Abstract image of a woman sitting on books and studying on a laptop

Windows Kernel-

Download as PPT, PDF
P
Parth Desai

The document discusses key concepts related to the Windows kernel, including objects, processes, threads, virtual memory management, and helper modules. It explains that the kernel provides fundamental mechanisms and hardware support, while the executive layer manages objects like processes and threads and implements virtual memory. Processes act as containers for threads, which are the only schedulable objects, and the scheduler prioritizes and switches between threads based on their and their process' priority levels. The document also describes how each process has a private 4GB virtual address space, with the lower half for the process and upper half reserved for the kernel and drivers.

1 of 22
Downloaded 49 times
1
2
3
4
5
Most read
6
7
8
9
10
11
12
13
14
Most read
15
16
17
18
19
Most read
20
21
22
Presented by : Parth Desai
 Introduction to Windows Kernel  Helper modules of Windows Kernel  Process Threads and Jobs  Virtual Memory Management in Windows  Conclusion
 In the Windows operating system, an object is a single, run-time instance of a statically defined object type.  An object type comprises a system-defined data type, functions that operate on instances of the data type, and a set of object attributes.  These objects are based on lower-level objects that Windows creates and manages.  In Windows, a process is an instance of the process object type, a file is an instance of the file object type, and so on.
 An object attribute is a field of data in an object that partially defines the object’s state.  Object methods, the means for manipulating objects, usually read or change the object attributes.  For example, the open method for a process would accept a process identifier as input and return a pointer to the object as output.
 Windows kernel is the core part of Windows Operating System. It is monolithic kernel and contained in (%SystemDir%System32ntoskrnl.exe).  Windows Kernel provides service routines and helper functions to access system resources and Hardware of Computer.  For example An application might want to read certain data from the File.  There is ReadFile Application Programming Interface exported by Kernel32.dll.  When Application call that function then Windows executes this call as follows:  First , Control transferred to the ReadFile Api’s code contained in Kernel32.dll.  The code contained in Kernel32.dll now performs initial checking of its parameters.
 For reference the definition of ReadFile api in msdn is as follows: • BOOL WINAPI ReadFile( • __in HANDLE hFile, • __out LPVOID lpBuffer, • __in DWORD nNumberOfBytesToRead, _ • _out_opt LPDWORD lpNumberOfBytesRead, • __inout_opt LPOVERLAPPED lpOverlapped );  If the parameter seems to be valid at That time. ReadFile api call now NtReadFile function contained in Ntdll.dll.  Ntdll.dll is entry point to Kernel executive’s services. It now performs more accurate validation of The parameters And then enters into Kernel mode (in ring 0 ). For Intel processors it execute SYSENTER instruction to enter into Kernel mode.  Then Kernel dispatch this system call to appropriate service routine.
 As you have seen in ReadFile Api the first parameter of it is “HANDLE hFile” , is analogues to the object reference.  You can get this reference by the Api that responsible for creating Object.  Kernel defines the basic functions and Object for that and taking it as base The upper layer executive defines more concrete object like file , registry key etc , that comprises of one or more kernel’s primitive object.  That routine then finds appropriate device driver to Handle the request.  The device driver than call the routines in Kernel and Hardware Abstraction Layer(HAL) to Perform the actual reading.  The data transferred to the buffer provided by the application in lpBuffer parameter.  Though Windows is not strict Object Oriented Operating system . Almost every resource have its Wrapper object and functions that access or properly manipulate the resources.
Windows Kernel-
 There are main three helper modules that provide functionality additional than core services. these modules and Windows Kernels are dependent on each others. HAL.DLL  The hardware abstraction layer (HAL) is a key part of making this portability possible.  The HAL is a loadable kernel-mode module (Hal.dll) that provides the low-level interface to the hardware platform on which Windows is running. It hides hardware-dependent details such as I/O interfaces, interrupt controllers, and multiprocessor communication mechanisms —any functions that are both architecture-specific and machine-dependent.  So rather than access hardware directly, Windows internal components as well as user- written device drivers maintain portability by calling the HAL routines when they need platform dependent information.  For this reason, the HAL routines are documented in the WDK. To find out more about the HAL and its use by device drivers, refer to the WDK. Win32k.sys
 The kernel mode driver (Win32K.sys) contains:  The window manager, which controls window displays; manages screen output; collects input from keyboard, mouse, and other devices; and passes user messages to applications.  The Graphics Device Interface (GDI), which is a library of functions for graphics output devices.  It includes functions for line, text, and figure drawing and for graphics manipulation.  Wrappers for DirectX support that is implemented in another kernel driver (Dxgkrnl.sys).
