DOCSLIB.ORG

File Management

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

roma tre university maurizio pizzonia windows 1 © 2011 maurizio pizzonia – operating systems – roma tre university, italy Microsoft Press Server 2008 andWindows Vista 5 Windows® Internals: IncludingWindows M. Russinovich, D.A.Solomon references th ed. 2 © 2011 maurizio pizzonia – operating systems – roma tre university, italy • • • • several “system processes” several support access syscalls never services directly and applications user ismode graphics in kernel word overloaded kernel: – – use “subsystems DLLs” that goes with “environment subsystems” “environment “subsystemsuse thatwith DLLs” goes mode inkernel to runs MS according of it part what a is only architecture overview 3 3 © 2011 maurizio pizzonia – operating systems – roma tre university, italy • • • • needs besides, usesWindows kernel threads for its own that so... tree is only informative, Windows does not rely on if the parent dies the info is not updated in the child processes “usually” form a tree – – the parent is the creator of the process parent information is not reliable windows processes 4 4 © 2011 maurizio pizzonia – operating systems – roma tre university, italy architecture details: user mode 5 © 2011 maurizio pizzonia – operating systems – roma tre university, italy • • • syscalls are never directly performed by by syscalls performed processes are directly never are subsystems really subsystemsare needed? really os/2posix, subystems: windows, – – – – – syscalls are not documented not are syscalls my impression is that subsystems are a “legacy” feature “legacy” a are subsystems isthat impression my process supporting + DLLs are OS from underlying processes user decouple layers decoupling • • • • • relationships with Windows update a“localupdate state” subsystemDLLs maycall supporting Ntdll.dll,just process or interactwith supportingprocess:see “environment subsystem” software ofunix porting “easy” allows e.g. askWindowsto something) way DLLs substystem (preferred Ntdll.dll(documented) user user processes and 6 © 2011 maurizio pizzonia – operating systems – roma tre university, italy • • • • kernel parts environmentsubsystem process: DLLs a particular subsystem – – – – – graphics: win32k.sys graphics: applications) (console almost empty it is now stuffof (graphics) lot a itcontained NT in 3.51 system chrashes) whole (otherwise running always be it should Gdi32.dll User32.dll Advapi32.dll, kernel32.dll, • • • graphic rendering (rendering of text, drawing, etc.) drawing, text, of (rendering rendering graphic etc.) handling, message graphic (mouse, windows, manager window on-demand run others one, only the windows subsystem csrss.exe 7 © 2011 maurizio pizzonia – operating systems – roma tre university, italy • • • • windows subsystemwindows ... service control manager (scm) session manager – – – services.exe, services.exe, svchost.exe winint.exe smss.exe, winlogon.exe, csrss.exe typical system processes 8 © 2011 maurizio pizzonia – operating systems – roma tre university, italy • • • smss is the first process created at boot licensing to have more sessions you need “terminal server” and proper smss also waits for new session requests, and for each session... – – – – – starts new csrss.exe new starts dialog password (thewinlogon.exe startsbox) wininit.exe it starts Autochk (filesystemit starts check) subsystem isnotstarted yet! windows smss process istheonly directlysinceto use syscalls • • • when a logona happensexplorer.exe when starts (indirectly) it allconfiguredstarts and services.exe services which starts csrss.exe which sessions manager andboot – which loads win32k.sys (and the video switches to correct resolution) video the (and loadswhich win32k.sys 9 © 2011 maurizio pizzonia – operating systems – roma tre university, italy • • • • • • services.exe) (scm, manager service control the by managed e.g. names three serviceshave have processes such a it is in charge of starting/stopping/ of isincharge it – – – – – – – – single process can host more services more host can process single EventLog, TaskScheduler, Spooler, etc. etc. Spooler, TaskScheduler, EventLog, configuration the etc. service, aguest start pause, start-up, correct notify e.g. DLLs as implemented are hosted services case this in svchost.exe service: host generic standard the Services → Tool →Admin panel Control by edited registry the in configured is scm executable started by started utilities , the name in the the in name , the wininit.exe specific APIs specific services registry pausing to interact with the control manager control the with interact to , the name shown by the the by shown , name the services 10 © 2011 maurizio pizzonia – operating systems – roma tre university, italy executive architecture details kernel mode 11 11 © 2011 maurizio