Presentation is loading. Please wait.

Presentation is loading. Please wait.

Group 3 組員: 徐裕量 王貞力 葉怡群 左昌國

Published byCamron Tyler Modified over 6 years ago

Similar presentations

Presentation on theme: "Group 3 組員: 徐裕量 王貞力 葉怡群 左昌國"— Presentation transcript:

1 Group 3 組員: 徐裕量 王貞力 葉怡群 左昌國
Modern Operation System Kernels (Microsoft Windows Internals 4th ed.) Chapter 3 part-2 Windows System Mechanisms Group 3 組員: 徐裕量 王貞力 葉怡群 左昌國

2 Outline Windows Error Reporting System Service Dispatching
32-Bit System Service Dispatching 64-Bit System Service Dispatching Kernel-Mode System Service Dispatching Service Descriptor Tables

3 Windows Error Reporting
Windows Error Reporting automates the submission of both user-mode process crashes as well as kernel-mode system crashes. (Chapter 14) These settings are stored in the registry under the Key HKLM\Software\Microsoft\PCHealth\ErrorRep orting .

4 Windows Error Reporting

5 Windows Error Reporting

6 Windows Error Reporting
If the registry value HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AeDebug\Auto is set to zero or the Debugger string contains the text “Drwtsn32”,the unhandled exception filter loads \Windows\System\Faultrep.dll into failing process and calls its ReportFault function.

7 Windows Error Reporting

8 Windows Error Reporting
The error report (a minidump and a text file with details on the DLL version numbers loaded in the process)is sent to Microsoft’s online crash analysis server. Microsoft provides to qualified customers a tool set called Corporate Error Reporting that the administrator with the option to take selective error reports and submit them to Microsoft.

9 System Service Dispatching
A system service dispatch is triggered as a result of executing an instruction assigned to system service dispatching. The instruction that Windows uses for system service dispatching depends on the processor in which it’s executing.

10 32-Bit System Service Dispatching
A numeric argument passed in the EAX processor register indicates the system service number being requested. The EBX register points to the list of parameters the caller passes to the system service.

11 32-Bit System Service Dispatching
On x86 Pentium II processors and higher, Windows uses the special sysenter instruction, which Intel defined specifically for fast system service dispatches. The system service number is passed in the EAX processor register, and the EDX register points to the list of caller arguments. To return to user-mode, the system service dispatcher usually executes the sysexit instruction.

12 32-Bit System Service Dispatching
On K6 and higher 32-bit AMD processors, Windows uses the special syscall instruction, which functions similar to the x86 sysenter instruction. The system call number is passed in the EAX register, and the stack stores the caller arguments. After completing the dispatch, the kernel executes the sysret instruction.

13 32-Bit System Service Dispatching
ntdll!NtReadFile: 77f5bfa8 b8b mov eax,0xb7 77f5bfad ba0003fe7f mov edx,0x7ffe0300 77f5bfb2 ffd2 call edx 77f5bfb4 c ret 0x24 SharedUserData!SystemCallStub: 7ffe0300 8bd mov edx,esp 7ffe0302 0f sysenter 7ffe0304 c ret

14 64-Bit System Service Dispatching
On the x64 architecture, Windows uses the syscall instruction, which functions like the AMD K6's syscall instruction, for system service dispatching, passing the system call number in the EAX register, the first four parameters in registers, and any parameters beyond those four on the stack:

15 64-Bit System Service Dispatching
On the IA64 architecture, Windows uses the epc (Enter Privileged Mode) instruction. The first eight system call arguments are passed in registers, and the rest are passed on the stack .

16 64-Bit System Service Dispatching
ntdll!NtReadFile: '77f9fc60 4c8bd mov r10,rcx '77f9fc63 b8bf mov eax,0xbf '77f9fc68 0f syscall '77f9fc6a c ret

17 Kernel-Mode System Service Dispatching
The kernel uses this argument to locate the system service information in the system service dispatch table. Copies the caller's arguments from the thread's user-mode stack to its kernel-mode stack ), and then executes the system service.

18 Kernel-Mode System Service Dispatching

19 Kernel-Mode System Service Dispatching

20 Kernel-Mode System Service Dispatching
Each thread has a pointer to its system service table. Windows has two built-in system service tables, but up to four are supported. The system service dispatcher determines which table contains the requested service by interpreting a 2-bit field in the 32-bit system service number as a table index. The low 12 bits of the system service number serve as the index into the table specified by the table index.

