Presentation is loading. Please wait.

Presentation is loading. Please wait.

Windows Internals Brown-Bag Seminar Chapter 1 – Concepts and Tools

Published byΦίλανδρος Κουντουριώτης Modified over 6 years ago

Similar presentations

Presentation on theme: "Windows Internals Brown-Bag Seminar Chapter 1 – Concepts and Tools"— Presentation transcript:

1 Windows Internals Brown-Bag Seminar Chapter 1 – Concepts and Tools
Jim Fawcett Fall 2006

2 Windows Internals Chap 1 – Concepts and Tools Chap 8 – Security
Chap 2 – System Archit. Chap 3 – System Mech. Chap 4 – Mgmt Mech. Chap 5 – Startup/Shutdown Chap 6 – Processes, Threads Chap 7 – Memory Mgmt Chap 8 – Security Chap 9 – I/O System Chap 10 – Storage Mgmt Chap 11 – Cache Mgr Chap 12 – File Systems Chap 13 – Networking Chap 14 – Crash Dump Anal.

3 Resources Windows Internals, Fourth Edition, Russinovich, Solomon, Microsoft Press, 2005 Windows System Programming, Third Edition, Johnson Hart, Addison-Wesley, 2005 Win32 Links – a random sampling of interesting things: Display Win32 and COM error strings Accessing data in another process Injecting and Executing code in another process Windows Security with code examples ShellExecute and Automation Windows Hooks Win32 Message Maps and Message Cracking Windows Annoyances

4 Windows API Overview Base Services Component Services
User Interface Services Graphics and Multimedia Services Networking Web Services

5 More Resources CoreTechnologies Overview of Windows API
Windows Data Types Windows API Functions by category Windows Shell Win32 to .Net Map Platform SDK

6 Windows Programming Levels
.Net Framework Class Library Many namespaces of managed code Windows API Functions Documented, callable functions exported from user32.dll, gdi32.dll, advapi32.dll, and kernel32.dll Native System Services Undocumented services callable from user mode Kernel Support Functions Windows OS routines, callable only from the kernel.

7 Some Examples fileInfo, Nav, and Wintools Threads
Creating and Loading DLLs

8 Windows Processes A process is a container of resources used by an executing program Private virtual address space Executable program List of open handles A security context, e.g., access token process ID One or more threads of execution

9

10

11

12

13 Virtual Memory Mapping

14 Processing Modes User mode Kernel mode More about modes
User mode runs user application code. In user mode, a process has access to a private virtual address space, shared by all threads that run in the process. Kernel mode Kernel mode is used to run OS code and device drivers, as well as a lot of the Graphics and Windowing code. In kernel mode, threads have unlimited access to the OS’s virtual system memory and all CPU instructions. More about modes Each page in virtual memory is tagged as to what mode the processor must be in to read/write the page. Read only pages, e.g., those that contain executable code, are not writable from any mode. User applications switch from user mode to kernel mode when they make system calls. These calls are validated before execution.

15

16 Opening Visual Studio – Now lots of page faults.

17 Windows Threads A scheduled entity in a process that executes code. It has: Contents of a set of CPU registers Two stacks, one for kernel mode, one for user mode. Private thread-local storage, used by Windows subsystems and libraries Unique thread ID May have a security context (token) used for impersonation.

18 Objects A kernel object is reference counted, and consists of:
A system defined data type Functions that operate on instances of that type A set of object attributes A process has an ID, base scheduling priority, and a pointer to an access token. Many objects can be named and shared across processes. Functions usually operate on object attributes. Example objects: Processes, threads, windows, files, events, mutexes

19 Security Windows has: Discretionary protection for all shareable system objects, e.g., files, directories, processes, threads, registry keys, … Security auditing Password authentication at login Prevent one user from accessing another’s deallocated memory.

20 Discretionary Access Control
Methods by which owners of objects can grant or deny access to others. When a user logs on, she is given a security token (security context). When accessing a secured object, her security token is compared with the access control list of the object to determine if she has permission for the requested operation.

21 Priviledged Access Control
Priviledged access allows administrators to take ownership of existing kernel objects.

22 Registry The registry holds: Boot and system configuration info
System-wide software settings Security database Per-user configuration settings

23 Registry Structure Hierarchal structure like a directory tree
Each branch is called a key Each key can contain both keys and values A value contains stored information Value types can be: String, Binary, DWORD

24 Registry Structure HKEY_CLASSES_ROOT HKEY_CURRENT_USER
File associations and paths to COM servers HKEY_CURRENT_USER Part of HKEY_USERS for current user HKEY_LOCAL_MACHINE Hardware and software installed on your machine HKEY_USERS Preferences for each of the users of machine HKEY_CURRENT_CONFIG Part of HKEY_LOCAL_MACHINE for current configuration

25

26

27 End of Presentation Seminar Schedule

Download ppt "Windows Internals Brown-Bag Seminar Chapter 1 – Concepts and Tools"

Similar presentations

Working with the Windows Registry Computer Club of the Sandhills November 12, 2012.

