Download Windows Kernel Internals Overview - reverse - reverse

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
Document related concepts

Windows Phone wikipedia , lookup

Windows 10 wikipedia , lookup

Windows Mobile wikipedia , lookup

Distributed operating system wikipedia , lookup

Mobile operating system wikipedia , lookup

Spring (operating system) wikipedia , lookup

DNIX wikipedia , lookup

Windows RT wikipedia , lookup

Security-focused operating system wikipedia , lookup

Criticism of Windows Vista wikipedia , lookup

Windows Phone 8.1 wikipedia , lookup

Windows NT startup process wikipedia , lookup

OS-tan wikipedia , lookup

OS/2 wikipedia , lookup

Process management (computing) wikipedia , lookup

Thread (computing) wikipedia , lookup

Transcript 
Windows Kernel Internals
Overview
David B. Probert, Ph.D.
Windows Kernel Development
Microsoft Corporation
© Microsoft Corporation
1
Contributors
Neill Clift
Adrian Marinescu
Nar Ganapathy
Jake Oshins
Andrew Ritz
Jonathan Schwartz
Mark Lucovsky
Samer Arafeh
Dan Lovinger
Landy Wang
David Solomon
Ben Leis
Brian Andrew
Jason Zions
Gerardo Bermudez
Dragos Sambotin
Arun Kishan
Adrian Oney
© Microsoft Corporation
2
Windows History
• Team formed in November 1988
• Less than 20 people
• Build from the ground up
– Advanced Operating System
– Designed for desktops and servers
– Secure, scalable SMP design
– All new code
• Rigorous discipline – developers wrote very detailed
design docs, reviewed/discussed each others docs and
wrote unit tests
© Microsoft Corporation
3
Goals of the NT System
• Reliability – Nothing should be able to crash the
OS. Anything that crashes the OS is a bug and
we won’t ship until it is fixed
• Security – Built into the design from day one
• Portability – Support more than one processor,
avoid assembler, abstract HW dependencies.
• Extensibility – Ability to extend the OS over time
• Compatibility – Apps must run
• Performance – All of the above are more
important than raw speed!
© Microsoft Corporation
4
Windows Server 2003 Architecture
System Processes
Service
Controller
User
Mode
Applications
Services
Alerter
RPC
WinLogon
Session
Manager
Event
Logger
System
Threads
User
Application
Subsystem DLLs
Interix
Win32
NTDLL.DLL
Executive API
Kernel
Mode I/O Manager PnP/Power Processes
File
systems
Environment
Subsystems
Manager
& Threads
Security
Virtual
Memory
Cache
Manager
Object management / Executive RTL
Device drivers
Kernel
Hardware Abstraction Layer (HAL)
Hardware interfaces (read/write port, timers,
clocks,
DMA,
cache control, etc.)
© Microsoft
Corporation
5
Windows Executive
• Upper layers of the operating system
• Provides “generic operating system” functions
(“services”)
–
–
–
–
–
Creating and deleting processes and threads
Memory management
I/O initiation and completion
Interprocess communication
Security
• Almost completely portable C code
• Runs in kernel (“privileged”, ring 0) mode
• Many interfaces to executive services not documented
© Microsoft Corporation
6
Windows Kernel
• Lower layers of the operating system
– Implements processor-dependent functions (x86 vs. Alpha vs.
etc.)
– Also implements many processor-independent functions that are
closely associated with processor-dependent functions
• Main services
– Thread waiting, scheduling & context switching
– Exception and interrupt dispatching
– Operating system synchronization primitives (different for MP vs.
UP)
– A few of these are exposed to user mode
• Not a classic “microkernel”
– shares address space with rest of
kernel components
© Microsoft Corporation
7
HAL - Hardware Abstraction Layer
• Subroutine library for the kernel & device drivers
– Isolates Kernel and Executive from platform-specific
details
– Presents uniform model of I/O hardware interface to
drivers
• HAL abstracts:
– System timers, Cache coherency & flushing
– SMP support, Hardware interrupt priorities
– HAL also implements some functions that appear to
be in the Executive and Kernel
© Microsoft Corporation
8
Kernel Mode Execution
Code is run in kernel mode for one of three reasons:
1. Requests from user mode (system calls)
– Via the system service dispatch mechanism
– Kernel-mode code runs in the context of the requesting thread
2. Interrupts from external devices
– Interrupts (like all traps) are handled in kernel mode
– NT-supplied interrupt dispatcher invokes the interrupt service routine
– ISR runs in the context of the interrupted thread (so-called “arbitrary
thread context”)
– ISR often requests the execution of a “DPC routine”, which also runs in
kernel mode
3. Dedicated kernel-mode threads
– Some threads in the system stay in kernel mode at all times (mostly in
the “System” process)
– Scheduled, preempted, etc., like any other threads
© Microsoft Corporation
9
Processes & Threads
Access Token
VAD
Process
Object
VAD
VAD
Virtual Address Space Descriptors
Handle Table
