Transcript Windows NT
Windows OS Overview
Instructor: Hengming Zou, Ph.D.
In Pursuit of Absolute Simplicity 求于至简,归于永恒
Copyright Notice
This PPT presentation is developed by Hengming Zou of
Shanghai Jiao Tong University under permission and
with support from Microsoft Research
The material contained in the PPT is based on and
derived from copyrighted material from Microsoft
Any non-profit use of this material is hereby granted
provided that this notice page is shown
2
Roadmap
History of Operating Systems
Tasks of an Operating System
OS as extension of the hardware
Main concepts: processes, files, system calls
Operating system structuring
3
Operating Systems Concepts
System software manages resources
OS hides complexity of underlying hardware
Layered architectures
Banking
system
Airline
reservation
Web browser
Compilers
Editors
Command
interpreter
Application programs
System programs
Operating system
Machine language
Microprogramming
Hardware
Physical devices
4
History of operating systems
Batch processing
The elements of the basic
IBM 1401 system are the
1401 Processing Unit,
1402 Card Read-Punch,
and 1403 Printer.
Punching cards
Multiprocessing
programming
Job 3
Job 2
Job 1
OS
Memory
partitions
5
Evolution of OS Functionality
Batch Job Processing
– Linkage of library routines to programs
– Management of files, I/O devices, secondary storage
Multiprogramming
– Resource managment and sharing for multiple programs
– Quasi-simultaneous program execution
– Single user
6
Evolution of OS Functionality
Multiuser/Timesharing Systems
– Management of multiple simultaneous users interconnected via
terminals
– Fair resource management: CPU scheduling, spooling, mutual
exclusion
Real-Time Systems (process control systems)
– Management of time-critical processes
– High requirements with respect to reliability and availability
7
Tasks of an Operating System
Processor management - Scheduling
– Fairness
– Non-blocking behavior
– Priorities
Memory management
– Virtual versus physical memory, memory hierarchy
– Protection of competing/conurrent programs
Storage management – File system
– Access to external storage media
8
Tasks of an Operating System
Device management
– Hiding of hardware dependencies
– Management of concurrent accesses
Batch processing
– Definition of an execution order;
– throughput maximization
9
Kernel- and User Mode Programs
Typical functionality implemented in either mode:
– Kernel and user mode
Kernel mode: Privileged mode
Strict assumptions about reliability/security of code
Memory resident
– CPU-, memory-, Input/Output managment
– Multiprocessor management, diagnosis, test
– Parts of file system and of the networking interface
10
Kernel- and User Mode Programs
User Space:
More flexible
Simpler maintenance and debugging
– Compiler, assembler, interpreter, linker/loader
– File system management, telecommunication
– network management
– Editors, spreadsheets, user applications
11
Layered Model of OS Concepts
No Name
Typical Objects
1
Integrated circuits
2
Machine languageinstruction counter, ALU
Add, Move, Load, Store
3
Subroutine linkage
procedure block
Stack Call, JSR, RTS
4
Interrupts
interrupt handlers
Bus error, Reset
5
Simple processes
process, semaphore
wait, ready, execute
6
Local memory
data block, I/O channel
read, write, open, close
7
Virtual model
page, frame
read, write, swap
8
Process communication
channel (pipe), message
read, write, open
9
File management
files
read, write, open, copy
ext.memory, terminals
read, write
10 Device management
11 I/O data streams
register, gate, bus
Typical Operations
data streams
