计算机系 信息处理实验室 Lecture 2 System architecture

计算机系 信息处理实验室 the Inside of Windows Review of last class Win32 API and its functions System service (int 2e) Win32 services Process and threads in windows 2000 Virtual memory (0G~2G~4G) Kernel mode vs. user mode Objects and handles

计算机系 信息处理实验室 the Inside of Windows Contents of this lecture Design goals Operating system model Key system components

计算机系 信息处理实验室 the Inside of Windows Design Goals True 32-bit, pre-emptive, re-entrant, virtual memory Multiple hardware platforms Symmetric multi-processor architecture Support networked computing Support 16-bit MS-DOS and Win3.x apps POSIX compliance TCSEC C2 certification Support Unicode

计算机系 信息处理实验室 the Inside of Windows Design Goals Extensibility Portability Reliability and robustness Compatibility Performance

计算机系 信息处理实验室 the Inside of Windows Windows 2000 VS. Consumer Windows Consumer Windows Windows 95, Windows 98, and Windows Millennium Edition Both are part of the "Windows family of operating systems Sharing a common subset API (Win32 and COM) and in some cases operating system code And WDM (Windows Driver Model) except 95

计算机系 信息处理实验室 the Inside of Windows Windows 2000 VS. Consumer Windows Multiprocessor systems, security True 32-bit Fully reentrant Address space for 16-bit Windows applications Visibility of shared memory Writable system pages from user mode Fully compatibility with MS-DOS and Windows 3.1

计算机系 信息处理实验室 the Inside of Windows Operating system model Similar to most UNIX systems Kernel mode VS. User mode most of OS and device driver code shares the same kernel-mode protected memory space Then, Windows 2000 Monolithic operating system OR Microkernel-Based System

计算机系 信息处理实验室 the Inside of Windows Kernel-mode components and OO Not an strict OO system Follows Basic OO design principles Mostly C not C++ C doesn't directly support OO constructs, such as dynamic binding of data types, polymorphic functions, or class inheritance What C brings?

计算机系 信息处理实验室 the Inside of Windows Portability Windows 2000 achieves portability across hardware architectures and platforms in two primary ways Layered design Language C

计算机系 信息处理实验室 the Inside of Windows Multitasking vs. multiprocessing Multitasking: sharing a single processor among multiple threads of execution Multiprocessing SMP vs. ASMP

计算机系 信息处理实验室 the Inside of Windows

计算机系 信息处理实验室 the Inside of Windows Architecture Overview Key system components

计算机系 信息处理实验室 the Inside of Windows Architecture Overview Four basic types of user-mode processes System support processes Service processes User applications Environment subsystems

计算机系 信息处理实验室 the Inside of Windows User mode processes [1] System support processes not Windows 2000 services (not started by the service control manager) Example: Logon process Session manager

计算机系 信息处理实验室 the Inside of Windows User mode processes [2] Service processes Windows 2000 services Example: Task scheduler Spooler …

计算机系 信息处理实验室 the Inside of Windows User mode processes [3] User applications One of five types Win32 Windows 3.1 MS-DOS POSIX OS/2 1.2

计算机系 信息处理实验室 the Inside of Windows User mode processes [4] Environment subsystems Environment subsystems expose the native operating system services to user applications through a set of callable functions Three environment subsystems Win32, POSIX, and OS/2

计算机系 信息处理实验室 the Inside of Windows Architecture Overview Subsystem DLLs

计算机系 信息处理实验室 the Inside of Windows Architecture Overview Subsystem DLLs User applications through one or more subsystem DLLs to call the native Windows 2000 operating system services indirectly Role of the subsystem DLLs Function  appropriate internal 2K system service calls Sometimes, sending a message to the appropriate environment subsystem process

计算机系 信息处理实验室 the Inside of Windows Architecture Overview Kernel mode component

计算机系 信息处理实验室 the Inside of Windows Kernel mode component Executive: Base OS services memory management, process and thread management, security, I/O, and IPC Kernel: low-level OS functions thread scheduling, interrupt and exception dispatching, and multiprocessor synchronization Device drivers HAL = hardware abstraction layer Windowing and graphics system

计算机系 信息处理实验室 the Inside of Windows Core Windows 2000 System Files Ntoskrnl.exe Executive and kernel Ntkrnlpa.exe Executive and kernel with support for PAE Hal.dll Different hardware platform has different HAL Hal.dll User mode Kernel mode Ntoskrnl.exe

计算机系 信息处理实验室 the Inside of Windows Core Windows 2000 System Files Kernel32.dll Win32 API functions Advapi32.dll Advance application interface Ntdll.dll Internal support functions system service dispatch stubs Core Win32 subsystem DLLs

计算机系 信息处理实验室 the Inside of Windows Core Windows 2000 System Files Why kernel32/advapi32 + Ntdll? Ntdll.dll Ntoskrnl.exe int 0x2e User mode Kernel mode Kernel32.dll Advapi32.dll

计算机系 信息处理实验室 the Inside of Windows Core Windows 2000 System Files User32.dll Gdi32.dll Win32k.sys a particular diver Kernel-mode part of the Win32 subsystem Win32k.sys User mode Kernel mode User32.dllGdi32.dll int 0x2e Core Win32 subsystem DLLs

计算机系 信息处理实验室 the Inside of Windows Key System Components Windows 2000 archtecture

计算机系 信息处理实验室 the Inside of Windows

计算机系 信息处理实验室 the Inside of Windows Environment Subsystems and DLLs Win32 subsystem POSIX Subsystem OS/2 Subsystem See registry key HKLM\SYSTEM\CurrentControlSet\Control\Ses sion Manager\SubSystems