pizzonia – operating systems – roma tre university, italy • • • hal executive kernel – – – – – security, I/O, communication,etc. security, inter-process networking, management, real process/thread management, memory objects executive I/Ono handling interrupt synchronization, scheduler, processes and threads basic differences motherboards handle architecture details kernel mode 12 12 © 2011 maurizio pizzonia – operating systems – roma tre university, italy • • • • • resources, objects, andhandles mostAPI parameters are handles objectmanager handles in userspace, executiveobjects are represented by anexecutive object is storedin kernel space object any – – – – keep a a keep executive of part handles them through use processes etc. session, a process, a file, open an e.g. • resources it contains handle that the process processhandle table is view bya process isview as an foreach process can use executive 13 © 2011 maurizio pizzonia – operating systems – roma tre university, italy Symbolic link Symbolic WindowStation Clipboard Desktop Key Timer Semaphore/Mutex Event token Access object mapping File File Job Thread Process type executive objects types executive The access rights for aprocess mappedA to region afile. of memory Anopen file or an I/O device. A collectionof processes. Anentity containing code in execution, inside aprocess. A collectionof executable threads along with virtualaddressing and control information. A reference to other objects, via which the referred object canbeused. Anobject containing a group of Desktop objects, one Clipboard and other user objects. repositoryA temporary forother objects. A logical display surface to contain GUI elements. A registry key. Anobjects which notifies processes at fixed intervals. Objects which serialize access to other resources. Anobject which encapsulates informationto be notified to aprocesses of something. Description 14 14 © 2011 maurizio pizzonia – operating systems – roma tre university, italy • • • • objects canbe shared among processes there system exists ofdirectory some are named some are “anonymous” – – – not persistent string is a pathname identifieda string by • it exists only in memory in only it exists object sharing 15 © 2011 maurizio pizzonia – operating systems – roma tre university, italy • • • • • • • kernelspace/user space processaddress space contains shared kernelspace copy-on-write kernelspacetwo heaps processheap managed kernelin mode mappedmemory files and disk cache virtual – – – – – posix envirnoment uses it for implementing fork fork operations it for implementing uses envirnoment posix paged is one paged not is one 6TB/8TB systems: 64bit 2GB/2GB (config. 1GB/3GB) systems: 32bit • memory windows keepwindows a lot of data, it needs paging also in kernel space memory management 16 © 2011 maurizio pizzonia – operating systems – roma tre university, italy • • • • disk cache (page file)swap page bufferingpages)terminology: stand by (MS balance set manager – – – – – – – – cachepart usingfilesof mappingmemory onekernel thread changeto sizeits onekernel thread forzeroing the pages kernel two threadfor cleaning pagesthe alsopart kernelof space can be evicted kernel thread,runonce per second evictionstrategy:aging decideresident set forprocesses • • new empty pages are always given a zeroed frame frame zeroed a given always are pages empty new set working terminology: MS memory management components 17 © 2011 maurizio pizzonia – operating systems – roma tre university, italy page framespage states • solomon fromrussinovich, 18 © 2011 maurizio pizzonia – operating systems – roma tre university, italy • • • caches part of files set size of cache changes along with system resident two kinds of blocks – – – balance manager can change it dynamically it change can manager balance files mapped memory read/write regular • • • mapped on process address space address process mapped on the filesystem and processes between middleact as a layer system mapped on space address disk cache 19 © 2011 maurizio pizzonia – operating systems – roma tre university, italy • • • • at user level: 5 priority levels priority) (base priority 5 levels at user level: preemption has its queue level each level priority 32 internally: – – – – – within a range of 5 internal priority levels priority of internal 5 range a within assigned dynamically priority internal an of each them have normal, idle normal, below above high, thread) 0: systempage zeroing (the dynamic 15-1: time”“real 31-16: cpu scheduling 20 © 2011 maurizio pizzonia – operating systems – roma tre university, italy priority levels 21 © 2011 maurizio pizzonia – operating systems – roma tre university, italy • • windows increaseswindows internal process beingscheduled aftera long time in ready state without forpriority afterwaiting – –
Recommended publications
  • Win32 API 1.Pdf

