Presentation is loading. Please wait.

Presentation is loading. Please wait.

RUN TIME PROGRAM BEHAVIOUR

Published byRonald McBride Modified over 5 years ago

Similar presentations

Presentation on theme: "RUN TIME PROGRAM BEHAVIOUR"— Presentation transcript:

1 RUN TIME PROGRAM BEHAVIOUR
Course Code: CSCI-620 Course Description: OPERATING SYSTEMS SECURITY Exercise 2: Session: 1 Duration: min Lecture Unit: CSN1 Topic: Process Parameter Tracking, Interrupts and Process Killing Author: Prof. R. A. Mihajlović Exercise 2 Copyright © R. A. Mihajlovic, Brooklyn, NY, USA, Reproduction is prohibited

2 CSCI-620 Operating systems security
Exercises Running program inspection Standard utilities/tool, (Windows Task Manager) Non standard tools, (Russinovich’s Process Explorer). Running program environment Tracking down running program original file User mode and kernel execution mode Process “killing” Exercise 2 Copyright © R. A. Mihajlovic, 2009 CSCI-620 Operating systems security

3 Exercise 1: Windows Task Manager
On your Windows computer press Ctl-Alt-Del, produce keyboard-generated-interrupt which starts Windows Task Manager utility. CSCI-620 Operating systems security

4 CSCI-620 Operating systems security
Exercise 1 Start a new program Start | Run | notepad.exe Observe a new task running on the list. Exercise 2 Copyright © R. A. Mihajlovic, 2009 CSCI-620 Operating systems security

5 Exercise 1: Task Parameters
Processes option displays default set of parameters: Image (memory image of a program) name User name, CPU usage, and Memory usage Exercise 2 Copyright © R. A. Mihajlovic, 2009 CSCI-620 Operating systems security

6 CSCI-620 Operating systems security
Exercise 1 Performance option shows very low CPU usage. Typical infected or viral program would show maximal CPU usage. Exercise 2 Copyright © R. A. Mihajlovic CSCI-620 Operating systems security

7 Exercise 1: Customize View
Default parameter list may be changed, (Task Manager may be reconfigured). Select: View | Select Columns Exercise 2 Copyright © R. A. Mihajlovic, 2009 CSCI-620 Operating systems security

8 CSCI-620 Operating systems security
What is Security? Change default selection to new list of parameters to track. Exercise 2 Copyright © R. A. Mihajlovic, 2009 CSCI-620 Operating systems security

9 CSCI-620 Operating systems security
Exercise 1 New list shows some I/O activity of notepad.exe. Exercise 2 Copyright © R. A. Mihajlovic, 2009 CSCI-620 Operating systems security

10 CSCI-620 Operating systems security
Question 1 What are the above selected process parameters? (Hint: Use google or any other literature and write definitions of all of the above running program parameters). Exercise 2 Copyright © R. A. Mihajlovic, 2009 CSCI-620 Operating systems security

11 Exercise 2: ProcessExplorer
Download non standard Windows (3rd Party supplied) utility ProcessExplorer from: Exercise 2 Copyright © R. A. Mihajlovic, 2009 CSCI-620 Operating systems security

12 CSCI-620 Operating systems security
Exercise 2: Programs are loaded into the memory from the systems mass storage. Programs may be loaded into the system memory from the remote networked source. Exercise 2 Copyright © R. A. Mihajlovic, 2009 CSCI-620 Operating systems security

13 Exercise 2: Remote Code Source
Loading programs for “far away”, across Internet is dangerous. Some programs like Mark Russinovich’s great Windows system utility programs are exception. Exercise 2 Copyright © R. A. Mihajlovic, 2009 CSCI-620 Operating systems security

14 Exercise 2: Load remote Program
Just to experiment down-load ProcExp.exe tool. Exercise 2 Copyright © R. A. Mihajlovic, 2009 CSCI-620 Operating systems security

15 CSCI-620 Operating systems security
Exercise 2: Accept security and legal warnings. Exercise 2 Copyright © R. A. Mihajlovic, 2009 CSCI-620 Operating systems security

