Download Windows System Architecture - Key kernel mode system components

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
Document related concepts
no text concepts found
Transcript 
Windows Kernel Mode Components
Overview
•
•
•
•
•
•
•
Operating system model
Operating system logical view
Operating system physical view
Executive
Kernel
Win32
HAL
www.winitor.com
1
Windows Kernel Mode Components
Applications
user
Non-privileged mode
Operating System - Model
Virtual machine
www.winitor.com
Privileged mode
kernel
2
Windows Kernel Mode Components
Applications
user
Non-privileged mode
Operating System – Logical view
kernel
Win32, GDI
device drivers
kernel
HAL
www.winitor.com
Privileged mode
executive
3
Windows Kernel Mode Components
Operating System– Physical View
Applications
user
kernel
System services dispatcher
Kernel mode system services
Window
manager
PnP
manager
power
manager
configuration
manager
LPC
manager
memory
manager
processes
manager
security
manager
cache
manager
Devices
driver
object manager
I/O manager
GDI
GDD
kernel
HAL
hardware
www.winitor.com
4
Windows Kernel Mode Components
Execution Context
Kernel activities take place in the context of the process that made
the request.
•
•
•
There is no process context switching
Only the context of the CPU is changed
Kernel and the application invoking it live in the same process
•
•
Application is loaded on demand
Kernel loaded during boot phase
0x00000000
Application A
Application B
Application C
...
Application Z
Unprivileged
memory address
•
0xFFFFFFFF
www.winitor.com
Privileged
memory address
0x7FFFFFFF
5
Windows Kernel Mode Components
Executive
•
Functions
•
•
•
•
•
Global, exported, undocumented and available to user mode
Global, exported, documented and available only to kernel mode
Global, exported, undocumented and available only to kernel mode
Global not exported
Local not exported
App
user
kernel
1
2
3
4
5
*.sys
*.sys
Object manager
5
...
OEM manafacturer Windows
Device driversDevices drivers
www.winitor.com
6
Windows Kernel Mode Components
Object Manager
•
Resoures are represented by objects
•
•
Objects cannot be directly accessed from user mode
•
•
Process, Thread, File, Semaphore, Timer, Window, Event, I/O, ...
The Object Manager translates names into handlers
Roles
Reference counting
Life time managemen
Mapping
Handle
•
•
•
Object
manager
Name
Application
Global name space
www.winitor.com
7
Windows Kernel Mode Components
Object Manager - Organization
•
Hierarchy
www.winitor.com
8
Windows Kernel Mode Components
Security Manager
•
•
•
Also called the “Security Reference Monitor” - SRM
Access Control
Access Auditing
Principal
Security
manager
Object
Intention
www.winitor.com
9
Windows Kernel Mode Components
Memory Manager
•
•
Definition
Tasks
Application
www.winitor.com
physical memory
Memory manager
virtual memory
swap files
10
Windows Kernel Mode Components
Executive – I/O manager
•
•
Definition
Role
application
Kernel32.dll
Ntdll.dll
Cache manager
I/O manager
www.winitor.com
NTFS
FAT
SCSI
IDE
11
Windows Kernel Mode Components
Executive – Process manager
•
•
Definition
Tasks
www.winitor.com
12
Windows Kernel Mode Components
Executive – LPC manager
•
•
Definition
Ports
3
1
www.winitor.com
Communication
Connection
4
2
13
Windows Kernel Mode Components
Devices Drivers
•
•
•
Definition
Types
Usage
www.winitor.com
14
Windows Kernel Mode Components
Kernel
•
•
•
•
Definition
Tasks
Particularities
Objects
www.winitor.com
15
Windows Kernel Mode Components
Hardware Abstraction Layer
•
•
•
•
Motivation
Definition
Installation
Extension
www.winitor.com
16
Windows Kernel Mode Components
Thanks!
www.winitor.com
17
Related documents