object
object
Thread
Thread
© Microsoft Corporation
Thread
...
Access Token
10
Each process has its own…
• Virtual address space (including program
global storage, heap storage, threads’ stacks)
ƒ processes cannot corrupt each other’s
address space by mistake
• Working set (physical memory “owned” by the
process)
• Access token (includes security identifiers)
• Handle table for Win32 kernel objects
• These are common to all threads in the
process, but separate and protected between
processes
© Microsoft Corporation
11
Each thread has its own…
• Stack (automatic storage, call frames, etc.)
• Instance of a top-level function
• Scheduling state (Wait, Ready, Running, etc.)
and priority
• Current access mode (user mode or kernel
mode)
• Saved CPU state if it isn’t Running
• Access token (optional -- overrides process’s if
present)
© Microsoft Corporation
12
Windows Past, Present, Future
PAST: Personal computer, 16->32 bits, MSDOS,
Windows 9x code base, desktop focus
– Features, usability, compatibility, platform
– Windows 98
PRESENT: Enterprise computing, 32/64 bits, NT
code base, solid desktop, datacenter
– Reliability, performance, IT Features
– Windows XP, Windows Server 2003
FUTURE: Managed code (.NET Framework)
– Productivity, innovation, empowerment
– Longhorn
© Microsoft Corporation
13
.Net: Making it Simple
Windows API
HWND hwndMain = CreateWindowEx(
0, "MainWClass", "Main Window",
WS_OVERLAPPEDWINDOW | WS_HSCROLL | WS_VSCROLL,
CW_USEDEFAULT, CW_USEDEFAULT,
CW_USEDEFAULT, CW_USEDEFAULT,
(HWND)NULL, (HMENU)NULL, hInstance, NULL);
ShowWindow(hwndMain, SW_SHOWDEFAULT);
UpdateWindow(hwndMain);
.Net Framework
Window w = new Window();
w.Text = "Main Window";
w.Show();
© Microsoft Corporation
14
.Net: Unify Programming Models
Consistent API availability regardless of
language and programming model
.NET Framework
RAD,
Composition,
Delegation
VB Forms
Subclassing,
Power,
Expressiveness
MFC/ATL
Stateless,
Code embedded
in HTML pages
ASP
Windows API
© Microsoft Corporation
15
.Net: API Organization
System.Web
Services
Description
UI
HtmlControls
Discovery
WebControls
System.Windows.Forms
Design
Protocols
ComponentModel
System.Drawing
Caching
Security
Drawing2D
Printing
Configuration
SessionState
Imaging
Text
System.Data
System.Xml
ADO
SQL
XSLT
Design
SQLTypes
XPath
Serialization
System
Collections
IO
Security
Configuration
Net
ServiceProcess
Diagnostics
Reflection
Text
Globalization
Corporation
Resources © Microsoft
Threading
Runtime
InteropServices
Remoting
Serialization
16
.Net: Languages
‰ The Managed Platform is Language Neutral
¾ All languages are first class players
¾ You can leverage your existing skills
‰ Common Language Specification
¾ Set of features guaranteed to be in all languages
¾ C# enforcement: [assembly:CLSCompliant(true)]
‰ We are providing
¾ VB, C++, C#, J#, JScript
‰ Third-parties are building
¾ APL, COBOL, Pascal, Eiffel, Haskell, ML, Oberon,
Perl, Python, Scheme, Smalltalk…
© Microsoft Corporation
17
Unmanaged vs. Managed
Unmanaged Code
Managed Code
Binary standard
Type libraries
Immutable
Reference counting
Type unsafe
Interface based
HRESULTs
GUIDs
Type standard
Assemblies
Resilient bind
Garbage collection
Type safe
Object based
Exceptions
Strong names
© Microsoft Corporation
18
University of Tokyo
Windows Kernel Internals
Lectures
•
•
•
•
•
•
•
•
•
•
Object Manager
Virtual Memory
Thread Scheduling
Synchronization
I/O Manager
I/O Security
Power Management
NT File System
Registry
Lightweight Proc Calls
•
•
•
•
•
•
•
•
•
•
Windows Services
System Bootstrap
Traps / Ints / Exceptions
Processes
Adv. Virtual Memory
Cache Manager
User-mode heap
Win32k.sys
WoW64
Common Errors
© Microsoft Corporation
19
University of Tokyo
Windows Kernel Internals
Projects
Device Drivers and Registry Hooking
Dragos Sambotin – Polytech. Inst. of Bucharest
Using LPC to build native client/server apps
Adrian Marinescu – University of Bucharest
Threads and Fibers
Arun Kishan – Stanford University
Doing virtual memory experiments from user-mode
Arun Kishan – Stanford University
© Microsoft Corporation
20
Discussion
© Microsoft Corporation
21
Related documents
Win32 Programming
Win32 Programming
Multi-tenant GP Web Services.ppsx
Multi-tenant GP Web Services.ppsx
HW3 - UCF Computer Science - University of Central Florida
HW3 - UCF Computer Science - University of Central Florida
Windows Kernel Internals Overview
Windows Kernel Internals Overview
same in MS-Word format, with link to a longer article
same in MS-Word format, with link to a longer article
Operating Systems CSLO - Barbara Hecker
Operating Systems CSLO - Barbara Hecker
Document
Document
Document 7744157
Document 7744157
CSci 4061 Introduction to Operating Systems OS Concepts and
CSci 4061 Introduction to Operating Systems OS Concepts and
Download-Database Assignment
Download-Database Assignment
EECE 432– Operating Systems
EECE 432– Operating Systems