16 CSCI-620 Operating systems security
Exercise 2 Start notepad.exe test program. Exercise 2 Copyright © R. A. Mihajlovic, 2009 CSCI-620 Operating systems security

17 CSCI-620 Operating systems security
Exercise 2 Inspect test program parameters. Exercise 2 Copyright © R. A. Mihajlovic, 2009 CSCI-620 Operating systems security

18 CSCI-620 Operating systems security
Exercise 2 Inspect test program parameters. Exercise 2 Copyright © R. A. Mihajlovic, 2009 CSCI-620 Operating systems security

19 Exercise 2: Program Environment
Inspect program execution environment. OS provides to all running program a number of environment variable values. Exercise 2 Copyright © R. A. Mihajlovic, 2009 CSCI-620 Operating systems security

20 Exercise 2: User, Kernel & Lib Code
This running program executes three sorts of code: Own (User) code, OS or kernel service code, and Dynamic library (DLL) code. Exercise 2 Copyright © R. A. Mihajlovic, 2009 CSCI-620 Operating systems security

21 Exercise 2: Kernel’s File Location
To find the executable file of a kernel that supports running program with services select Module. Exercise 2 Copyright © R. A. Mihajlovic, 2009 CSCI-620 Operating systems security

22 CSCI-620 Operating systems security
Question 2.1 Find location of all program team members. Where are in the file system programs: notepad.exe ntdll.dll, and kernel32.dll Exercise 2 Copyright © R. A. Mihajlovic, 2009 CSCI-620 Operating systems security

23 CSCI-620 Operating systems security
Question 2.2 Use your system. How many items are there on the run time stack of notepad.exe ? Exercise 2 Copyright © R. A. Mihajlovic, 2009 CSCI-620 Operating systems security

24 CSCI-620 Operating systems security
Question 2.2 Use your system. How much time does your application notepad.exe has spent in: User mode, and Kernel mode? Exercise 2 Copyright © R. A. Mihajlovic, 2009 CSCI-620 Operating systems security

25 Exercise 3: “Killing” a Process
Killing a process means sending a message to a running program to execute some sort of exit/EXIT system call and self terminate. UNIX C programming system API library provides system service call function exit(n) that self interrupts running program and calls IST/IH which knows how to terminate the process. Exercise 2 Copyright © R. A. Mihajlovic, 2009 CSCI-620 Operating systems security

26 Exercise 3: “Killing” a Process
Select notepad.exe process. Select property Window and Bring to Front Bring your application to the foreground, (Top Window) Exercise 2 Copyright © R. A. Mihajlovic, 2009 CSCI-620 Operating systems security

27 Exercise 3: “Killing” a Process
Select from your process property menu Kill Process option. Watch as your application window disapear. Exercise 2 Copyright © R. A. Mihajlovic, 2009 CSCI-620 Operating systems security

28 Exercise 4: “Killing” a Process
Download custom process CLI utilities from: Un-archive all tools in C:\pstools directory Exercise 2 Copyright © R. A. Mihajlovic, 2009 CSCI-620 Operating systems security

29 Exercise 4: “Killing” a Process
Un-archive all tools in C:\pstools directory, and start a test application program notepad.exe. Exercise 2 Copyright © R. A. Mihajlovic, 2009 CSCI-620 Operating systems security

30 Exercise 4: “Killing” a Process
Verify that notepad.exe nis running and run pslist.exe utility to get basic process parameters. Exercise 2 Copyright © R. A. Mihajlovic, 2009 CSCI-620 Operating systems security

31 Exercise 4: “Killing” a Process
Using UNIX-like command pskill.exe “Kill” application PID=4048 process. Exercise 2 Copyright © R. A. Mihajlovic, 2009 CSCI-620 Operating systems security

32 CSCI-620 Operating systems security
Question 4 Test all pslist and pskill options on the sample application program like notepad.exe. Can application be pskill-ed remotly, (On a remote computer)? Exercise 2 Copyright © R. A. Mihajlovic, 2009 CSCI-620 Operating systems security

33 CSCI-620 Operating systems security
The End Exercise 2 Copyright © R. A. Mihajlovic, 2009 CSCI-620 Operating systems security 33

Download ppt "RUN TIME PROGRAM BEHAVIOUR"

Similar presentations

Operating System Structures

Operating System Structures
MCT260-Operating Systems I Operating Systems I Introduction to Operating Systems.