21 Kernel-Mode System Service Dispatching

22 Service Descriptor Tables
KeServiceDescriptorTable, defines the core executive system services implemented in Ntosrknl.exe KeServiceDescriptorTableShadow, includes the Windows USER and GDI services implemented in the kernel-mode part of the Windows subsystem, Win32k.sys.

23 Service Descriptor Tables
The KeAddSystemServiceTable function allows Win32k.sys and other device drivers to add system service tables. With the exception of the Win32k.sys service table, a service table added with KeAddSystemServiceTable is copied into both the KeServiceDescriptorTable array and the KeServiceDescriptorTableShadow array.

24 Service Descriptor Tables
The system service dispatch instructions for Windows executive services exist in the system library Ntdll.dll. Subsystem DLLs call functions in Ntdll to implement their documented functions. The exception is Windows USER and GDI functions, in which the system service dispatch instructions are implemented directly in User32.dll and Gdi32.dll—there is no Ntdll.dll involved.

25 Service Descriptor Tables

26 Chapter 3 Windows System Mechanisms
Object Manager

27 Windows object manager
Object manager creates, managers, and delete Windows executive object and abstract data types that are use to represent operating system resources such as processes, threads, and the various synchronization objects.

28 Object manager GOAL(1/2)
Provide a common, uniform mechanism for using system resources Isolate object protection to one location in the operating system so that C2 security compliance can be achieved Establish an object-naming scheme that can readily incorporate existing objects, such as the devices, files, and directories of a file system, or other independent collections of objects

29 Object manager GOAL(2/2)
Support the requirements of various operating system environments a process to inherit resources from a parent process create case-sensitive filenames Establish uniform rules for object retention (for keeping an object available until all processes have finished using it)

30 Kinds of objects Executive object
objects implemented by various components of the executive (the process manager, memory manager, I/O subsystem) Kernel object implemented by the Windows kernel Not visible to user-mode Created and used only within executive Provide fundamental capabilities(e.g.synchronization)

31

32 Executive object The executive objects and object services are primitives that the environment subsystems use to construct their own versions of objects and other resources. Executive objects are created By an environment subsystem on behalf of a user application By various components of the operating system as part of their normal operation. E.g. create a file

33 Executive object

34 A thread can synchronize with executive object
job, process, thread, file, event, semaphore, mutex, and timer objects. Other executive objects don't support synchronize

35 Object structure

36 Object header attributes

37 All objects of the same type share the same object body format
The object manager provides a small set of generic services that operate on the attributes stored in an object's header and can be used on objects of any type Although these generic object services are supported for all object types, each object has its own create, open, and query services

38 Object services

39 Type objects Object headers contain data that is common to all objects but that can take on different values for each instance of an object each object has a unique name and can have a unique security descriptor you can select from a set of access rights specific to a type of object when you open a handle to objects of that type, The executive supplies terminate and suspend access for thread objects read, write, append, and delete access for file objects

40 To conserve memory, the object manager stores these static, object-type- specific attributes once when creating a new object type a type object also links together all objects of the same type ,allowing the object manager to find and enumerate them, if necessary.

41 Type objects can't be manipulated from user mode because the object manager supplies no services for them.

42 Object Methods

43 Object Methods Method When method is called Open
When an object handle is opened Close When an object handle is closed Delete Before the object manager deletes an object Query When a thread requests the name of an object, such as a file, that exists in a secondary object namespace Parse When the object manager is searching for an object name that exists in a secondary object namespace Security When a process reads or changes the protection of an object, such as a file, that exists in a secondary object namespace

44 Object Handles and the Process Handle Table
When a process creates or opens an object by name, it receives a handle that represents its access to the object. All user-mode processes must own a handle to an object before their threads can use the object. Executive components and device drivers can access objects directly because they are running in kernel mode.

45 Object Handles and the Process Handle Table
An object handle is an index into a process- specific handle table, pointed to by the executive process (EPROCESS) block A process's handle table contains pointers to all the objects that the process has opened a handle to.

46 Object Handles and the Process Handle Table
The first handle index is 4, the second 8, and so on. Handle tables are implemented as a 3-level scheme, similar to the way that the x86 memory management unit implements virtual-to-physical address translation

47 Object Handles and the Process Handle Table
Windows 2000 process handle table architecture

48 Object Handles and the Process Handle Table
P: indicates whether the caller is allowed to close this handle I: indicates whether processes created by this process will get a copy of this handle in their handle tables A: indicates whether closing the object should generate an audit message. This flag isn't exposed to Windows—the object manager uses it internally.