    Win32 API 1.Pdf

    Win32 Programming for Microsoft Windows NT Windows NT is designed to address the changing requirements of the computing world. It is written mainly in C and is crafted in such a way as to make its functionality extensible, and to ease the porting of the code from one hardware platform to another. This enables the ability to take advantage of multiprocessor and RISC computers, and to distribute tasks to other computers on the network, transparently. Whilst providing applications and users with the ability to use the power of local and remote machines, Windows NT must offer compatibility to applications and users. Users must feel comfortable with the interface, and be able to run existing high-volume applications. Existing applications have to port simply to the new environment to take advantage of its power. So, the user interface is compatible with existing Microsoft systems and existing programming APIs are supported and have been extended. To be considered a major player in the server arena, Windows NT has to offer reliable, robust support for ‘mission critical’ software. This means the system should be fault tolerant, protecting itself from malfunction and from external tampering. It should behave predictably and applications should not be able to adversely affect the system or each other. It should also have a security policy to protect the use of system resources, and implement resource quotas and auditing. Networking is built in, with high level programming and user interfaces available. Remote access to other machines on various networks is almost transparent. Because applications have to perform to an expected level, the system should be fast and responsive on each hardware platform.
  • Installation and Configuration Guide

    Installation and Configuration Guide

    NetApp SANtricity® SMI-S Provider 11.53 Installation and Configuration Guide December 2019 | 215-13407_C0 [email protected] Table of Contents About This Guide ............................................................................................................................. 1 Overview of the NetApp SANtricity SMI-S Provider ...................................................................... 1 What’s New ................................................................................................................................1 Abbreviations, Acronyms, Terms, and Definitions ........................................................................ 1 Supported Profiles and Subprofiles ............................................................................................. 1 Supported Operating Systems for SMI-S .................................................................................... 2 Supported Firmware Versions ........................................................................................................ 3 System Requirements ..................................................................................................................... 3 Installing and Uninstalling SMI-S Provider ..................................................................................... 4 Windows operating system install and uninstall process ............................................................... 4 Installing SMI-S Provider (Windows operating system) .....................................................
  • Windows Kernel Hijacking Is Not an Option: Memoryranger Comes to The

    Windows Kernel Hijacking Is Not an Option: Memoryranger Comes to The

    WINDOWS KERNEL HIJACKING IS NOT AN OPTION: MEMORYRANGER COMES TO THE RESCUE AGAIN Igor Korkin, PhD Independent Researcher Moscow, Russian Federation [email protected] ABSTRACT The security of a computer system depends on OS kernel protection. It is crucial to reveal and inspect new attacks on kernel data, as these are used by hackers. The purpose of this paper is to continue research into attacks on dynamically allocated data in the Windows OS kernel and demonstrate the capacity of MemoryRanger to prevent these attacks. This paper discusses three new hijacking attacks on kernel data, which are based on bypassing OS security mechanisms. The first two hijacking attacks result in illegal access to files open in exclusive access. The third attack escalates process privileges, without applying token swapping. Although Windows security experts have issued new protection features, access attempts to the dynamically allocated data in the kernel are not fully controlled. MemoryRanger hypervisor is designed to fill this security gap. The updated MemoryRanger prevents these new attacks as well as supporting the Windows 10 1903 x64. Keywords: hypervisor-based protection, Windows kernel, hijacking attacks on memory, memory isolation, Kernel Data Protection. 1. INTRODUCTION the same high privilege level as the OS kernel, and they also include a variety The security of users’ data and of vulnerabilities. Researchers applications depends on the security of consider that “kernel modules (drivers) the OS kernel code and data. Modern introduce additional attack surface, as operating systems include millions of they have full access to the kernel’s lines of code, which makes it address space” (Yitbarek and Austin, impossible to reveal and remediate all 2019).
  • SLDXA /T /L1 – SLX Component List

