Layer (HAL) System & Service Processes Windows System-wide data structures Memory Management I/O Subsystem Process and time management System services Kernel Record Management Service (RMS) Executive Command Language Interpreter (CLI) Supervisor Platform-Adaptation Layer (PAL) - Alpha Support LibrariesUtilities Program Development Tools Layered Products (Apps) User Mode Kernel Mode

32 32  Product name has varied internally  each version identified by a “build number”  Internal identification: –increments each time NT is built from source –(5-6 times a week)  Interesting timeline: –http://windows2000.about.com/library/weekly/aa010218a.htmhttp://windows2000.about.com/library/weekly/aa010218a.htm Release History

33 33 Build#VersionDate 297PDC developer releaseJul 1992 511NT 3.1Jul 1993 807NT 3.5Sep 1994 1057NT 3.51May 1995 1381NT 4.0Jul 1996 2195Windows 2000 (NT 5.0)Dec 1999 2600Windows XP (NT 5.1)Aug 2001 3790Windows Server 2003 (NT 5.2)Mar 2003 4051Longhorn PDC Developer PreviewOct 2003 Release History

34 34 1970198019902000 VMS v1.0 Windows NT 3.1 NT 4.0 Windows 2000 Windows XP Server 2003 1970198019902000 UNIX born UNIX public UNIX V6 Linux v1.0 v2.0 v2.2v2.3v2.4 v2.6 (see http://www.levenez.com for diagrams showing history of Windows & Unix)http://www.levenez.com Windows And Linux Evolution  Windows and Linux kernels are based on foundations developed in the mid-1970s

35 35 Further Reading  Dennis M. Ritchie, The Evolution of the Unix Time- sharing System, –in Proc. of Lang. Design and Programming Meth. Conf., Sydney, Australia, Sept 1979, Lecture Notes in Computer Science #79, Springer-Verlag, 1980.  David Donald Miller, OpenVMS Operating System Concepts, –2nd Ed., Digital Press, 1997. –History of Digital Operating Systems (pp. 447 ff.)

36 36 Further Reading  Mark E. Russinovich and David A. Solomon, Microsoft Windows Internals, –4th Edition, Microsoft Press, 2004. –Historical Perspective (pp. xix ff.)  G. Pascal Zachary, Show Stopper! The Breakneck Race to Create Windows NT and the Next Generation at Microsoft, –ISBN: 0029356717, Free Press, 1994

37 37 Windows Operating System Family Concepts & Tools

38 38 Roadmap for Section 1.3. High-level Overview on Windows Concepts  Processes, Threads  Virtual Memory, Protection  Objects and Handles Windows is thoroughly instrumented  Key monitoring tools  Extra resources at www.sysinternals.com

39 39 Requirements and Design Goals  Provide a true 32-bit, preemptive, reentrant, virtual memory operating system  Run on multiple hardware architectures and platforms  Run/scale well on symmetric multiprocessing systems  Distributed computing platform (Client/Server)  Run most existing 16-bit DOS and Windows 3.1 apps  Meet government req. for POSIX 1003.1 compliance  Meet government and industry req. for OS security

40 40 Requirements and Design Goals  Support Unicode  Extensibility –Code must be able to grow and change as market change  Portability –must be able to run on multiple hardware architectures and move with relative ease to new ones as market demands dictate  Reliability and Robustness –Protection against internal malfunction and external tampering –Apps should not be able to harm the OS or other running apps

41 41 Goals (contd.)  Compatibility –UI and APIs should be compatible with older versions of Windows as well as older OS such as MS-DOS –Should also interoperate well with UNIX, OS/2, and NetWare  Performance –Should be as fast/responsive as possible on each HW platform

42 42 Portability  HAL (Hardware Abstraction Layer): –support for x86 (initial), MIPS (initial) –Alpha AXP, PowerPC (NT 3.51), Itanium (Windows XP/2003) –Machine-specific functions located in HAL  Layered design: –architecture-specific functions located in kernel

43 43 Portability  Windows NT/2000/XP/2003 kernel components are primarily written in C: –OS executive, utilities, drivers –UI and graphics subsystem - written in C++  HW-specific/performance-sensitive parts: –written in assembly language –int trap handler, context switching

44 44 Windows API & Subsystems  Windows API (application programming interface) –Common programming interface to Windows NT/2000/XP, Windows 95/98/ME and Windows CE –OS implement (different) subsets of the API –MSDN: http://msdn.microsoft.com

45 45 Windows API & Subsystems  Windows supports multiple subsystems (APIs): –Windows (primary), POSIX, OS/2 –User space app access OS functionality via subsystems  Subsystems define APIs, process, file system semantics –OS/2 used to be primary subsystem for Windows NT

