Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Windows Kernel Mode Components Overview • • • • • • • Operating system model Operating system logical view Operating system physical view Executive Kernel Win32 HAL www.winitor.com 1 Windows Kernel Mode Components Applications user Non-privileged mode Operating System - Model Virtual machine www.winitor.com Privileged mode kernel 2 Windows Kernel Mode Components Applications user Non-privileged mode Operating System – Logical view kernel Win32, GDI device drivers kernel HAL www.winitor.com Privileged mode executive 3 Windows Kernel Mode Components Operating System– Physical View Applications user kernel System services dispatcher Kernel mode system services Window manager PnP manager power manager configuration manager LPC manager memory manager processes manager security manager cache manager Devices driver object manager I/O manager GDI GDD kernel HAL hardware www.winitor.com 4 Windows Kernel Mode Components Execution Context Kernel activities take place in the context of the process that made the request. • • • There is no process context switching Only the context of the CPU is changed Kernel and the application invoking it live in the same process • • Application is loaded on demand Kernel loaded during boot phase 0x00000000 Application A Application B Application C ... Application Z Unprivileged memory address • 0xFFFFFFFF www.winitor.com Privileged memory address 0x7FFFFFFF 5 Windows Kernel Mode Components Executive • Functions • • • • • Global, exported, undocumented and available to user mode Global, exported, documented and available only to kernel mode Global, exported, undocumented and available only to kernel mode Global not exported Local not exported App user kernel 1 2 3 4 5 *.sys *.sys Object manager 5 ... OEM manafacturer Windows Device driversDevices drivers www.winitor.com 6 Windows Kernel Mode Components Object Manager • Resoures are represented by objects • • Objects cannot be directly accessed from user mode • • Process, Thread, File, Semaphore, Timer, Window, Event, I/O, ... The Object Manager translates names into handlers Roles Reference counting Life time managemen Mapping Handle • • • Object manager Name Application Global name space www.winitor.com 7 Windows Kernel Mode Components Object Manager - Organization • Hierarchy www.winitor.com 8 Windows Kernel Mode Components Security Manager • • • Also called the “Security Reference Monitor” - SRM Access Control Access Auditing Principal Security manager Object Intention www.winitor.com 9 Windows Kernel Mode Components Memory Manager • • Definition Tasks Application www.winitor.com physical memory Memory manager virtual memory swap files 10 Windows Kernel Mode Components Executive – I/O manager • • Definition Role application Kernel32.dll Ntdll.dll Cache manager I/O manager www.winitor.com NTFS FAT SCSI IDE 11 Windows Kernel Mode Components Executive – Process manager • • Definition Tasks www.winitor.com 12 Windows Kernel Mode Components Executive – LPC manager • • Definition Ports 3 1 www.winitor.com Communication Connection 4 2 13 Windows Kernel Mode Components Devices Drivers • • • Definition Types Usage www.winitor.com 14 Windows Kernel Mode Components Kernel • • • • Definition Tasks Particularities Objects www.winitor.com 15 Windows Kernel Mode Components Hardware Abstraction Layer • • • • Motivation Definition Installation Extension www.winitor.com 16 Windows Kernel Mode Components Thanks! www.winitor.com 17