Nand, Nor, Exor
open, close, read, write
12 User processes
user processes
login, logout, fork
13 Directory management
internal tables
create, delete, modify
14 Graphical user interface
window, menu, icon
OS system calls
12
OS acts as Extension of Hardware
System view: layered model of OS
– Implementation details on one layer are hidden from higher
layers
Same machine, different operating systems:
– IBM PC: DOS, Linux, NeXTSTEP, Windows NT, SCO Unix
– DEC VAX: VMS, Ultrix-32, 4.3 BSD UNIX
13
OS Acts as Extension of Hardware
Same OS, different machines: UNIX
– PC (XENIX 286, APPLE A/UX)
– CRAY-Y/MP (UNICOS - AT&T Sys V)
– IBM 360/370 (Amdahl UNIX UTS/580, IBM UNIX AIX/ESA)
Windows XP (or Windows NT/2000)
– Intel i386 (i486 an NT 4.0), Alpha, PowerPC, MIPS, Itanium
14
Operating Systems Evolution
55
IOCS
IBSYS
60
CTSS
65 DOS/360
OS/360
70
75
MULTICS
CP/CM5
DOS/VDSE MVS/370
RT-11
SYSTEM III
VS
MVS/XA
VM/XA SYSTEM V
90
SYSTEM V.4
VS/ESA MVS/ES
95
UNIXV.7
VM/370
80
85
VM/ESA
LINUX AIX/ESA
SOLARIS 2
CP/M
VMS 1.0
4.1BSD XENIX
MS-DOS 1.0
SUN OS
4.2BSD
AIX POSIX
MACH
OSF/1
4.3BSD
AIX/370
00
03
RSX-11M
UNIX
TSO
4.4BSD
OS/2
WIN 3.0
VMS 5.4
DR/DOS
WIN 3.1
WIN NT WIN 9X
VMS 7.3 WIN 2000
LINUX 2.6
SOLARIS 10
WIN XP
WIN Server 2003
15
Main Concepts: processes
Processes, process table, core image
Command interpreter, shell
Child processes
A
new
B
finished
ready
C
running
D
E
F
blocked
Process tree
Scheduling, signals
User identification, group identification
16
Main Concepts: Files
Root directory
Files, directories, root
Path, working directory
Protection, rwx bits
File descriptor, handle
tmp
etc
usr
mia
pit
Special files, I/O devices
Block I/O, character I/O
Standard input/output/error
pipes
17
Main concepts: system calls
User programs access OS services via system calls
Parameter transmission via trap, register, stack
– count=read(file, buffer, nbytes);
5 general classes of system calls:
– Process control
– File manipulation
– Device manipulation
– Information maintenance
– communications
18
Main concepts: shell
Command interpreter
Displays prompt, implements input/output redirection
Background processes, job control, pseudo terminals
$ date
$ date >file
$ sort <file1 >file2
$ cat file1 file2 file3 > /dev/lp1
$ make all >log 2>&1 &
19
Structuring of Operating Systems
Monolithical systems
Unstructured
Supervisor call changes
App
App
User Mode
Kernel Mode
System services
from user mode into
kernel mode
OS
procedures
Hardware
20
Layered OS
Each layer is given access only to lower-level interfaces
Application
Program
Application
Program
Application
Program
User Mode
Kernel Mode
System Services
File System
Memory and I/O Device Management
Processor Scheduling
Hardware
21
Microkernel OS (Client/server OS)
Kernel implements:
– Scheduling
Client
App
Memory
Server
Network
Server
– Memory Management
– IPC
Process
Server
File
Server
User-mode servers
Display
Server
User Mode
Kernel Mode
request
Microkernel
reply
Hardware
22
Mach Microkernel OS Extended Memory
Managment
Paging handled
by user-space
server
map memory object
(vm_map())
Client
Lookup
service
Port: comm.
endpoint,
network-wide
page faults
get
memory
object
netmsgsrv
Kernel
upcalls
handles faults
and
consistency
Pager
advertise service
Paging handled by user-space server
23
Mach Distributed Shared Memory System
Access remote memories, port access rights - ACL
24
Windows 2000/NT background/history
Dave Cutler:
OS Developer at DEC since 1971
RSX-11M, PDP-11 (16 bit mini): Size is the Goal
– Multitasking, hierarchical file system, real-time scheduling
– Application swapping, utilities
– 32 kb of memory (!)