MCT260-Operating Systems I Operating Systems I Introduction to Operating Systems.
A Guide to Unix Using Linux Fourth Edition

A Guide to Unix Using Linux Fourth Edition
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 11: Monitoring Server Performance.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 11: Monitoring Server Performance.
MCITP Guide to Microsoft Windows Server 2008 Server Administration (Exam #70-646) Chapter 14 Server and Network Monitoring.

MCITP Guide to Microsoft Windows Server 2008 Server Administration (Exam #70-646) Chapter 14 Server and Network Monitoring.
Operating Systems Concepts 1. A Computer Model An operating system has to deal with the fact that a computer is made up of a CPU, random access memory.

Operating Systems Concepts 1. A Computer Model An operating system has to deal with the fact that a computer is made up of a CPU, random access memory.
An Introduction to Operating Systems. Definition  An Operating System, or OS, is low-level software that enables a user and higher-level application.

An Introduction to Operating Systems. Definition  An Operating System, or OS, is low-level software that enables a user and higher-level application.
1 Chapter Overview Monitoring Server Performance Monitoring Shared Resources Microsoft Windows 2000 Auditing.

1 Chapter Overview Monitoring Server Performance Monitoring Shared Resources Microsoft Windows 2000 Auditing.
Chapter 3 Operating Systems Concepts 1. A Computer Model An operating system has to deal with the fact that a computer is made up of a CPU, random access.

Chapter 3 Operating Systems Concepts 1. A Computer Model An operating system has to deal with the fact that a computer is made up of a CPU, random access.
Chapter 3.1:Operating Systems Concepts 1. A Computer Model An operating system has to deal with the fact that a computer is made up of a CPU, random access.

Chapter 3.1:Operating Systems Concepts 1. A Computer Model An operating system has to deal with the fact that a computer is made up of a CPU, random access.
Windows Operating System Internals - by David A. Solomon and Mark E. Russinovich with Andreas Polze Unit OS4: Scheduling and Dispatch 4.6. Demos.

Windows Operating System Internals - by David A. Solomon and Mark E. Russinovich with Andreas Polze Unit OS4: Scheduling and Dispatch 4.6. Demos.
Computer & Information Tech BANGKOK CHRISTIAN COLLEGE English Immersion Program Mathayom Department Computer & Information Technology Class Teacher David.

Computer & Information Tech BANGKOK CHRISTIAN COLLEGE English Immersion Program Mathayom Department Computer & Information Technology Class Teacher David.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 11: Monitoring Server Performance.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 11: Monitoring Server Performance.
Managing Processes CSCI N321 – System and Network Administration Copyright © 2000, 2011 by Scott Orr and the Trustees of Indiana University.

Managing Processes CSCI N321 – System and Network Administration Copyright © 2000, 2011 by Scott Orr and the Trustees of Indiana University.
Module 2 Part IV Introduction To Windows Operating Systems Basic Windows Admin Introduction To Windows Operating Systems Basic Windows Admin.

Module 2 Part IV Introduction To Windows Operating Systems Basic Windows Admin Introduction To Windows Operating Systems Basic Windows Admin.
CS 444 Introduction to Operating Systems

CS 444 Introduction to Operating Systems
Windows 2000 Course Summary Computing Department, Lancaster University, UK.

Windows 2000 Course Summary Computing Department, Lancaster University, UK.
Process Control. Module 11 Process Control ♦ Introduction ► A process is a running occurrence of a program, including all variables and other conditions.

Process Control. Module 11 Process Control ♦ Introduction ► A process is a running occurrence of a program, including all variables and other conditions.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 11: Monitoring Server Performance.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 11: Monitoring Server Performance.
© 2004, D. J. Foreman 1 Implementing Processes and Threads.

© 2004, D. J. Foreman 1 Implementing Processes and Threads.

Similar presentations

Ads by Google