 Kernel Executive (Upper Layer Of Kernel) :  Kernel leaves almost all possible policy making on Executive. Executive create and manipulate objects that comprises of one or more Kernel’s primitive objects.  The Windows executive is the upper layer of Ntoskrnl.exe. (The kernel is the lower layer.)  The executive includes the following types of functions:  Functions that are exported and callable from user mode. These functions are called system services and are exported via Ntdll.Dll Most of the services are accessible through the Windows API or the APIs of another environment subsystem.  A few services, however , are not available through any documented subsystem function. (Examples include LPCs and various query functions such as NtQueryInformationProcess, specialized functions such as NtCreatePagingFile, and so on.)
 Device driver functions that are called through the use of the DeviceIoControl function.  This provides a general interface from user mode to kernel mode to call functions in device drivers that are not associated with a read or write.  Functions that can be called only from kernel mode that are exported and are documented in the WDK.  Functions that are exported and callable from kernel mode but are not documented in the WDK (such as the functions called by the boot video driver, which start with Inbv).  The process and thread manager creates and terminates processes and threads. The underlying support for processes and threads is implemented in the Windows kernel; the executive adds additional semantics and functions to these lower-level objects.
 The memory manager implements virtual memory, a memory management scheme that provides a large, private address space for each process.  That can exceed available physical memory. The memory manager also provides the underlying support for the cache manager.
 The kernel consists of a set of functions in Ntoskrnl.exe that provide fundamental mechanisms (such as thread scheduling and synchronization services) used by the executive components , as well as low-level hardware architecture–dependent support (such as interrupt and exception dispatching), that is different on each processor architecture.  The kernel code is written primarily in C, with assembly code reserved for those tasks that require access to specialized processor instructions and registers not easily accessible from C.
 Processes and Threads in Kernel are implemented as an Object.  In Windows Process is just acts as a container for Threads. That means in Windows Only threads are schedulable Object.  Windows Kernel exposes Process creation and Thread creation facility by ZwCreateProcess and ZwCreateThread.
 In Windows context switching occurs When the Application in Windows transit from User Mode to Kernel Mode and Scheduler detects that the time quantum of Thread has been expired , or Application waits for some event to be happen.  In both the cases , Scheduler then tries to search the another Thread that is schedulable and Start it.
Windows Kernel-
 Windows scheduler supports both Thread Relative Priority levels and Process Priority.  Process Priority are Low , Below Normal, Normal , Normal , Above Normal , High ,and Realtime .  Whereas Thread Priority levels are 0 to 31 in Windows. That are called Relative Thread Priority Levels because How Windows scheduler interprets them depends on corresponding Process ‘ s Priority .  Every Thread or Process has one Id associated with it . This id is unique throughout the system . And processes and Threads in Windows shares same namespace for ids.  The api for setting Threads or processes priority is SetProcessPriority and SetThreadPriority.
 IN Windows Every Application that runs in User Mode has been provided 4 GB of virtual Memory space for its Data and code.  Although , The Actual Memory space that can be used by Windows Application is the Lower half of this address space (x00000000 through x7FFFFFFF) and the upper half is used by Kernel or its Helper modules (x80000000 through xFFFFFFFF ).
Windows Kernel-
 The mappings of the lower half change to reflect the virtual address space of the currently executing process.  But the mappings of the upper half always consist of the operating system’s virtual memory.  Because Every process has its own private address space . Then two application can’t access each other’s data or code without proper sharing.  Starting From Windows vista and Windows server 2008 the user can enable or set increaseuserva flag at boot time. Because of this the application that have special flag set in Their Header can have 3 gb of address space. So, The application can allocate or commit more memory than the regular application.
THE END

More Related Content

PDF
Lesson 2 Understanding Linux File System
Sadia Bashir
 
PPTX
File System in Operating System
Meghaj Mallick
 
PPT
Os Threads
Salman Memon
 
PPTX
file system in operating system
tittuajay
 
PPT
Linux architecture
mcganesh
 
PPTX
Inter Process Communication
Adeel Rasheed
 
PPTX
Kernels and its types
ARAVIND18MCS1004
 
PPTX
Distributed operating system
Prankit Mishra
 
Lesson 2 Understanding Linux File System
Sadia Bashir
 
File System in Operating System
Meghaj Mallick
 
Os Threads
Salman Memon
 
file system in operating system
tittuajay
 
Linux architecture
mcganesh
 
Inter Process Communication
Adeel Rasheed
 
Kernels and its types
ARAVIND18MCS1004
 
Distributed operating system
Prankit Mishra
 

What's hot (20)