– 16 kb Kernel, 16 kb utilities, overlay structures, assembly
language
– Time-to-market: 18 months
Lack of address bits: VAX architecture (32 bit)
– Most successful architecture in ´70s and ´80s
25
DEC (VMS) and MS Windows NT
VMS=Virtual Memory System
Cutler was leader of VMS development effort
VAX-11 hardware had PDP-11 compatibility mode
– RSX-11M was the compatibility environment to be supported by
VMS
– Binary and file system compatibility
Biggest mistake: VMS written in assembly language
– Size restrictions, no compiler available, engineering expertise
26
DEC (VMS) and MS Windows NT
Summer 88: call from Bill Gates
– New OS for PC architecture
– Portability, security, POSIX, compatibility, multiprocessor,
extensibility
– Similar goals as for PDP-11/VAX transition
Windows NT came to market in 1993
27
Windows NT Origins
Design began in late 1988/early 1989 after Dave Cutler
and a handful of Digital employees started at MS
– Dave Cutler—legend in the operating system world
– Internally, many similarities to Digital’s VMS
(scheduling, memory management, I/O and driver model)
– VMS+1=WNT just a coincidence
Original goal was replacement for OS/2
28
Windows NT Origins
Later goal changed to be: replacement for Windows 3.0
– The name “Windows NT” was born
– NT=“New Technology”
But at a high level, the architecture and user interface
are not really that “new”
– as compared to most 32-bit OS’s
The i860 RISC CPU NT was originally targeted at was
code named N-Ten
29
Windows NT Origins
Interesting book on the early years of NT:
– Show-stopper!: The Breakneck Race to Create Windows NT and
the Next Generation at Microsoft
– By G. Pascal Zachary, ISBN: 0029356717
30
VMS and Windows NT
Layered design for VAX/VMS OS
Layered Products
(Apps)
Program
Development Tools
Utilities
Environment Subsystems
User
Mode System
& Service
KernelProcesses
Mode
User
Application
Subsystem DLL
OS/2
Windows
POSIX
Windows
Support Libraries
User
Command Language Interpreter (CLI)
Supervisor
Record Management Service (RMS)
Executive
Executive
Device Drivers
Hardware Abstraction Layer (HAL)
Kernel
Windows
User/GDI
Device
Driver
System services
Kernel
Memory
Management
I/O Subsystem
Process and
time management
Windows NT high-level architecture
System-wide data structures
Platform-Adaptation Layer (PAL) - Alpha
31
Release History
Product name has varied internally
each version identified by a “build number”
Internal identification:
– increments each time NT is built from source
– (5-6 times a week)
Interesting timeline:
– http://windows2000.about.com/library/weekly/aa010218a.htm
32
Release History
Build#
297
511
807
1057
1381
2195
2600
3790
4051
Version
PDC developer release
NT 3.1
NT 3.5
NT 3.51
NT 4.0
Windows 2000 (NT 5.0)
Windows XP (NT 5.1)
Windows Server 2003 (NT 5.2)
Longhorn PDC Developer Preview
Date
Jul 1992
Jul 1993
Sep 1994
May 1995
Jul 1996
Dec 1999
Aug 2001
Mar 2003
Oct 2003
33
Windows And Linux Evolution
Windows and Linux kernels are based on foundations
developed in the mid-1970s
1970
1980
1990
2000
1970
1980
1990
2000
(see http://www.levenez.com for diagrams showing history of Windows & Unix)
34
Further Reading
Dennis M. Ritchie, The Evolution of the Unix Time-
sharing System,
– in Proc. of Lang. Design and Programming Meth. Conf., Sydney,
Australia, Sept 1979, Lecture Notes in Computer Science #79,
Springer-Verlag, 1980.
David Donald Miller, OpenVMS Operating System
Concepts,
– 2nd Ed., Digital Press, 1997.
– History of Digital Operating Systems (pp. 447 ff.)
35
Further Reading
Mark E. Russinovich and David A. Solomon,
Microsoft Windows Internals,
– 4th Edition, Microsoft Press, 2004.
– Historical Perspective (pp. xix ff.)
G. Pascal Zachary, Show Stopper! The Breakneck Race
to Create Windows NT and the Next Generation at
Microsoft,
– ISBN: 0029356717, Free Press, 1994
36
Windows Operating System Family
Concepts & Tools
37
Roadmap for Section 1.3.