49 Object Handles and the Process Handle Table
System components and device drivers often need to open handles to objects that user-mode applications shouldn't have access to. This is done by creating handles in the kernel handle table referenced internally with the name ObpKernelHandleTable The handles in this table are accessible only from kernel mode and in any process context.

50 Object Security In the executive, when a process creates an object or opens a handle to an existing object, the process must specify a set of desired access rights that is, what it wants to do with the object

51 Object Security It can request either a set of standard access rights (such as read, write, and execute) that apply to all object types or specific access rights that vary depending on the object type.

52 Object Security When a process opens a handle to an object, the object manager calls the security reference monitor, sending it the process's set of desired access rights. The security reference monitor checks whether the object's security descriptor permits the type of access the process is requesting. If it does, the reference monitor returns a set of granted access rights that the process is allowed, and the object manager stores them in the object handle it creates.

53 I will present… Microsoft Windows Internals – Microsoft Windows Server 2003, Windows XP, and Windows 2000, 4th ed. Chapter 3: System Mechanisms Object Structure Object Retention Resource Accounting Object Names Session Namespace, and Two Experiments Page 141 ~ 149

54 Outline Object Retention Resource Accounting Object Names
Experiment: Looking at the Base Named Objects Session Namespace Experiment: Viewing Namespace Instancing

55 Object Retention 2 types of objects Object retention
Temporary – remain while in use Permanent – remain until explicitly freed Object retention retains “temporary” objects only when they’re in use 2 phases Name retention Object deletion DDK Documentation OSR(MSDN ver.)

56 Figure 3-18. Structure of an object
Object Retention

57 Object Retention Process A System space Process B 1 2 2 3 1 1 1
Handles Handle table Event object Other structure HandleCount= ReferenceCount= 1 2 2 3 1 Index DuplicateHandle Process B Event object HandleCount= ReferenceCount= 1 1

58 Object Retention

59 Object Retention

60 Object Retention Programmers need not be concerned that one process might delete an object before the other process has finished using it. How about “permanent” object?

61 Object retention An object is permanent if it was created with the OBJ_PERMANENT object attribute flag specified. A permanent object is created with a reference count of one. Use the following steps to delete a permanent object that you created: Call ObDereferenceObject. Call the appropriate ZwOpenXxx or ZwCreateXxx routine to get a handle for the object, if necessary. Call ZwMakeTemporaryObject with the handle obtained in step 2. Call ZwClose with the handle obtained in step 2.

62 Outline Object Retention Resource Accounting Object Names
Experiment: Looking at the Base Named Objects Session Namespace Experiment: Viewing Namespace Instancing

63 Resource Accounting Like object retention, resource accounting is closely related to the use of object handles. Quota system? complicated Resource accounting Quota charges : record how much memory will be subtracted from pool quota when opening a handle to an object.

64 Resource Accounting No limit Different from the text book

65 Outline Object Retention Resource Accounting Object Names
Experiment: Looking at the Base Named Objects Session Namespace Experiment: Viewing Namespace Instancing

66 Object Names Object manager requires the following information to help track objects A way to distinguish one object from another A method for finding and retrieving a particular object Allow processes to share objects Look up timing When a process creates a named object When a process opens a handle to a named object

67 Object Names Case-sensitive or case-insensitive?
Unique name : won’t collide with others Global, but can not across a network Parse method Object directories (object directory object) Like file system directories Symbolic links (symbolic link object) A:, B:, C:  floppy, hard disk

68 Object Names Must have these 2 directories

69 Object Names Directories and links are objects, too

70 Object Names “GLOBAL??” has symbolic links point to disk partitions

71 Outline Object Retention Resource Accounting Object Names
Experiment: Looking at the Base Named Objects Session Namespace Experiment: Viewing Namespace Instancing

72 Experiment: Looking at the Base Named Objects

73 Outline Object Retention Resource Accounting Object Names
Experiment: Looking at the Base Named Objects Session Namespace Experiment: Viewing Namespace Instancing

74 Session Namespace How many user would log on to the system interactively? (review Chapter 1.) A user logged on to the console session First instance of namespace  global namespace Additional sessions Session-private view  local namespace \DosDevices , \Windows , and \BaseNamedObjects

75 Outline Object Retention Resource Accounting Object Names
Experiment: Looking at the Base Named Objects Session Namespace Experiment: Viewing Namespace Instancing

76 Experiment: Viewing Namespace Instancing
There is a link to Global in Session

77 Experiment: Viewing Namespace Instancing

78 Experiment: Viewing Namespace Instancing

79 Experiment: Viewing Namespace Instancing

80 Related Resource Windows, NT Object Manager (download wmv, 160MB, about 40min) Adrian Marinescu DDK Documentation OSR(MSDN ver.)

