Presentation is loading. Please wait.

Presentation is loading. Please wait.

Host and Application Security Lesson 4: The Win32 Boot Process.

Published bySherman Nash Modified over 9 years ago

Similar presentations

Presentation on theme: "Host and Application Security Lesson 4: The Win32 Boot Process."— Presentation transcript:

1 Host and Application Security Lesson 4: The Win32 Boot Process

2 Last foundational item  What steps does our machine go through to start running?

3 First Step: Power On!  This may seem like a trivial step, but a lot is happening  A timer kicks off once the MB voltages stabilize  Execution passes to a location in Read Only Memory (ROM)  Information about the hardware configuration is read from the CMOS

4 POST  Power On Self Test (POST)  Check CMOS validity  Check for Keyboard etc.  A side note: beep codes

5 Where next?  Understanding the boot sequence here is important Can boot from LAN, Floppy, Hard Drive, CD- ROM… Boot priority typically set in CMOS

6 But how?  At this point, there is no operating system  System used at the lowest level: Int 13h  Aside: how Int xxh instructions work  Typically, load “program” in the MBR as a single sector

7 Three Possible Outcomes  Success! First sector is loaded into memory and executed.  A READ ERROR occurs  A DISK I/O ERROR occurs

8 What does a boot sector look like?  On Win95…  debug l 7c00 0 0 1 u 7c00

9 Two Paths: Fixed and Removable  Not identical  Hard drive provides more options – MBR and PBS

10 Next…  MBR  PBS  NTLDR  NTOSKRNL.EXE  SMSS  WINLOGON  SCM

11 NTLDR  The boot code “understands” the underlying file system, and loads NTLDR from the root directory of that disk  NTLDR starts life in “real mode”

12 And What is “Real Mode”  No Virtual to Physical memory translation (tell me about that…)  Only 1MB of memory available to the machine (why?)  Just like DOS…

13 Protected Mode Source: Intel® 64 and IA-32 Architectures Software Developer’s Manual  32-bit memory now available  Paging turned on  Protected mode with paging is “normal” for Win32

14 Now we switch to PM  All disk IO still handled by the “old” code  NTLDR now examines BOOT.INI for more information  If more than one selection, display choices…

15 DOS?  If BOOT.INI refers to a DOS option  BOOTSEC.DOS is loaded and executed as if it were a boot sector, switching back to Real Mode

16 NTDETECT.COM  Runs in real mode  Reads the BIOS to determine OS basics, such as: Time and Date Types of Buses Number/type of drive Type of mouse Parallel Ports…

17 And then back to NTLDR  Load the Kernel and the HAL  Read the SYSTEM registry hive to determine required boot-time device drivers Start Value = SERVICE_BOOT_START  Loads the File System Drivers required for boot (e.g. NTFS)

18 NTLDR Continued  Loads the boot drivers and displayed “Starting Windows”  NB: Drivers only load at this time, they are not run  Prepare CPU registers for the execution of the kernel  Calls main() in NTOSKRNL

19 NTOSKRNL  Two stage initialization process called… Phase 0 Phase 1

20 Phase 0  Interrupts Disabled  Build the data structures required by the Phase 1 processes  Calls ExpInitializeExecutive Finalizes HAL Initializes Memory Manager Initializes Object Manager Initializes Security Reference Monitor, Process Mangler, Plug and Pray Manager

21 Phase 1  Control goes to Idle loop… allowing other processes to init  Interrupts turned on  Boot Video Driver On (The Win32 Startup Screen now displays)  SMSS (Session Manager SubSystem) called

22 SMSS  User-mode process (but trusted part of the OS)  Native application – doesn’t use Win32 APIs but uses Windows 2000 Native APIs  Does lots of things…  But we’re interested in: Runs any programs in HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\BootExecute Performs delayed file rename operations as directed in HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\PendingFileRenameOperations Starts Winlogon

23 Security?  So, let’s discuss… how can the Windows boot process be exploited?

24 Enhancements  UEFI Intel specifications to replace the BIOS interface that is standard to all PCs Secure boot, however, is a really interesting discussion The idea is to lock the hardware to a particular chain of trust  Things must be signed by a particular key… this lead to some interesting debates

25 Enhancements (cntd)  ELAM Try and get antimalware loaded much earlier in the boot process Purpose is to provide white/black listing services only early in the process Forces load of the AM solution before anything else is loaded

26 TPM  Of course there is the TPM  Trusted Platform Module “The proper definition is that a trusted system or component is one whose failure can break the security policy, while a trustworthy system or component is one that won’t fail” (Anderson)

27 Questions and Assignment  Assignment: 2500 words or more, on “Security Enhancements to the PC Boot Process”  Basically, in detail, tell me about UEFI, TPM etc.  Due, next Thursday, printed out, in class. PLUS electronic copy to moi!

