Windows System Architecture

WindowsWindows – Key User User Mode Mode Components Components Overview • Organization • Model • Components • CPU Modes • System processes • Services processes • Users processes • Subsystems processes • System services www.winitor.com – dec. 2012 1 WindowsWindows – Key User User Mode Mode Components Components OS Organization • Access to hardware is not allowed • Access to hardware is made via system services Applications Virtual machine Real machine www.winitor.com – dec. 2012 2 WindowsWindows – Key User User Mode Mode Components Components OS Model • Applications access the OS via one defined Application Program Interface (API) Application API OS www.winitor.com – dec. 2012 3 WindowsWindows – Key User User Mode Mode Components Components OS Contexts Applications CPU runs in user mode CPU runs in kernel mode OS www.winitor.com – dec. 2012 4 WindowsWindows – Key User User Mode Mode Components Components CPU Modes • Protect critical system data from user applications • User mode 3 2 • Kernel mode 1 0 www.winitor.com – dec. 2012 5 WindowsWindows – Key User User Mode Mode Components Components CPU Modes - mechanism • User programs typically run in both modes • CPU mode switch <> CPU context switch mode time www.winitor.com – dec. 2012 6 WindowsWindows – Key User User Mode Mode Components Components CPU Modes - scenarios user kernel www.winitor.com – dec. 2012 7 WindowsWindows – Key User User Mode Mode Components Components TCB • Context • No CPU restriction in kernel • No memory restriction in kernel • No security check in kernel • Definition administrators • Portions of the system trusted to enforce applications the security kernel • Components drivers • Most hardware hardware • All kernel code • Some user code (SeTcbPrivilege) • Administrators www.winitor.com – dec. 2012 8 WindowsWindows – Key User User Mode Mode Components Components Memory Layout • Each application occupies 4 GB of address space • All applications share system memory space 0x00000000 Application A Application B Application C ... Application Z Unprivileged memory address memory 0x7FFFFFFF 0xFFFFFFFF Privileged memory address memory www.winitor.com – dec. 2012 9 WindowsWindows – Key User User Mode Mode Components Components OS Major Components System processes Services processes User processes Environment processes Session manager … … POSIX Logon manager alerter pinball Security manager Win32 … explorer Services manager System services user kernel Executive Hardware Abstraction Layer Hardware www.winitor.com – dec. 2012 10 WindowsWindows – Key User User Mode Mode Components Components Environment Subsystems • Definition • Role • Types .,, ... Win16 application ... Win32 application Win16 application Posix application Win32 application Win16 application Posix application Win32 application WOW DOS application DOS application NTVDM NTVDM … Posix Win32 www.winitor.com – dec. 2012 11 WindowsWindows – Key User User Mode Mode Components Components Environment Subsystems - interfaces • Subsystem • Process runs in a private address space • Application • Sends messages to subsystem • Unaware of messages • Implicitely linked with systems‘s interfaces (image = code + metadata) application.exe Functions calls Win32 API Kernel32.dll Gdi32.dll ... User32.dll Native API Ntdll.dll www.winitor.com – dec. 2012 12 WindowsWindows – Key User User Mode Mode Components Components Environment Subsystems - strategy Application Subsystem Win32 API Subsystem DLLs Executive www.winitor.com – dec. 2012 13 WindowsWindows – Key User User Mode Mode Components Components Environment Subsystems - strategy Application Subsystem Win32 API Subsystem DLLs Native API CPU mode switch Executive www.winitor.com – dec. 2012 14 WindowsWindows – Key User User Mode Mode Components Components Environment Subsystems - strategy Application Subsystem API message CPU context switch Subsystem DLLs Native API CPU mode switch Executive www.winitor.com – dec. 2012 15 WindowsWindows – Key User User Mode Mode Components Components Environment Subsystems - strategy Service implementation CPU mode switching CPU context switching Message sent User process No No No Executive Yes No No performance Server Yes Yes Yes www.winitor.com – dec. 2012 16 WindowsWindows – Key User User Mode Mode Components Components Win16 Support • MS-DOS applications • One-one relation • Win16 applications • Many-one relation < NT > NT Windows MS-DOS MS-DOS Windows www.winitor.com – dec. 2012 17 WindowsWindows – Key User User Mode Mode Components Components System processes • Are started by the system • Are running on every system • Cannot be stopped www.winitor.com – dec. 2012 18 WindowsWindows – Key User User Mode Mode Components Components Session Manager Subsystem • Definition • Role • Particularities • Part of the TCB • Native user application www.winitor.com – dec. 2012 19 WindowsWindows – Key User User Mode Mode Components Components Logon Manager • Definition • Role • Interactive logon request management • Authentication User interface management • User profile initialization • Shell creation • TASKMGR management Who you are (identification) What you know What you are (authentication) (authentication) www.winitor.com – dec. 2012 20 WindowsWindows – Key User User Mode Mode Components Components Local Security Authority Subsystem • Definition • Role www.winitor.com – dec. 2012 21 WindowsWindows – Key User User Mode Mode Components Components Service Control Manager • Definition • Role www.winitor.com – dec. 2012 22 WindowsWindows – Key User User Mode Mode Components Components User Processes - creation System Smss Winlogon Csrss Permanent Services Lsass Userinit Shell ... Volatile (interactive) (interactive) Volatile www.winitor.com – dec. 2012 23 WindowsWindows – Key User User Mode Mode Components Components Thanks! www.winitor.com – dec. 2012 24.

Windows System Architecture

Details

Download

Copyright

We respect the copyrights and intellectual property rights of all users. All uploaded documents are either original works of the uploader or authorized works of the rightful owners.

Support