PDF
Processes and threads
Krasimir Berov (Красимир Беров)
 
PPTX
Distributed and clustered systems
V.V.Vanniaperumal College for Women
 
PPTX
File Management in Operating System
Janki Shah
 
PPTX
Critical section problem in operating system.
MOHIT DADU
 
PPTX
File and directory
Sunil Kafle
 
PDF
OS - Process Concepts
Mukesh Chinta
 
PPT
Shell and its types in LINUX
SHUBHA CHATURVEDI
 
PDF
Inter Process Communication
Anil Kumar Pugalia
 
PDF
operating system structure
Waseem Ud Din Farooqui
 
PPT
Linux basic commands
MohanKumar Palanichamy
 
PPTX
Linux file system
Md. Tanvir Hossain
 
PPT
Fullandparavirtualization.ppt
ImXaib
 
PPTX
Windows Architecture Explained by Stacksol
Stacksol
 
PPTX
Cpu scheduling in operating System.
Ravi Kumar Patel
 
PPTX
Linux commands
penetration Tester
 
PPTX
What is Kernel, basic idea of kernel
Neel Parikh
 
PPT
Case study windows
Padam Banthia
 
PPTX
Linux booting Process
Gaurav Sharma
 
PPT
Linux file system
Midaga Mengistu
 
PPT
Ipc in linux
Dr. C.V. Suresh Babu
 
Processes and threads
Krasimir Berov (Красимир Беров)
 
Distributed and clustered systems
V.V.Vanniaperumal College for Women
 
File Management in Operating System
Janki Shah
 
Critical section problem in operating system.
MOHIT DADU
 
File and directory
Sunil Kafle
 
OS - Process Concepts
Mukesh Chinta
 
Shell and its types in LINUX
SHUBHA CHATURVEDI
 
Inter Process Communication
Anil Kumar Pugalia
 
operating system structure
Waseem Ud Din Farooqui
 
Linux basic commands
MohanKumar Palanichamy
 
Linux file system
Md. Tanvir Hossain
 
Fullandparavirtualization.ppt
ImXaib
 
Windows Architecture Explained by Stacksol
Stacksol
 
Cpu scheduling in operating System.
Ravi Kumar Patel
 
Linux commands
penetration Tester
 
What is Kernel, basic idea of kernel
Neel Parikh
 
Case study windows
Padam Banthia
 
Linux booting Process
Gaurav Sharma
 
Linux file system
Midaga Mengistu
 
Ipc in linux
Dr. C.V. Suresh Babu
 
Ad

Similar to Windows Kernel- (20)