计算机系 信息处理实验室 the Inside of Windows An example (your system may different)

计算机系 信息处理实验室 the Inside of Windows Win32 subsystem [1] Implemented in the Csrss.exe process Supports basic text windows Creating and deleting Win32 processes/threads and in the kernel mode driver WIN32K.SYS Parts of the Windows manager (“User”) Parts of the GDI And in subsystem DLLs mapping Win32 calls onto NT supervisor functions Kernel32.dll, Advapi32.dll User32.dll, Gdi32.dll And Graphics device drivers

计算机系 信息处理实验室 the Inside of Windows Win32 subsystem [2] E.g. App create windows by calling USER functions which call GDI functions which call graphic device drivers Win32 (csrss.exe) User32.dll, Kernel32.dll, Gdi32.dll Ntdll.dll Ntoskrnl.exe, win32k.sys App User mode Kernel mode

计算机系 信息处理实验室 the Inside of Windows Window manager and graphics In win32 process or kernel Prior to NT4.0 Required multiple thread and process context switches which consumed considerable CPU cycles and memory resources In NT4.0 moving the windowing and graphics system into kernel mode

计算机系 信息处理实验室 the Inside of Windows POSIX Subsystem a portable operating system interface based on UNIX Standard: POSIX 1 a mandatory goal for Windows 2000 Fairly limited in usefulness

计算机系 信息处理实验室 the Inside of Windows OS/2 Subsystem Supports only OS/ bit character-based or video I/O (VIO) applications

计算机系 信息处理实验室 the Inside of Windows Key components (cont.) NTDLL.DLL: Stubs to Executive entry points NTCreateFile, NtSetEvent etc. Support functions for subsystems

计算机系 信息处理实验室 the Inside of Windows Key components (cont.) Executive (Ntoskrnl.exe), include Functions User mode callable or kernel mode callable components Such as configuration manager, process and thread manager, I/O manager, plug and play manager, power manager, virtual memory manager, and so on. Support functions Object manager, LPC, synchronisation primitives

计算机系 信息处理实验室 the Inside of Windows Key components (cont.) Kernel (in Ntoskrnl.exe) provide fundamental mechanisms used by the executive components Kernel objects, thread scheduling, trap and exception handling, interrupt handling

计算机系 信息处理实验室 the Inside of Windows Ntoskrnl.exe

计算机系 信息处理实验室 the Inside of Windows Key components (cont.) Hardware Abstraction Layer (Hal.dll) List of Hals Hal.dll forStandard PCs Halacpi.dll for ACPI PCs Halapic.dll for APIC PCs Halaacpi.dll for APIC ACPI PCs Halmps.dll for Multiprocessor PCs Halmacpi.dll for Multiprocessor ACPI PCs Halborg.dll for Silicon Graphics Workstation (no longer marketed) Halsp.dll for Compaq SystemPro Hal.dll Hardware

计算机系 信息处理实验室 the Inside of Windows Key components (cont.) EXPERIMENT: Determining Which HAL You're Running Open \Winnt\Repair\Setup.log, search for Hal.dll Or, In Device Manager, look at the Computer device (My Computer  Properties  Hardware  Device Manager) ACPI= Advanced Configuration and Power Interface APIC= Advanced Programmable Interrupt Controller

计算机系 信息处理实验室 the Inside of Windows Key components (cont.) Device Drivers loadable kernel-mode modules (mostly.sys) run in kernel mode in one of three contexts a user thread that initiated an I/O function a kernel-mode system thread an interrupt handling I/O Manager Drivers HAL Hardware

计算机系 信息处理实验室 the Inside of Windows Device drivers Types of device drivers Hardware device drivers Handle different physical devices File system drivers Implement file abstraction File system filter drivers e.g. disk mirroring, encryption and so on Network redirectors and servers Transmit I/O requests across network Protocol drivers Kernel streaming filter drivers

计算机系 信息处理实验室 the Inside of Windows EXPERIMENT Viewing the Installed Device Drivers Run msinfo32 An example:

计算机系 信息处理实验室 the Inside of Windows

计算机系 信息处理实验室 the Inside of Windows Undocumented functions EXPERIMENT Listing Undocumented Functions Depends.exeDepends.exe open system32\Ntoskrnel.exe An example:

计算机系 信息处理实验室 the Inside of Windows

计算机系 信息处理实验室 the Inside of Windows System processes System process (0) Idle process System (8) System process smss.exe (144) Session manager csrss.exe (172) Win32 subsystem process winlogon.exe (192) Logon process services.exe (220) Service control manager svchost.exe (384) Generic service host image spoolsv.exe (480) Spooler service regsvc.exe (636) Remote registry service mstask.exe (664) Task scheduler service lsass.exe (232) Local security authentication server

计算机系 信息处理实验室 the Inside of Windows System Processes Idle Process (ID 0) System process Always process ID 8 The home for kernel mode system threads Session Manager (SMSS.EXE) First user-mode process Completes system initialization Win32 subsystem (csrss.exe) Logon (winlogon.exe)

计算机系 信息处理实验室 the Inside of Windows Logon (winlogon.exe) Handles interactive user logons and logoffs SAS: Ctrl+Alt+Delete Calls Userinit.exe to create user proc performs some initialization creates a process to run the system-defined shell (Explorer.exe) Exit Local Security Authentication Server (Lsass.exe) Validates authentication data and creates access token

计算机系 信息处理实验室 the Inside of Windows Service controller Manager (Services.exe) Starts and stops NT services (e.g. event log) EXPERIMENT Listing Installed Services Administrative Tools  Services