Host and Application Security Lesson 4: The Win32 Boot Process.

Slides:



Advertisements
Similar presentations
Chapter 2 How Hardware and Software Work Together.
Advertisements

Genesis: from raw hardware to processes System booting sequence: how does a machine come into life.
Windows Vista Boot process. All the computer running Windows vista have the same start up sequence: Power-on self test (POST) phase Initial startup phase.
BIOS (Basic Input Output Service) Contains system data used by the ROM BIOS service routines. Serves as a standardized communication interface between.
DIT314 ~ Client Operating System & Administration CHAPTER 4 CONFIGURING HARDWARE DEVICES AND STARTUP PROCESS Prepared By : Suraya Alias.
The power supply performs a self-test. When all voltages and current levels are acceptable, the supply indicates that the power is stable and sends the.
PC BIOS and CMOS.
计算机系 信息处理实验室 Lecture 5 Startup and Shutdown
Chapter 6 Limited Direct Execution
MCDST : Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 4: Troubleshoot System Startup and User Logon Problems.
11 INSTALLING WINDOWS XP Chapter 2. Chapter 2: Installing Windows XP2 INSTALLING WINDOWS XP  Prepare a computer for the installation of Microsoft Windows.
Operating System Structure. Announcements Make sure you are registered for CS 415 First CS 415 project is up –Initial design documents due next Friday,
1 DOS with Windows 3.1 and 3.11 Operating Environments n Designed to allow applications to have a graphical interface DOS runs in the background as the.
LECTURE 14 Operating Systems and Utility Programs
I/O Tanenbaum, ch. 5 p. 329 – 427 Silberschatz, ch. 13 p
Lesson 4 Computer Software
Operating Systems Basic PC Maintenance, Upgrade and Repair Mods 1 & 2.
IT Essentials: PC Hardware and Software 1 Chapter 7 Windows NT/2000/XP Operating Systems.
Overview Introduction to Windows NT Workstation 4.0. Installing Windows NT Workstation 4.0. Customizing and managing NT Workstation 4.0. Managing Windows.
Computer Startup Sequence Overview
How Hardware and Software Work Together
Chapter 5 Basic Input/Output System (BIOS)
Booting in Windows XP Presented and Designed By: Luke Ladd.
Basic Input Output System
COMPUTER MANAGEMENT. System start-up Before switching on a computer, make sure that all the components are properly connected. The computer must be connected.
Hands-On Microsoft Windows Server 2008
By the end of this lesson you will be able to explain: 1. What is the BOOT process 2. A Cold Boot 3. A Warm Boot.
Computer Maintenance Unit Subtitle: Basic Input/Output System (BIOS) Excerpted from 1 Copyright © Texas Education Agency, All.
ITE 1 Chapter 5. Chapter 5 is a Large Chapter It has a great deal of useful information about operating systems. You will find this VERY helpful when.
Ch Review1 Review Chapter Microcomputer Systems Hardware, Software, and the Operating System.
The Basic Input/Output System Unit objectives: Access the BIOS setup utility, change hardware configuration values, and research BIOS updates Explain the.
A+ Guide to Managing and Maintaining Your PC Fifth Edition Chapter 14 Managing and Troubleshooting Windows 2000.
A+ Guide to Software Managing, Maintaining and Troubleshooting THIRD EDITION Chapter 2 How an OS Works with Hardware and Other Software.
Booting. Booting is the process of powering it on and starting the operating system. power on your machine, and in a few minutes your computer will be.
What is system software and what are its parts? Programs that control operation of computer Two parts are operating systems utility programs.
Module 12: Managing Disaster Recovery. Overview Preparing for Disaster Recovery Backing Up Data Scheduling Backup Jobs Restoring Data Configuring Shadow.
How Hardware and Software Work Together
Bios Utkan Sürgevil
A+ Guide to Managing and Maintaining Your PC Fifth Edition Chapter 13 Understanding and Installing Windows 2000 and Windows NT.
Windows 2000 Course Summary Computing Department, Lancaster University, UK.
14 Step-by-Step Instructions for an Upgrade Installation n Prepare for the installation Verify that all devices and applications are Windows 2000 compatible.
Basic Input/Output System
Chapter Thirteen Booting Windows XP. Objectives Understand the Windows XP boot process Understand the Windows XP boot process Troubleshoot system restoration.
Basic Input/Output System (BIOS). 5.1Introduction to BIOS Basic Input / Output System (BIOS) boot the computer by providing a basic set of instructions.
System Components ● There are three main protected modules of the System  The Hardware Abstraction Layer ● A virtual machine to configure all devices.
Click once to reveal the definition. Think of the answer. Then click to see if you were correct. HARDWARE Physical parts of the computer.
PC Start-up Procedure and Timing Lesson 6.  Hand in assignment from yesterday.  Describe the two main computer buses.  Describe how cache memory works.
Copyright © Genetic Computer School 2008 Computer Systems Architecture SA 8- 0 Lesson 8 Secondary Management.
POST and The Boot Process
Computer Maintenance I
Lesson 2 Component Overview Core Hardware Fundamentals.
Microsoft Window 9X Operating System Richard Goldman © February 28, 2001.
Computer Technician POST and The Boot Process ©UNT in Partnership with TEA1.
NON STANDARD HARDWARE By the end of this lesson you will be able to: 1. Identify non standard computer hardware 2. Understand ACRONYMS used to describe.
Virtualization.
Chapter Objectives In this chapter, you will learn:
Operating System Review
Computer Maintenance Unit Subtitle: Basic Input/Output System (BIOS)
Run Standard Diagnostic Tests
Files Used in the Boot Process
CONFIGURING HARDWARE DEVICE & START UP PROCESS
Operating System Review
Starting the computer. Every day we are using an operating system and most specifically a Windows operating system but most of us are not aware of the.
BIOS Chapter 6.
Modern PC operating systems
Computer Startup.
TPM, UEFI, Trusted Boot, Secure Boot
The bios.
Presentation transcript:

Host and Application Security Lesson 4: The Win32 Boot Process

Last foundational item  What steps does our machine go through to start running?

First Step: Power On!  This may seem like a trivial step, but a lot is happening  A timer kicks off once the MB voltages stabilize  Execution passes to a location in Read Only Memory (ROM)  Information about the hardware configuration is read from the CMOS

POST  Power On Self Test (POST)  Check CMOS validity  Check for Keyboard etc.  A side note: beep codes

Where next?  Understanding the boot sequence here is important Can boot from LAN, Floppy, Hard Drive, CD- ROM… Boot priority typically set in CMOS

But how?  At this point, there is no operating system  System used at the lowest level: Int 13h  Aside: how Int xxh instructions work  Typically, load “program” in the MBR as a single sector

Three Possible Outcomes  Success! First sector is loaded into memory and executed.  A READ ERROR occurs  A DISK I/O ERROR occurs

What does a boot sector look like?  On Win95…  debug l 7c u 7c00

Two Paths: Fixed and Removable  Not identical  Hard drive provides more options – MBR and PBS

Next…  MBR  PBS  NTLDR  NTOSKRNL.EXE  SMSS  WINLOGON  SCM

NTLDR  The boot code “understands” the underlying file system, and loads NTLDR from the root directory of that disk  NTLDR starts life in “real mode”

And What is “Real Mode”  No Virtual to Physical memory translation (tell me about that…)  Only 1MB of memory available to the machine (why?)  Just like DOS…

Protected Mode Source: Intel® 64 and IA-32 Architectures Software Developer’s Manual  32-bit memory now available  Paging turned on  Protected mode with paging is “normal” for Win32

Now we switch to PM  All disk IO still handled by the “old” code  NTLDR now examines BOOT.INI for more information  If more than one selection, display choices…

DOS?  If BOOT.INI refers to a DOS option  BOOTSEC.DOS is loaded and executed as if it were a boot sector, switching back to Real Mode

NTDETECT.COM  Runs in real mode  Reads the BIOS to determine OS basics, such as: Time and Date Types of Buses Number/type of drive Type of mouse Parallel Ports…

And then back to NTLDR  Load the Kernel and the HAL  Read the SYSTEM registry hive to determine required boot-time device drivers Start Value = SERVICE_BOOT_START  Loads the File System Drivers required for boot (e.g. NTFS)

NTLDR Continued  Loads the boot drivers and displayed “Starting Windows”  NB: Drivers only load at this time, they are not run  Prepare CPU registers for the execution of the kernel  Calls main() in NTOSKRNL

NTOSKRNL  Two stage initialization process called… Phase 0 Phase 1

Phase 0  Interrupts Disabled  Build the data structures required by the Phase 1 processes  Calls ExpInitializeExecutive Finalizes HAL Initializes Memory Manager Initializes Object Manager Initializes Security Reference Monitor, Process Mangler, Plug and Pray Manager

Phase 1  Control goes to Idle loop… allowing other processes to init  Interrupts turned on  Boot Video Driver On (The Win32 Startup Screen now displays)  SMSS (Session Manager SubSystem) called

SMSS  User-mode process (but trusted part of the OS)  Native application – doesn’t use Win32 APIs but uses Windows 2000 Native APIs  Does lots of things…  But we’re interested in: Runs any programs in HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\BootExecute Performs delayed file rename operations as directed in HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\PendingFileRenameOperations Starts Winlogon

Security?  So, let’s discuss… how can the Windows boot process be exploited?

Enhancements  UEFI Intel specifications to replace the BIOS interface that is standard to all PCs Secure boot, however, is a really interesting discussion The idea is to lock the hardware to a particular chain of trust  Things must be signed by a particular key… this lead to some interesting debates

Enhancements (cntd)  ELAM Try and get antimalware loaded much earlier in the boot process Purpose is to provide white/black listing services only early in the process Forces load of the AM solution before anything else is loaded

TPM  Of course there is the TPM  Trusted Platform Module “The proper definition is that a trusted system or component is one whose failure can break the security policy, while a trustworthy system or component is one that won’t fail” (Anderson)

Questions and Assignment  Assignment: 2500 words or more, on “Security Enhancements to the PC Boot Process”  Basically, in detail, tell me about UEFI, TPM etc.  Due, next Thursday, printed out, in class. PLUS electronic copy to moi!

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.