46 46 64-bit vs. 32-bit Windows APIs  Pointers and types derived from pointer are 64-bit  A few others go 64 –e.g. WPARAM, LPARAM, LRESULT, SIZE_T  Rest are the same –e.g., 32-bit INT, DWRD, LONG

47 47 64-bit vs. 32-bit Windows APIs  Only 5e replacement APIs!  4 for Window/Class Data –Replaced by Polymorphic (_ptr) versions –Updated constants used by these APIs  1 (_ptr) version for flat scroll bars properties

48 48 64-bit vs. 32-bit Windows APIs APIData Modelintlongpointer Win32ILP3232 Win64LLP6432 64 UNIXesLP643264 Win32Win64 Windows API Win32 and Win64 are consistently named the Windows API

49 49 Services, Functions, and Routines  Windows API functions: –Documented, callable subroutines –CreateProcess, CreateFile, GetMessage  Windows system services: –Undocumented functions, callable from user space –NtCreateProcess is used by Windows CreateProcess and POSIX fork() as an internal service

50 50 Windows Internal Routines  Subroutines inside Windows executive/kernel/ HAL  Callable from kernel mode only –(device driver, NT OS components)  For Example: –ExAllocatePool allocates memory on system heap

51 51 Windows Services:  Processes started by the Service Control Manager  Example: –The Schedule service supports the at-command

52 52 DLL (Dynamic Link Library)  Subroutines in binary format –contained in dynamically loadable files  Examples: –MSVCRT.DLL – MS Visual C++ run-time library –KERNEL32.DLL – one of the Windows API libraries

53 53  Represents an instance of a running program –you create a process to run a program –starting an application creates a process  Process defined by: –Address space –Resources (e.g. open handles) –Security profile (token) Processes

54 54  An execution context within a process  Unit of scheduling (threads run, processes don’t run)  All threads in a process share same address space –can synchronize access to shared resources –(critical sections, mutexes, events, semaphores)  All threads in the system are scheduled as peers to all others, without regard to their “parent” process Threads

55 55 System wide Address Space Per-process address space Per-process address space Thread Processes and Threads

56 56  System calls for process and thread creation: –CreateProcess and CreateThread  Primary argument to CreateProcess is: –image file name (or command line)  Primary argument to CreateThread is: –a function entry point address Processes and Threads

57 57 Processes and Threads  Every process starts with one thread  First thread executes the program’s “main” function –Can create other threads in the same process –Can create additional processes  Why divide an application into multiple threads?

58 58 Why Divide Process into Threads  Perceived user responsiveness  parallel/background execution  Examples: Word background print –can continue to edit during print

59 59 Why Divide Process into Threads  Take advantage of multiple processors  On an MP system with n CPUs –n threads can literally run at the same time  Question: given a single threaded application, will adding a 2nd processor make it run faster?

60 60 Why Divide Process into Threads  Does add complexity  Synchronization  Scalability well is a different question… –# of multiple runnable threads vs # CPUs –too many runnable threads causes excess context switch

61 61 A Process and Its Resources Process object Access token VAD Virtual address space descriptors (VADs) Handle table Object thread Access token

62 62 Virtual Memory  32-bit address space (4 GB) –2 GB user space (per process) –2 GB operating system  64-bit address space –7192 GB user space (Itanium) –8192 GB user space (x64) –~6000 GB operating system  Memory manager maps virtual onto physical memory

63 63 Default 32-bit Layout 2 GB User Process space Unique per process 2 GB system Kernel/HAL Boot drivers System cache Paged pool Nonpaged pool System wide

64 64  No user process can touch another user process address space –without first opening a handle to the process, –which means passing through NT security  Separate process page tables prevent this  Current page table changed on context switch from a thread in 1 process to a thread in another process Memory Protection Model

65 65  No user process can touch kernel memory  Page protection in process page tables prevent this  OS pages only accessible from “kernel mode” –x86: Ring 0, Itanium: Privilege Level 0  Threads change from user to kernel mode and back (via a secure interface) to execute kernel code –Does not affect scheduling (not a context switch) Memory Protection Model

66 66 Kernel Mode vs. User Mode  No protection for components running in kernel mode  Transition from user to kernel mode through special instruction (processor changes privilege level) –OS traps this instruction and validates arguments to syscalls –Transition from user to kernel mode does not affect thread scheduling

67 67 Kernel Mode vs. User Mode  Performance Counters: System/Processor/Process/ Thread – Privileged Time/User time –Windows kernel is thoroughly instrumented –Hundreds of performance counters throughout the system  Performance Monitor – perfmon.msc - MMC snap in