PPT
Case Study 2: WINDOWS VISTA
Munazza-Mah-Jabeen
 
PDF
Windows internals Essentials
John Ombagi
 
PPT
Windows internals
Piyush Jain
 
PPT
Earhart
siam hossain
 
PPT
the windows opereting system
Юсуф Сатторов
 
PPTX
Window architecture
IGZ Software house
 
PPT
Windows 2000
Agnas Jasmine
 
PPTX
Windows XP operating system
Himanshu Choudhary
 
PDF
00-WindowsKernelOverview_University of Tokyo_July 2004.pdf
vtkhuyenhd
 
PDF
Os file
mominabrar
 
PDF
Understanding Windows NT Internals - Part 1
Arun Seetharaman
 
PDF
12-Case-Study-WindowsNT.pdf in operating sysetm.
DuaRajpoot2
 
PPT
운영체제론 Ch22
Jongmyoung Kim
 
PPT
2337610
hantfhan
 
PPTX
Windows 2000
pramila kanagaraj
 
PDF
Analysis Of Process Structure In Windows Operating System
Darian Pruitt
 
PPTX
Window ce
balamurugan.k Kalibalamurugan
 
PPT
Windows Operating system notes taken from somewhere
toursofecstacy
 
DOCX
My first Operating System Presentation
Rida Bilgrami
 
PPT
Os4 2
issbp
 
Case Study 2: WINDOWS VISTA
Munazza-Mah-Jabeen
 
Windows internals Essentials
John Ombagi
 
Windows internals
Piyush Jain
 
Earhart
siam hossain
 
the windows opereting system
Юсуф Сатторов
 
Window architecture
IGZ Software house
 
Windows 2000
Agnas Jasmine
 
Windows XP operating system
Himanshu Choudhary
 
00-WindowsKernelOverview_University of Tokyo_July 2004.pdf
vtkhuyenhd
 
Os file
mominabrar
 
Understanding Windows NT Internals - Part 1
Arun Seetharaman
 
12-Case-Study-WindowsNT.pdf in operating sysetm.
DuaRajpoot2
 
운영체제론 Ch22
Jongmyoung Kim
 
2337610
hantfhan
 
Windows 2000
pramila kanagaraj
 
Analysis Of Process Structure In Windows Operating System
Darian Pruitt
 
Window ce
balamurugan.k Kalibalamurugan
 
Windows Operating system notes taken from somewhere
toursofecstacy
 
My first Operating System Presentation
Rida Bilgrami
 
Os4 2
issbp
 
Ad

Windows Kernel-

  • 1. Presented by : Parth Desai
  • 2.  Introduction to Windows Kernel  Helper modules of Windows Kernel  Process Threads and Jobs  Virtual Memory Management in Windows  Conclusion
  • 3.  In the Windows operating system, an object is a single, run-time instance of a statically defined object type.  An object type comprises a system-defined data type, functions that operate on instances of the data type, and a set of object attributes.  These objects are based on lower-level objects that Windows creates and manages.  In Windows, a process is an instance of the process object type, a file is an instance of the file object type, and so on.
  • 4.  An object attribute is a field of data in an object that partially defines the object’s state.  Object methods, the means for manipulating objects, usually read or change the object attributes.  For example, the open method for a process would accept a process identifier as input and return a pointer to the object as output.
  • 5.  Windows kernel is the core part of Windows Operating System. It is monolithic kernel and contained in (%SystemDir%System32ntoskrnl.exe).  Windows Kernel provides service routines and helper functions to access system resources and Hardware of Computer.  For example An application might want to read certain data from the File.  There is ReadFile Application Programming Interface exported by Kernel32.dll.  When Application call that function then Windows executes this call as follows:  First , Control transferred to the ReadFile Api’s code contained in Kernel32.dll.  The code contained in Kernel32.dll now performs initial checking of its parameters.
  • 6.  For reference the definition of ReadFile api in msdn is as follows: • BOOL WINAPI ReadFile( • __in HANDLE hFile, • __out LPVOID lpBuffer, • __in DWORD nNumberOfBytesToRead, _ • _out_opt LPDWORD lpNumberOfBytesRead, • __inout_opt LPOVERLAPPED lpOverlapped );  If the parameter seems to be valid at That time. ReadFile api call now NtReadFile function contained in Ntdll.dll.  Ntdll.dll is entry point to Kernel executive’s services. It now performs more accurate validation of The parameters And then enters into Kernel mode (in ring 0 ). For Intel processors it execute SYSENTER instruction to enter into Kernel mode.  Then Kernel dispatch this system call to appropriate service routine.
  • 7.  As you have seen in ReadFile Api the first parameter of it is “HANDLE hFile” , is analogues to the object reference.  You can get this reference by the Api that responsible for creating Object.  Kernel defines the basic functions and Object for that and taking it as base The upper layer executive defines more concrete object like file , registry key etc , that comprises of one or more kernel’s primitive object.  That routine then finds appropriate device driver to Handle the request.  The device driver than call the routines in Kernel and Hardware Abstraction Layer(HAL) to Perform the actual reading.  The data transferred to the buffer provided by the application in lpBuffer parameter.  Though Windows is not strict Object Oriented Operating system . Almost every resource have its Wrapper object and functions that access or properly manipulate the resources.
  • 9.  There are main three helper modules that provide functionality additional than core services. these modules and Windows Kernels are dependent on each others. HAL.DLL  The hardware abstraction layer (HAL) is a key part of making this portability possible.  The HAL is a loadable kernel-mode module (Hal.dll) that provides the low-level interface to the hardware platform on which Windows is running. It hides hardware-dependent details such as I/O interfaces, interrupt controllers, and multiprocessor communication mechanisms —any functions that are both architecture-specific and machine-dependent.  So rather than access hardware directly, Windows internal components as well as user- written device drivers maintain portability by calling the HAL routines when they need platform dependent information.  For this reason, the HAL routines are documented in the WDK. To find out more about the HAL and its use by device drivers, refer to the WDK. Win32k.sys