Working with the Windows Registry Computer Club of the Sandhills November 12, 2012.
Threads, SMP, and Microkernels

Threads, SMP, and Microkernels
Windows 2000 System Architecture (continued) Computing Department, Lancaster University, UK.

Windows 2000 System Architecture (continued) Computing Department, Lancaster University, UK.
计算机系 信息处理实验室 Leture1 concepts and tools 2005 Spring 陈香兰.

计算机系 信息处理实验室 Leture1 concepts and tools 2005 Spring 陈香兰.
Threads, SMP, and Microkernels Chapter 4. Process Resource ownership - process is allocated a virtual address space to hold the process image Scheduling/execution-

Threads, SMP, and Microkernels Chapter 4. Process Resource ownership - process is allocated a virtual address space to hold the process image Scheduling/execution-
Slide 6-1 Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 6 Implementing Processes, Threads, and Resources.

Slide 6-1 Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 6 Implementing Processes, Threads, and Resources.
OS Fall ’ 02 Introduction Operating Systems Fall 2002.

OS Fall ’ 02 Introduction Operating Systems Fall 2002.
1 Case Study 2: Windows 2000 Chapter 11 11.1 History of windows 2000 11.2 Programming windows 2000 11.3 System structure 11.4 Processes and threads in.

1 Case Study 2: Windows 2000 Chapter History of windows Programming windows System structure 11.4 Processes and threads in.
Windows 2000 and Solaris: Threads and SMP Management Submitted by: Rahul Bhuman.

Windows 2000 and Solaris: Threads and SMP Management Submitted by: Rahul Bhuman.
2: OS Structures 1 Jerry Breecher OPERATING SYSTEMS STRUCTURES.

2: OS Structures 1 Jerry Breecher OPERATING SYSTEMS STRUCTURES.
Process Management. External View of the OS Hardware fork() CreateProcess() CreateThread() close() CloseHandle() sleep() semctl() signal() SetWaitableTimer()

Process Management. External View of the OS Hardware fork() CreateProcess() CreateThread() close() CloseHandle() sleep() semctl() signal() SetWaitableTimer()
1 CE6130 現代作業系統核心 Modern Operating System Kernels 許 富 皓.

1 CE6130 現代作業系統核心 Modern Operating System Kernels 許 富 皓.
Chapter 10 Chapter 10: Managing the Distributed File System, Disk Quotas, and Software Installation.

Chapter 10 Chapter 10: Managing the Distributed File System, Disk Quotas, and Software Installation.
Operating Systems Concepts 1. A Computer Model An operating system has to deal with the fact that a computer is made up of a CPU, random access memory.

Operating Systems Concepts 1. A Computer Model An operating system has to deal with the fact that a computer is made up of a CPU, random access memory.
I Information Systems Technology Ross Malaga 3 Part I Understanding Information Systems Technology Copyright © 2005 Prentice Hall, Inc. 3-1 SOFTWARE.

I Information Systems Technology Ross Malaga 3 "Part I Understanding Information Systems Technology" Copyright © 2005 Prentice Hall, Inc. 3-1 SOFTWARE.
Chapter 51 Threads Chapter 5. 2 Process Characteristics  Concept of Process has two facets.  A Process is: A Unit of resource ownership:  a virtual.

Chapter 51 Threads Chapter 5. 2 Process Characteristics  Concept of Process has two facets.  A Process is: A Unit of resource ownership:  a virtual.
Users and Groups Security Architecture Editing Security Policies The Registry File Security Auditing/Logging Network Issues (client firewall, IPSec, Active.

Users and Groups Security Architecture Editing Security Policies The Registry File Security Auditing/Logging Network Issues (client firewall, IPSec, Active.
Chapter 3 Operating Systems Concepts 1. A Computer Model An operating system has to deal with the fact that a computer is made up of a CPU, random access.

Chapter 3 Operating Systems Concepts 1. A Computer Model An operating system has to deal with the fact that a computer is made up of a CPU, random access.
Chapter 3.1:Operating Systems Concepts 1. A Computer Model An operating system has to deal with the fact that a computer is made up of a CPU, random access.

Chapter 3.1:Operating Systems Concepts 1. A Computer Model An operating system has to deal with the fact that a computer is made up of a CPU, random access.
Ceng 334 - Operating Systems 11-1 Chapter 11 : Case Study - Win 2000 History of windows 2000 Programming windows 2000 System structure Processes and threads.

Ceng Operating Systems 11-1 Chapter 11 : Case Study - Win 2000 History of windows 2000 Programming windows 2000 System structure Processes and threads.

Similar presentations

Ads by Google