68 68 Performance Monitor

69 69 Objects and Handles  Process, thread, file, event objects in Windows are mapped on NT executive objects  Object services read/write object attributes  Objects: –Human-readable names for system resources –Resource sharing among processes –Resource protection against unauthorized access

70 70 Objects and Handles  Security/Protection based on NT executive objects  2 forms of access control:  Discretionary control: –read/write/access rights  Privileged access: –administrator may take ownership of files

71 71 Networking  Integral, application-transparent networking services –Basic file and print sharing and using services  A platform for distributed applications –Application-level inter-process communication (IPC)  Windows provides an expandable platform for other network components

72 72 Security  Windows 2000 supports C2-level security –DoD 5200.23-STD, December 1985  Discretionary protection (need-to-know) for shareable system objects –files, directories, processes, threads)  Security auditing –accountability of subjects and their actions)  Password authentication at logon  Prevention of access to un-initialized resources –memory, disk space

73 73 Security  Windows NT 3.51 was formally evaluated for C2  Windows NT 4.0 SP 6a passed C2 in December 1999 –Networked workstation configuration  European IT Security Criteria FC2/E3 security level

74 74 Registry  System wide software settings: –boot & configuration info  Security database  Per-user profile settings  In-memory volatile data (current hardware state) –What devices are loaded? –Resources used by devices –Performance counters are accessed through registry functions

75 75 Registry  Regedit.exe used to view/modify registry settings –HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control –HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services –HKEY_LOCAL_MACHINE\Software

76 76 Unicode  Most internal text strings are stored/processed as 16-bit wide Unicode strings  Windows API string functions have 2 versions  Unicode (wide) version –L“This string uses 16-bit characters“  ANSI(narrow) version –“This string uses 8-bit characters“

77 77 Unicode  Generic character representation in Windows API –_T (“This string uses generic characters“)  Win95/98/ME have Win API but no Unicode characters  Win CE has Windows API but Unicode characters only

78 78  Many tools available to dig into Windows internals –Helps to see internals behavior “in action”  We’ll use these tools to explore the internals –Many of these tools are also used in the labs Tools Used to Dig In

79 79  Several sources of tools –Support Tools –Resource Kit Tools –Debugging Tools –Sysinternals.com  Additional tool packages with internals information –Platform Software Development Kit (SDK) –Device Driver Development Kit (DDK) Tools Used to Dig In

80 80 Tool Image Name Origin Startup Programs Viewer AUTORUNS www.sysinternals.com Dependency Walker DEPENDS Support Tools, Platform SDK DLL List LISTDLLS www.sysinternals.com EFS Information Dumper EFSDUMP www.sysinternals.com* File Monitor FILEMON www.sysinternals.com Global Flags GFLAGS Support Tools Handle Viewer HANDLE www.sysinternals.com Junction tool JUNCTION www.sysinternals.com Kernel debuggers WINDBG, KD Debugging tools, Platform SDK, Windows DDK Live Kernel Debugging LIVEKD www.sysinternals.com Logon Sessions LOGINSESSIONS www.sysinternals.com Object Viewer WINOBJ www.sysinternals.com Open Handles OH Resource kits Page Fault Monitor PFMON Support Tools, Resource kits, Platform SDK Pending File Moves PENDMOVES www.sysinternals.com Tools for Viewing Windows Internals

81 81 Tools for Viewing Windows Internals Tool Image Name Origin Performance tool PERFMON.MSC Windows built-in tool PipeList tool PIPELIST www.sysinternals.com Pool Monitor POOLMON Support Tools, Windows DDK Process Explorer PROCEXP www.sysinternals.com Get SID tool PSGETSID www.sysinternals.com Process Statistics PSTAT Support Tools, Windows 2000 Resource kits, Platform SDK, www.reskit.com Process Viewer PVIEWER (in the Support Tools) or PVIEW (in the Platform SDK) Platform SDK Quick Slice QSLICE Windows 2000 resource kits Registry Monitor REGMON www.sysinternals.com Service Control SC Windows XP, Platform SDK, Windows 2000 resource kits Task (Process) List TLIST Debugging tools Task Manager TASKMGR Windows built-in tool TDImon TDIMON www.sysinternals.com

82 82  Tools that used to be in the NT4 Resource Kit –Win2K: 40+ tools, WinXP: 70+ tools  Located on Windows OS CD in \support\tools  Not a subset of the Resource Kit –So, you have to install this and the Resource Kit  In NT4, the NT4 Server Resource Kit included the NT4 Resource Kit Support Tools Support Tools

83 83 Windows Resource Kit Tools  W2K Server Resource Kit Tools (Supplement 1 is latest) –Not freely downloadable Comes with MSDN & TechNet, so most sites have it –May be installed on as many PCs as you want at one site –Installs fine on 2000/XP Professional (superset of 2000 Professional Resource Kit)  Windows XP Resource Kit: no tools, just documentation