    SLDXA /T /L1 – SLX Component List

    SLDXA /T /L1 – SLX Component List SLDXA.exe ver 1.0 Copyright (c) 2004-2006 SJJ Embedded Micro Solutions, LLC All Rights Reserved SLXDiffC.exe ver 2.0 / SLXtoTXTC.exe ver 2.0 www.sjjmicro.com Processing... File1 to TXT file. Opening XSL File Reading RTF for final conversion F:\SLXTEST\LOCKDOWN_DEMO2.SLX has the following Components Total Count is: 577 -------------------------------------------------- .NET Framework 1.1 - Security Update KB887998 Accessibility Control Panel Accessibility Core ACPI Fixed Feature Button Active Directory Service Interface (ADSI) Core Active Directory Service Interface (ADSI) LDAP Provider Active Directory Service Interface (ADSI) Windows NT Provider Active Template Library (ATL) Add Hardware Control Panel Add/Remove Programs Control Panel Administration Support Tools Administrator Account Advanced Configuration and Power Interface (ACPI) PC Analog TV Application Compatibility Core Audio Codecs Audio Control Panel Base Component Base Performance Counters Base Support Binaries CD-ROM Drive Certificate Request Client & Certificate Autoenrollment Certificate User Interface Services Class Install Library - Desk Class Install Library - Mdminst Class Install Library - Mmsys Class Install Library - Msports Class Install Library - Netcfgx Class Install Library - Storprop Class Install Library - System Devices Class Installer - Computer Class Installer - Disk drives Class Installer - Display adapters Class Installer - DVD/CD-ROM drives Class Installer - Floppy disk controllers Class Installer - Floppy disk drives
  • The Flask Security Architecture: System Support for Diverse Security Policies

    The Flask Security Architecture: System Support for Diverse Security Policies

    The Flask Security Architecture: System Support for Diverse Security Policies Ray Spencer Secure Computing Corporation Stephen Smalley, Peter Loscocco National Security Agency Mike Hibler, David Andersen, Jay Lepreau University of Utah http://www.cs.utah.edu/flux/flask/ Abstract and even many types of policies [1, 43, 48]. To be gen- erally acceptable, any computer security solution must Operating systems must be flexible in their support be flexible enough to support this wide range of security for security policies, providing sufficient mechanisms for policies. Even in the distributed environments of today, supporting the wide variety of real-world security poli- this policy flexibility must be supported by the security cies. Such flexibility requires controlling the propaga- mechanisms of the operating system [32]. tion of access rights, enforcing fine-grained access rights and supporting the revocation of previously granted ac- Supporting policy flexibility in the operating system is cess rights. Previous systems are lacking in at least one a hard problem that goes beyond just supporting multi- of these areas. In this paper we present an operating ple policies. The system must be capable of supporting system security architecture that solves these problems. fine-grained access controls on low-level objects used to Control over propagation is provided by ensuring that perform higher-level functions controlled by the secu- the security policy is consulted for every security deci- rity policy. Additionally, the system must ensure that sion. This control is achieved without significant perfor- the propagation of access rights is in accordance with mance degradation through the use of a security decision the security policy.
  • Installing and Configuring Whatsup Gold V16.3

    Installing and Configuring Whatsup Gold V16.3

    WhatsUp Gold v16.4 Installation and Conguration Guide Contents Installing and Configuring WhatsUp Gold using WhatsUp Setup Installation Overview ........................................................................................................................................................... 1 Overview ...................................................................................................................................................................... 1 Security considerations ......................................................................................................................................... 2 Standard WhatsUp Gold Installation ............................................................................................................................ 2 Distributed Installation ....................................................................................................................................................... 4 Installing WhatsUp Gold - Distributed (Central Site) ............................................................................... 4 Installing WhatsUp Gold - Distributed (Remote Site) .............................................................................. 6 Failover Installation .............................................................................................................................................................. 7 Installing WhatsUp Gold - Failover (Secondary Site) ..............................................................................
  • Identity Provisioning to Masaryk University IT Services Based on Microsoft Environment