High-level Overview on Windows Concepts
Processes, Threads
Virtual Memory, Protection
Objects and Handles
Windows is thoroughly instrumented
Key monitoring tools
Extra resources at www.sysinternals.com
38
Requirements and Design Goals
Provide a true 32-bit, preemptive, reentrant, virtual
memory operating system
Run on multiple hardware architectures and platforms
Run/scale well on symmetric multiprocessing systems
Distributed computing platform (Client/Server)
Run most existing 16-bit DOS and Windows 3.1 apps
Meet government req. for POSIX 1003.1 compliance
Meet government and industry req. for OS security
39
Requirements and Design Goals
Support Unicode
Extensibility
– Code must be able to grow and change as market change
Portability
– must be able to run on multiple hardware architectures and move
with relative ease to new ones as market demands dictate
Reliability and Robustness
– Protection against internal malfunction and external tampering
– Apps should not be able to harm the OS or other running apps
40
Goals (contd.)
Compatibility
– UI and APIs should be compatible with older versions of
Windows as well as older OS such as MS-DOS
– Should also interoperate well with UNIX, OS/2, and NetWare
Performance
– Should be as fast/responsive as possible on each HW platform
41
Portability
HAL (Hardware Abstraction Layer):
– support for x86 (initial), MIPS (initial)
– Alpha AXP, PowerPC (NT 3.51), Itanium (Windows XP/2003)
– Machine-specific functions located in HAL
Layered design:
– architecture-specific functions located in kernel
42
Portability
Windows NT/2000/XP/2003 kernel components are
primarily written in C:
– OS executive, utilities, drivers
– UI and graphics subsystem - written in C++
HW-specific/performance-sensitive parts:
– written in assembly language
– int trap handler, context switching
43
Windows API & Subsystems
Windows API (application programming interface)
– Common programming interface to Windows NT/2000/XP,
Windows 95/98/ME and Windows CE
– OS implement (different) subsets of the API
– MSDN: http://msdn.microsoft.com
44
Windows API & Subsystems
Windows supports multiple subsystems (APIs):
– Windows (primary), POSIX, OS/2
– User space app access OS functionality via subsystems
Subsystems define APIs, process, file system semantics
– OS/2 used to be primary subsystem for Windows NT
45
64-bit vs. 32-bit Windows APIs
Pointers and types derived from pointer are 64-bit
A few others go 64
– e.g. WPARAM, LPARAM, LRESULT, SIZE_T
Rest are the same
– e.g., 32-bit INT, DWRD, LONG
46
64-bit vs. 32-bit Windows APIs
Only 5e replacement APIs!
4 for Window/Class Data
– Replaced by Polymorphic (_ptr) versions
– Updated constants used by these APIs
1 (_ptr) version for flat scroll bars properties
47
64-bit vs. 32-bit Windows APIs
Win32 and Win64 are consistently named the
Windows API
API
Data Model
int
long
pointer
Win32
ILP32
32
32
32
Win64
LLP64
32
32
64
UNIXes
LP64
32
64
64
48
Services, Functions, and Routines
Windows API functions:
– Documented, callable subroutines
– CreateProcess, CreateFile, GetMessage
Windows system services:
– Undocumented functions, callable from user space
– NtCreateProcess is used by Windows CreateProcess and
POSIX fork() as an internal service
49
Windows Internal Routines
Subroutines inside Windows executive/kernel/ HAL
Callable from kernel mode only
– (device driver, NT OS components)
For Example:
– ExAllocatePool allocates memory on system heap
50
Windows Services:
Processes started by the Service Control Manager
Example:
– The Schedule service supports the at-command
51
DLL (Dynamic Link Library)
Subroutines in binary format
– contained in dynamically loadable files
Examples:
– MSVCRT.DLL – MS Visual C++ run-time library
– KERNEL32.DLL – one of the Windows API libraries
52
Processes
Represents an instance of a running program
– you create a process to run a program
– starting an application creates a process
Process defined by:
– Address space
– Resources (e.g. open handles)
– Security profile (token)
53
Threads
An execution context within a process
Unit of scheduling (threads run, processes don’t run)
All threads in a process share same address space
– can synchronize access to shared resources
– (critical sections, mutexes, events, semaphores)
All threads in the system are scheduled as peers to all
others, without regard to their “parent” process
54
Processes and Threads
Per-process
address space
Thread
Thread
Thread
System wide Address Space
55
Processes and Threads
System calls for process and thread creation:
– CreateProcess and CreateThread
Primary argument to CreateProcess is:
– image file name (or command line)
Primary argument to CreateThread is:
– a function entry point address
56
Processes and Threads
Every process starts with one thread
First thread executes the program’s “main” function
– Can create other threads in the same process
– Can create additional processes
Why divide an application into multiple threads?