Download ppt "Host and Application Security Lesson 4: The Win32 Boot Process."

Similar presentations

Chapter 2 How Hardware and Software Work Together.

Chapter 2 How Hardware and Software Work Together.
Genesis: from raw hardware to processes System booting sequence: how does a machine come into life.

Genesis: from raw hardware to processes System booting sequence: how does a machine come into life.
Windows Vista Boot process. All the computer running Windows vista have the same start up sequence: Power-on self test (POST) phase Initial startup phase.

Windows Vista Boot process. All the computer running Windows vista have the same start up sequence: Power-on self test (POST) phase Initial startup phase.
BIOS (Basic Input Output Service) Contains system data used by the ROM BIOS service routines. Serves as a standardized communication interface between.

BIOS (Basic Input Output Service) Contains system data used by the ROM BIOS service routines. Serves as a standardized communication interface between.
DIT314 ~ Client Operating System & Administration CHAPTER 4 CONFIGURING HARDWARE DEVICES AND STARTUP PROCESS Prepared By : Suraya Alias.

DIT314 ~ Client Operating System & Administration CHAPTER 4 CONFIGURING HARDWARE DEVICES AND STARTUP PROCESS Prepared By : Suraya Alias.
The power supply performs a self-test. When all voltages and current levels are acceptable, the supply indicates that the power is stable and sends the.

The power supply performs a self-test. When all voltages and current levels are acceptable, the supply indicates that the power is stable and sends the.
PC BIOS and CMOS.

PC BIOS and CMOS.
计算机系 信息处理实验室 Lecture 5 Startup and Shutdown

计算机系 信息处理实验室 Lecture 5 Startup and Shutdown
Chapter 6 Limited Direct Execution

Chapter 6 Limited Direct Execution
MCDST 70-271: Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 4: Troubleshoot System Startup and User Logon Problems.

MCDST : Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 4: Troubleshoot System Startup and User Logon Problems.
11 INSTALLING WINDOWS XP Chapter 2. Chapter 2: Installing Windows XP2 INSTALLING WINDOWS XP  Prepare a computer for the installation of Microsoft Windows.

11 INSTALLING WINDOWS XP Chapter 2. Chapter 2: Installing Windows XP2 INSTALLING WINDOWS XP  Prepare a computer for the installation of Microsoft Windows.
Operating System Structure. Announcements Make sure you are registered for CS 415 First CS 415 project is up –Initial design documents due next Friday,

Operating System Structure. Announcements Make sure you are registered for CS 415 First CS 415 project is up –Initial design documents due next Friday,
1 DOS with Windows 3.1 and 3.11 Operating Environments n Designed to allow applications to have a graphical interface DOS runs in the background as the.

1 DOS with Windows 3.1 and 3.11 Operating Environments n Designed to allow applications to have a graphical interface DOS runs in the background as the.
LECTURE 14 Operating Systems and Utility Programs

LECTURE 14 Operating Systems and Utility Programs
I/O Tanenbaum, ch. 5 p. 329 – 427 Silberschatz, ch. 13 p. 495 - 527.

I/O Tanenbaum, ch. 5 p. 329 – 427 Silberschatz, ch. 13 p
Lesson 4 Computer Software

Lesson 4 Computer Software
Operating Systems Basic PC Maintenance, Upgrade and Repair Mods 1 & 2.

Operating Systems Basic PC Maintenance, Upgrade and Repair Mods 1 & 2.
IT Essentials: PC Hardware and Software 1 Chapter 7 Windows NT/2000/XP Operating Systems.

IT Essentials: PC Hardware and Software 1 Chapter 7 Windows NT/2000/XP Operating Systems.
Overview Introduction to Windows NT Workstation 4.0. Installing Windows NT Workstation 4.0. Customizing and managing NT Workstation 4.0. Managing Windows.

Overview Introduction to Windows NT Workstation 4.0. Installing Windows NT Workstation 4.0. Customizing and managing NT Workstation 4.0. Managing Windows.
Computer Startup Sequence Overview

Computer Startup Sequence Overview

Similar presentations

Ads by Google