    Identity Provisioning to Masaryk University IT Services Based on Microsoft Environment

    Masaryk University Faculty of Informatics Identity provisioning to Masaryk University IT services based on Microsoft environment Master’s Thesis Bc. David Štencel Brno, Spring 2019 Masaryk University Faculty of Informatics Identity provisioning to Masaryk University IT services based on Microsoft environment Master’s Thesis Bc. David Štencel Brno, Spring 2019 This is where a copy of the official signed thesis assignment and a copy ofthe Statement of an Author is located in the printed version of the document. Declaration Hereby I declare that this paper is my original authorial work, which I have worked out on my own. All sources, references, and literature used or excerpted during elaboration of this work are properly cited and listed in complete reference to the due source. Bc. David Štencel Advisor: Mgr. Kamil Malinka, Ph.D. i Acknowledgements I would like to thank my advisor Mgr. Kamil Malinka, Ph.D. for his professional guidance and experience. Also, I would like to thank Jan Izydorczyk, Mgr. Slávek Licehammer, and the rest of the Office 365 team at ICS for their collaboration, support, and patience during the creation of this master’s thesis. Finally, I would like to thank my family for all their support during my whole studies. iii Abstract The aim of the thesis is to design and implement an interconnection of university identity management system Perun with services run- ning in Microsoft environment. Resultant PowerShell scripts utilizing OpenSSH and PowerShell remoting allow data transmission from Perun to Windows hosts and launching service provisioning scripts. The thesis covers Active Directory and Office 365 as example target services, and a revised PowerShell web proxy that adjusts additional object settings within university Office 365.
  • (RUNTIME) a Salud Total

    (RUNTIME) a Salud Total

    Windows 7 Developer Guide Published October 2008 For more information, press only: Rapid Response Team Waggener Edstrom Worldwide (503) 443-7070 [email protected] Downloaded from www.WillyDev.NET The information contained in this document represents the current view of Microsoft Corp. on the issues discussed as of the date of publication. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information presented after the date of publication. This guide is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form, by any means (electronic, mechanical, photocopying, recording or otherwise), or for any purpose, without the express written permission of Microsoft. Microsoft may have patents, patent applications, trademarks, copyrights or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property. Unless otherwise noted, the example companies, organizations, products, domain names, e-mail addresses, logos, people, places and events depicted herein are fictitious, and no association with any real company, organization, product, domain name, e-mail address, logo, person, place or event is intended or should be inferred.
  • Installation Instructions for Version 8 (TS M0) of the SAS System For

    Installation Instructions for Version 8 (TS M0) of the SAS System For

    Installation Instructions for Release 8.1 (TS1M0) of the SAS® System for Microsoft® Windows® Table of Contents Chapter 1, Introduction.......................................................................................................... 1 Terminology and Symbols Used in this Document ................................................................... 1 SASROOT Directory .................................................................................................. 1 Types of Installation Configurations........................................................................... 1 Pre-installation Checklist........................................................................................................... 2 Proper Handling of Your Media................................................................................................ 3 SAS Setup Help for Installing the SAS System......................................................................... 3 Online Help for Using the SAS System..................................................................................... 3 The Help System......................................................................................................... 4 HTML Viewer............................................................................................................. 4 Exiting SAS Setup..................................................................................................................... 4 Additional Documentation ........................................................................................................4
  • DAC Vs. MAC Bell-La Padula Model [BL]

    DAC Vs. MAC Bell-La Padula Model [BL]