57
Why Divide Process into Threads
Perceived user responsiveness
parallel/background execution
Examples: Word background print
– can continue to edit during print
58
Why Divide Process into Threads
Take advantage of multiple processors
On an MP system with n CPUs
– n threads can literally run at the same time
Question: given a single threaded application, will
adding a 2nd processor make it run faster?
59
Why Divide Process into Threads
Does add complexity
Synchronization
Scalability well is a different question…
– # of multiple runnable threads vs # CPUs
– too many runnable threads causes excess context switch
60
A Process and Its Resources
Access token
Process
object
Handle table
VAD
VAD
VAD
Virtual address space descriptors (VADs)
Object
Object
thread
thread
thread
Access token
61
Virtual Memory
32-bit address space (4 GB)
– 2 GB user space (per process)
– 2 GB operating system
64-bit address space
– 7192 GB user space (Itanium)
– 8192 GB user space (x64)
– ~6000 GB operating system
Memory manager maps virtual onto physical memory
62
Default 32-bit Layout
Unique per process
2 GB
User
Process
space
System wide
2 GB system
Kernel/HAL
Boot drivers
System cache
Paged pool
Nonpaged pool
63
Memory Protection Model
No user process can touch another user process
address space
– without first opening a handle to the process,
– which means passing through NT security
Separate process page tables prevent this
Current page table changed on context switch from a
thread in 1 process to a thread in another process
64
Memory Protection Model
No user process can touch kernel memory
Page protection in process page tables prevent this
OS pages only accessible from “kernel mode”
– x86: Ring 0, Itanium: Privilege Level 0
Threads change from user to kernel mode and back (via
a secure interface) to execute kernel code
– Does not affect scheduling (not a context switch)
65
Kernel Mode vs. User Mode
No protection for components running in kernel mode
Transition from user to kernel mode through special
instruction (processor changes privilege level)
– OS traps this instruction and validates arguments to syscalls
– Transition from user to kernel mode does not affect thread
scheduling
66
Kernel Mode vs. User Mode
Performance Counters: System/Processor/Process/
Thread – Privileged Time/User time
– Windows kernel is thoroughly instrumented
– Hundreds of performance counters throughout the system
Performance Monitor – perfmon.msc - MMC snap in
67
Performance Monitor
68
Objects and Handles
Process, thread, file, event objects in Windows are
mapped on NT executive objects
Object services read/write object attributes
Objects:
– Human-readable names for system resources
– Resource sharing among processes
– Resource protection against unauthorized access
69
Objects and Handles
Security/Protection based on NT executive objects
2 forms of access control:
Discretionary control:
– read/write/access rights
Privileged access:
– administrator may take ownership of files
70
Networking
Integral, application-transparent networking services
– Basic file and print sharing and using services
A platform for distributed applications
– Application-level inter-process communication (IPC)
Windows provides an expandable platform for other
network components
71
Security
Windows 2000 supports C2-level security
– DoD 5200.23-STD, December 1985
Discretionary protection (need-to-know) for shareable
system objects
– files, directories, processes, threads)
Security auditing
– accountability of subjects and their actions)
Password authentication at logon
Prevention of access to un-initialized resources
– memory, disk space
72
Security
Windows NT 3.51 was formally evaluated for C2
Windows NT 4.0 SP 6a passed C2 in December 1999
– Networked workstation configuration
European IT Security Criteria FC2/E3 security level
73
Registry
System wide software settings:
– boot & configuration info
Security database
Per-user profile settings
In-memory volatile data (current hardware state)
– What devices are loaded?