  • 10.  The kernel mode driver (Win32K.sys) contains:  The window manager, which controls window displays; manages screen output; collects input from keyboard, mouse, and other devices; and passes user messages to applications.  The Graphics Device Interface (GDI), which is a library of functions for graphics output devices.  It includes functions for line, text, and figure drawing and for graphics manipulation.  Wrappers for DirectX support that is implemented in another kernel driver (Dxgkrnl.sys).
  • 11.  Kernel Executive (Upper Layer Of Kernel) :  Kernel leaves almost all possible policy making on Executive. Executive create and manipulate objects that comprises of one or more Kernel’s primitive objects.  The Windows executive is the upper layer of Ntoskrnl.exe. (The kernel is the lower layer.)  The executive includes the following types of functions:  Functions that are exported and callable from user mode. These functions are called system services and are exported via Ntdll.Dll Most of the services are accessible through the Windows API or the APIs of another environment subsystem.  A few services, however , are not available through any documented subsystem function. (Examples include LPCs and various query functions such as NtQueryInformationProcess, specialized functions such as NtCreatePagingFile, and so on.)
  • 12.  Device driver functions that are called through the use of the DeviceIoControl function.  This provides a general interface from user mode to kernel mode to call functions in device drivers that are not associated with a read or write.  Functions that can be called only from kernel mode that are exported and are documented in the WDK.  Functions that are exported and callable from kernel mode but are not documented in the WDK (such as the functions called by the boot video driver, which start with Inbv).  The process and thread manager creates and terminates processes and threads. The underlying support for processes and threads is implemented in the Windows kernel; the executive adds additional semantics and functions to these lower-level objects.
  • 13.  The memory manager implements virtual memory, a memory management scheme that provides a large, private address space for each process.  That can exceed available physical memory. The memory manager also provides the underlying support for the cache manager.
  • 14.  The kernel consists of a set of functions in Ntoskrnl.exe that provide fundamental mechanisms (such as thread scheduling and synchronization services) used by the executive components , as well as low-level hardware architecture–dependent support (such as interrupt and exception dispatching), that is different on each processor architecture.  The kernel code is written primarily in C, with assembly code reserved for those tasks that require access to specialized processor instructions and registers not easily accessible from C.
  • 15.  Processes and Threads in Kernel are implemented as an Object.  In Windows Process is just acts as a container for Threads. That means in Windows Only threads are schedulable Object.  Windows Kernel exposes Process creation and Thread creation facility by ZwCreateProcess and ZwCreateThread.
  • 16.  In Windows context switching occurs When the Application in Windows transit from User Mode to Kernel Mode and Scheduler detects that the time quantum of Thread has been expired , or Application waits for some event to be happen.  In both the cases , Scheduler then tries to search the another Thread that is schedulable and Start it.
  • 18.  Windows scheduler supports both Thread Relative Priority levels and Process Priority.  Process Priority are Low , Below Normal, Normal , Normal , Above Normal , High ,and Realtime .  Whereas Thread Priority levels are 0 to 31 in Windows. That are called Relative Thread Priority Levels because How Windows scheduler interprets them depends on corresponding Process ‘ s Priority .  Every Thread or Process has one Id associated with it . This id is unique throughout the system . And processes and Threads in Windows shares same namespace for ids.  The api for setting Threads or processes priority is SetProcessPriority and SetThreadPriority.
  • 19.  IN Windows Every Application that runs in User Mode has been provided 4 GB of virtual Memory space for its Data and code.  Although , The Actual Memory space that can be used by Windows Application is the Lower half of this address space (x00000000 through x7FFFFFFF) and the upper half is used by Kernel or its Helper modules (x80000000 through xFFFFFFFF ).
  • 21.  The mappings of the lower half change to reflect the virtual address space of the currently executing process.  But the mappings of the upper half always consist of the operating system’s virtual memory.  Because Every process has its own private address space . Then two application can’t access each other’s data or code without proper sharing.  Starting From Windows vista and Windows server 2008 the user can enable or set increaseuserva flag at boot time. Because of this the application that have special flag set in Their Header can have 3 gb of address space. So, The application can allocate or commit more memory than the regular application.