    DAC vs. MAC Bell-La Padula model [BL] Most people familiar with discretionary access View the system as subjects accessing objects • • control (DAC) - The system input is requests, the output is decisions - Unix permission bits are an example - Objects can be organized in one or more hierarchies, H - Might set a file private so only group friends can read it (a tree enforcing the type of decendents) Discretionary means anyone with access can Four modes of access are possible: • • propagate information: - execute – no observation or alteration - Mail [email protected] < private - read – observation Mandatory access control - append – alteration • - Security administrator can restrict propagation - write – both observation and modification - Abbreviated MAC (NOT to be confused w. Message The current access set, b, is (subj, obj, attr) tripples Authentication Code or Medium Access Control) • An access matrix M encodes permissible access types • (as before, subjects are rows, objects columns) 1/39 2/39 Security levels Security properties A security level is a (c, s) pair: The simple security or ss-property: • • - c = classification – E.g., unclassified, secret, top secret - For any (S, O, A) b, if A includes observation, then level(S) ∈ - s = category-set – E.g., Nuclear, Crypto must dominate level(O) (c , s ) dominates (c , s ) iff c c and s s - E.g., an unclassified user cannot read a top-secret document • 1 1 2 2 1 ≥ 2 1 ⊇ 2 - L dominates L sometimes written L L or L L The star security or ⋆-property: 1 2 1 ⊒ 2 2 ⊑ 1 • - levels then form a lattice (partial order w.
  • What Is Active Directory

    What Is Active Directory

    What is Active Directory Originally created in the year 1996, Active Directory, also referred as an AD, was first used with Windows 2000 Server as a directory service for Windows domain networks. Active Directory is a special purpose database, which serves as a central location for authenticating and authorizing all the users and computers within a network. Active Directory uses the Lightweight Directory Access Protocol (LDAP), an application protocol used for accessing and maintaining directory information services distributed over an IP network. What is Active Directory? The basic internal structure of the Active Directory consists of a hierarchical arrangement of Objects which can be categorized broadly into resources and security principles. Some of the examples of Active Directory objects are users, computers, groups, sites, services, printers, etc. Every Object is considered as a single entity with some specific set of attributes. The attributes of Objects along with the kind of objects that can be stored in the AD are defined by a Schema. The intrinsic framework of Active Directory is divided into a number of levels on the basis of visibility of objects. An AD network can be organized in four types of container structure namely, Forest, Domains, Organizational Units and Sites. y Forests: It is a collection of AD objects, their attributes and set of attribute syntax. y Domain: Domain is a collection of computers objects in the AD which share a common set of policies, a name and a database of their members. y Organizational Units: OUs are containers in which domains are grouped. They are used to create a hierarchy for the domain to resemble the structure of the Active Directory's company in organizational terms.
  • An Introduction to Windows Operating System

    An Introduction to Windows Operating System

    EINAR KROGH AN INTRODUCTION TO WINDOWS OPERATING SYSTEM Download free eBooks at bookboon.com 2 An Introduction to Windows Operating System 2nd edition © 2017 Einar Krogh & bookboon.com ISBN 978-87-403-1935-4 Peer review by Høgskolelektor Lars Vidar Magnusson, Høgskolen i Østfold Download free eBooks at bookboon.com 3 AN INTRODUCTION TO WINDOWS OPERATING SYSTEM CONTENTS CONTENTS Introduction 9 1 About Windows history 10 1.1 MS-DOS 10 1.2 The first versions of Windows 11 1.3 Windows NT 12 1.4 Windows versions based on Windows NT 13 1.5 Windows Server 15 1.6 Control Questions 17 2 The tasks of an operating system 18 2.1 About the construction of computers 19 2.2 Central tasks for an operating system 20 2.3 Control Questions 22 �e Graduate Programme I joined MITAS because for Engineers and Geoscientists I wanted real responsibili� www.discovermitas.comMaersk.com/Mitas �e Graduate Programme I joined MITAS because for Engineers and Geoscientists I wanted real responsibili� Maersk.com/Mitas Month 16 I wwasas a construction Month 16 supervisorI wwasas in a construction the North Sea supervisor in advising and the North Sea Real work helpinghe foremen advising and IInternationalnternationaal opportunities ��reeree wworkoro placements solves Real work problems helpinghe foremen IInternationalnternationaal opportunities ��reeree wworkoro placements solves problems Download free eBooks at bookboon.com Click on the ad to read more 4 AN INTRODUCTION TO WINDOWS OPERATING SYSTEM CONTENTS 3 Some concepts and terms of the Windows operating system 23 3.1