– Resources used by devices
– Performance counters are accessed through registry
functions
74
Registry
Regedit.exe used to view/modify registry settings
– HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control
– HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services
– HKEY_LOCAL_MACHINE\Software
75
Unicode
Most internal text strings are stored/processed as 16-bit
wide Unicode strings
Windows API string functions have 2 versions
Unicode (wide) version
– L“This string uses 16-bit characters“
ANSI(narrow) version
–
“This string uses 8-bit characters“
76
Unicode
Generic character representation in Windows API
– _T (“This string uses generic characters“)
Win95/98/ME have Win API but no Unicode characters
Win CE has Windows API but Unicode characters only
77
Tools Used to Dig In
Many tools available to dig into Windows internals
– Helps to see internals behavior “in action”
We’ll use these tools to explore the internals
– Many of these tools are also used in the labs
78
Tools Used to Dig In
Several sources of tools
– Support Tools
– Resource Kit Tools
– Debugging Tools
– Sysinternals.com
Additional tool packages with internals information
– Platform Software Development Kit (SDK)
– Device Driver Development Kit (DDK)
79
Tools for Viewing Windows Internals
Tool
Image Name
Origin
Startup Programs Viewer
Dependency Walker
DLL List
EFS Information Dumper
File Monitor
Global Flags
Handle Viewer
Junction tool
Kernel debuggers
AUTORUNS
DEPENDS
LISTDLLS
EFSDUMP
FILEMON
GFLAGS
HANDLE
JUNCTION
WINDBG, KD
Live Kernel Debugging
Logon Sessions
Object Viewer
Open Handles
Page Fault Monitor
LIVEKD
LOGINSESSIONS
WINOBJ
OH
PFMON
Pending File Moves
PENDMOVES
www.sysinternals.com
Support Tools, Platform SDK
www.sysinternals.com
www.sysinternals.com*
www.sysinternals.com
Support Tools
www.sysinternals.com
www.sysinternals.com
Debugging tools, Platform SDK,
Windows DDK
www.sysinternals.com
www.sysinternals.com
www.sysinternals.com
Resource kits
Support Tools, Resource kits,
Platform SDK
www.sysinternals.com
80
Tools for Viewing Windows Internals
Tool
Image Name
Origin
Performance tool
PipeList tool
Pool Monitor
Process Explorer
Get SID tool
Process Statistics
PERFMON.MSC
PIPELIST
POOLMON
PROCEXP
PSGETSID
PSTAT
Windows built-in tool
www.sysinternals.com
Support Tools, Windows DDK
www.sysinternals.com
www.sysinternals.com
Support Tools, Windows 2000
Resource kits, Platform SDK,
www.reskit.com
Process Viewer
Quick Slice
Registry Monitor
Service Control
PVIEWER (in the Support
Tools) or PVIEW
(in the Platform SDK)
QSLICE
REGMON
SC
Task (Process) List
Task Manager
TDImon
TLIST
TASKMGR
TDIMON
Platform SDK
Windows 2000 resource kits
www.sysinternals.com
Windows XP, Platform SDK,
Windows 2000 resource kits
Debugging tools
Windows built-in tool
www.sysinternals.com
81
Support Tools
Tools that used to be in the NT4 Resource Kit
– Win2K: 40+ tools, WinXP: 70+ tools
Located on Windows OS CD in \support\tools
Not a subset of the Resource Kit
– So, you have to install this and the Resource Kit
In NT4, the NT4 Server Resource Kit included the NT4
Resource Kit Support Tools
82
Windows Resource Kit Tools
W2K Server Resource Kit Tools (Supplement 1 is latest)
– Not freely downloadable
Comes with MSDN & TechNet, so most sites have it
– May be installed on as many PCs as you want at one site
– Installs fine on 2000/XP Professional (superset of 2000
Professional Resource Kit)
Windows XP Resource Kit: no tools, just documentation
83
Windows Resource Kit Tools
Windows Server 2003 Resource Kit Tools
– Free download – visit
– http://www.microsoft.com/windows/reskits/default.asp
– Tool updates are at
http://www.microsoft.com/windowsserver2003/techinfo/reskit/too
ls/default.mspx
NOTE: Windows 2000 Server Resource Kit has more