84 84 Windows Resource Kit Tools  Windows Server 2003 Resource Kit Tools –Free download – visit –http://www.microsoft.com/windows/reskits/default.asphttp://www.microsoft.com/windows/reskits/default.asp –Tool updates are at http://www.microsoft.com/windowsserver2003/techinfo/reskit/too ls/default.mspx http://www.microsoft.com/windowsserver2003/techinfo/reskit/too ls/default.mspx  NOTE: Windows 2000 Server Resource Kit has more tools than 2003 Resource Kit (225 vs 115.EXEs) –Many tools dropped due to lack of support –Tools are still officially unsupported But, can send bug reports to ntreskit@microsoft.com

85 85 Windows Debugging Tools  Separate package of advanced debugging tools –Installs on NT4, Win2000, XP, 2003  Download latest version from: –http://www.microsoft.com/whdc/ddk/debugginghttp://www.microsoft.com/whdc/ddk/debugging

86 86 Windows Debugging Tools  User-mode and kernel-mode debuggers –Kd – command line interface –WinDbg – GUI interface (kernel debugging still mostly “command line”) –Allow exploring internal system state & data structures  Ntsd, Cdb – command line user-mode debugger (newer versions than what ships with OS)  Misc other tools (some are also in Support Tools): –kill, remote, tlist, –logger/logview (API logging tool), Autodump

87 87 Live Kernel Debugging  Useful for investigating internal system state not available from other tools –Previously, required 2 computers (host and target) –Target would be halted while host debugger in use  XP & Server 2003 support live local kernel debugging –Technically requires system to be booted /DEBUG to work correctly –You can edit kernel memory on the live system (!) –But, not all commands work

88 88 Live Kernel Debugging  LiveKd (www.sysinternals.com)www.sysinternals.com  Tricks standard Microsoft kernel debuggers into thinking they are looking at a crash dump  Works on NT4, Windows 2000, Windows XP, & Server 2003  Was originally shipped on Inside W2K book CD-ROM  Now is free on Sysinternals

89 89 Live Kernel Debugging  Commands that fail in local kernel debugging work: –Kernel stacks (!process, !thread) –Lm (list modules) –Can snapshot a live system (.dump)  Does not guarantee consistent view of system memory –Thus can loop or fail with access violation –Just quit and restart

90 90  Freeware tools from www.sysinternals.comwww.sysinternals.com –Written by Mark Russinovich & Bryce Cogswell  Useful for developers, system administrators, and power users –Most popular: Filemon, Regmon, Process Explorer  Generated via reverse engineering (no source access) Sysinternals Tools

91 91  Require no installation –run them directly after downloading and unzipping  Many tools require administrative privileges –Some load a device driver  Tools regularly updated –so make sure to check for updated versions –Subscribe to free Sysinternals newsletter Sysinternals Tools

92 92 Process Explorer (Sysinternals)  Super Task Manager  Shows full image path, command line,  environment variables, parent process,  security access token, open handles,  loaded DLLs & mapped files

93 93 Process Explorer (Sysinternals)

94 94 Platform SDK  Contains header files, libraries, documentation, & sample code for entire Windows “platform” API –14 separate SDKs –Core SDK contains core services, COM, messaging, active directory, management, etc.  Freely downloadable from www.microsoft.com/msdownload/platformsdk/sdkupdat e www.microsoft.com/msdownload/platformsdk/sdkupdat e –Part of MSDN Professional (or higher) subscription

95 95 Platform SDK  Always matches operating system revision –E.g. Platform SDK revised with new release (or beta) as new APIs are added  Not absolutely required for Win32 development –because VC++ comes with the Win32 API header files  but…VC++ headers, libs, doc won’t reflect APIs added after VC++ was mastered  Also provides a few tools (e.g. WinObj, Working Set Tuner) not available elsewhere

96 96 Further Reading  Microsoft Windows Internals –By Mark E. Russinovich and David A. Solomon,  4th Edition, Microsoft Press, 2004.  Concepts and Tools (pp. 1 ff.)  Digging into Windows Internals (pp. 25 ff.)

97 Windows Roadmap

98 2004 H2 2005 H1 Future Service Pack 2 “Lonestar” Beta 64bit for Extended Systems Windows Client Roadmap

99 Service Pack 1 2003 2005 H1 R2 Service Pack 2 Future 2005 H2 Windows Server Roadmap

100

101 Thoughts Change Life 意念改变生活


Download ppt "Windows OS Overview Instructor: Hengming Zou, Ph.D. In Pursuit of Absolute Simplicity 求于至简,归于永恒."

Similar presentations


Ads by Google