Download ppt "Group 3 組員: 徐裕量 王貞力 葉怡群 左昌國"

Similar presentations

Operating System Structures

Operating System Structures
Chapter 3 Process Description and Control

Chapter 3 Process Description and Control
6/9/2015B.Ramamurthy1 Process Description and Control B.Ramamurthy.

6/9/2015B.Ramamurthy1 Process Description and Control B.Ramamurthy.
Process Description and Control

Process Description and Control
Process Description and Control Module 1.0. Major Requirements of an Operating System Interleave the execution of several processes to maximize processor.

Process Description and Control Module 1.0. Major Requirements of an Operating System Interleave the execution of several processes to maximize processor.
Process Description and Control Chapter 3. Major Requirements of an Operating System Interleave the execution of several processes to maximize processor.

Process Description and Control Chapter 3. Major Requirements of an Operating System Interleave the execution of several processes to maximize processor.
Page 1 Processes and Threads Chapter 2. Page 2 Processes The Process Model Multiprogramming of four programs Conceptual model of 4 independent, sequential.

Page 1 Processes and Threads Chapter 2. Page 2 Processes The Process Model Multiprogramming of four programs Conceptual model of 4 independent, sequential.
Page 1 Processes and Threads Chapter 2 2.1 Processes 2.2 Threads 2.3 Interprocess communication 2.4 Classical IPC problems 2.5 Scheduling.

Page 1 Processes and Threads Chapter Processes 2.2 Threads 2.3 Interprocess communication 2.4 Classical IPC problems 2.5 Scheduling.
1 Process Description and Control Chapter 3. 2 Process Management—Fundamental task of an OS The OS is responsible for: Allocation of resources to processes.

1 Process Description and Control Chapter 3. 2 Process Management—Fundamental task of an OS The OS is responsible for: Allocation of resources to processes.
CSCE 351: Operating System Kernels

CSCE 351: Operating System Kernels
3.5 Interprocess Communication

3.5 Interprocess Communication
OS Spring’03 Introduction Operating Systems Spring 2003.

OS Spring’03 Introduction Operating Systems Spring 2003.
Cs238 Lecture 3 Operating System Structures Dr. Alan R. Davis.

Cs238 Lecture 3 Operating System Structures Dr. Alan R. Davis.
Chapter 11 Operating Systems

Chapter 11 Operating Systems
1 I/O Management in Representative Operating Systems.

1 I/O Management in Representative Operating Systems.
Using Two Queues. Using Multiple Queues Suspended Processes Processor is faster than I/O so all processes could be waiting for I/O Processor is faster.

Using Two Queues. Using Multiple Queues Suspended Processes Processor is faster than I/O so all processes could be waiting for I/O Processor is faster.
Chapter 8 Windows 2000. 2 Outline Programming Windows 2000 System structure Processes and threads in Windows 2000 Memory management The Windows 2000 file.

Chapter 8 Windows Outline Programming Windows 2000 System structure Processes and threads in Windows 2000 Memory management The Windows 2000 file.
MODERN OPERATING SYSTEMS Third Edition ANDREW S. TANENBAUM Chapter 11 Case Study 2: Windows Vista Tanenbaum, Modern Operating Systems 3 e, (c) 2008 Prentice-Hall,

MODERN OPERATING SYSTEMS Third Edition ANDREW S. TANENBAUM Chapter 11 Case Study 2: Windows Vista Tanenbaum, Modern Operating Systems 3 e, (c) 2008 Prentice-Hall,
Windows Object Manager CS 470 -- Spring 2002. Overview The object paradigm NT Objects and the Object Manager Object Structure Object Naming Object Handles.

Windows Object Manager CS Spring Overview The object paradigm NT Objects and the Object Manager Object Structure Object Naming Object Handles.
Chapter 3 Process Description and Control

Chapter 3 Process Description and Control

Similar presentations

Ads by Google