tools than 2003 Resource Kit (225 vs 115 .EXEs)
– Many tools dropped due to lack of support
– Tools are still officially unsupported
But, can send bug reports to [email protected]
84
Windows Debugging Tools
Separate package of advanced debugging tools
– Installs on NT4, Win2000, XP, 2003
Download latest version from:
– http://www.microsoft.com/whdc/ddk/debugging
85
Windows Debugging Tools
User-mode and kernel-mode debuggers
– Kd – command line interface
– WinDbg – GUI interface (kernel debugging still mostly “command
line”)
– Allow exploring internal system state & data structures
Ntsd, Cdb – command line user-mode debugger (newer
versions than what ships with OS)
Misc other tools (some are also in Support Tools):
– kill, remote, tlist,
– logger/logview (API logging tool), Autodump
86
Live Kernel Debugging
Useful for investigating internal system state not
available from other tools
– Previously, required 2 computers (host and target)
– Target would be halted while host debugger in use
XP & Server 2003 support live local kernel debugging
– Technically requires system to be booted /DEBUG to work
correctly
– You can edit kernel memory on the live system (!)
– But, not all commands work
87
Live Kernel Debugging
LiveKd (www.sysinternals.com)
Tricks standard Microsoft kernel debuggers into thinking
they are looking at a crash dump
Works on NT4, Windows 2000, Windows XP, & Server
2003
Was originally shipped on Inside W2K book CD-ROM
Now is free on Sysinternals
88
Live Kernel Debugging
Commands that fail in local kernel debugging work:
– Kernel stacks (!process, !thread)
– Lm (list modules)
– Can snapshot a live system (.dump)
Does not guarantee consistent view of system memory
– Thus can loop or fail with access violation
– Just quit and restart
89
Sysinternals Tools
Freeware tools from www.sysinternals.com
– Written by Mark Russinovich & Bryce Cogswell
Useful for developers, system administrators, and power
users
– Most popular: Filemon, Regmon, Process Explorer
Generated via reverse engineering (no source access)
90
Sysinternals Tools
Require no installation
– run them directly after downloading and unzipping
Many tools require administrative privileges
– Some load a device driver
Tools regularly updated
– so make sure to check for updated versions
– Subscribe to free Sysinternals newsletter
91
Process Explorer (Sysinternals)
Super Task Manager
Shows full image path, command line,
environment variables, parent process,
security access token, open handles,
loaded DLLs & mapped files
92
Process Explorer (Sysinternals)
93
Platform SDK
Contains header files, libraries, documentation, &
sample code for entire Windows “platform” API
– 14 separate SDKs
– Core SDK contains core services, COM, messaging, active
directory, management, etc.
Freely downloadable from
www.microsoft.com/msdownload/platformsdk/sdkupdat
e
– Part of MSDN Professional (or higher) subscription
94
Platform SDK
Always matches operating system revision
– E.g. Platform SDK revised with new release (or beta) as new APIs
are added
Not absolutely required for Win32 development
– because VC++ comes with the Win32 API header files
but…VC++ headers, libs, doc won’t reflect APIs added
after VC++ was mastered
Also provides a few tools (e.g. WinObj, Working Set
Tuner) not available elsewhere
95
Further Reading
Microsoft Windows Internals
– By Mark E. Russinovich and David A. Solomon,
4th Edition, Microsoft Press, 2004.
Concepts and Tools (pp. 1 ff.)
Digging into Windows Internals (pp. 25 ff.)
96
Windows
Roadmap
Windows Client Roadmap
2004
H2
2005
H1
Future
Service Pack 2
“Lonestar”
Beta
64bit for Extended
Systems
Windows Server Roadmap
2003
2005
H1
2005
H2
Future
Service Pack 1
R2
Service Pack 2
Thoughts Change Life
意念改变生活