MODERN OPERATING SYSTEMSThird EditionANDREW S. TANENBAUMChapter 11Case Study 2: Windows VistaTanenbaum, Modern Operating Systems 3 e, (c) 2008 Prentice-Hall, Inc. All rights reserved. 0-13-6006639Figure 11-1. Major releases in the history of Microsoft operating systems for desktop PCs.History of VistaTanenbaum, Modern Operating Systems 3 e, (c) 2008 Prentice-Hall, Inc. All rights reserved. 0-13-6006639Figure 11-2. DEC Operating Systems developed by Dave Cutler.2000s: NT-based Windows (1)Tanenbaum, Modern Operating Systems 3 e, (c) 2008 Prentice-Hall, Inc. All rights reserved. 0-13-6006639Figure 11-3. The Win32 API allows programs to run on almost all versions of Windows.2000s: NT-based Windows (2)Tanenbaum, Modern Operating Systems 3 e, (c) 2008 Prentice-Hall, Inc. All rights reserved. 0-13-6006639Figure 11-4. Split client and server releases of Windows.2000s: NT-based Windows (3)Tanenbaum, Modern Operating Systems 3 e, (c) 2008 Prentice-Hall, Inc. All rights reserved. 0-13-6006639Figure 11-5. Comparison of lines of code for selected kernel-mode modules in Linux and Windows (from Mark Russinovich, co-author of Microsoft Windows Internals).Windows VistaTanenbaum, Modern Operating Systems 3 e, (c) 2008 Prentice-Hall, Inc. All rights reserved. 0-13-6006639Figure 11-6. The programming layers in Windows.Programming Windows VistaTanenbaum, Modern Operating Systems 3 e, (c) 2008 Prentice-Hall, Inc. All rights reserved. 0-13-6006639Figure 11-7. The components used to build NT subsystems.Programming Windows Vista (2)Tanenbaum, Modern Operating Systems 3 e, (c) 2008 Prentice-Hall, Inc. All rights reserved. 0-13-6006639Figure 11-8. Common categories of kernel-mode object types.The Native NT Application Programming Interface (1)Tanenbaum, Modern Operating Systems 3 e, (c) 2008 Prentice-Hall, Inc. All rights reserved. 0-13-6006639Figure 11-9. Examples of native NT API calls that use handles to manipulate objects across process boundaries.The Native NT Application Programming Interface (2)Tanenbaum, Modern Operating Systems 3 e, (c) 2008 Prentice-Hall, Inc. All rights reserved. 0-13-6006639Figure 11-10. Examples of Win32 API calls and the native NT API calls that they wrap.The Win32 Application Programming InterfaceTanenbaum, Modern Operating Systems 3 e, (c) 2008 Prentice-Hall, Inc. All rights reserved. 0-13-6006639Figure 11-11. The registry hives in Windows Vista. HKLM is a short-hand for HKEY_LOCAL_MACHINE.The Windows Registry (1)Tanenbaum, Modern Operating Systems 3 e, (c) 2008 Prentice-Hall, Inc. All rights reserved. 0-13-6006639Figure 11-12. Some of the Win32 API calls for using the registryThe Windows Registry (2)Tanenbaum, Modern Operating Systems 3 e, (c) 2008 Prentice-Hall, Inc. All rights reserved. 0-13-6006639Figure 11-13. Windows kernel-mode organization.Operating System StructureTanenbaum, Modern Operating Systems 3 e, (c) 2008 Prentice-Hall, Inc. All rights reserved. 0-13-6006639Figure 11-14. Some of the hardware functions the HAL manages.The Kernel LayerTanenbaum, Modern Operating Systems 3 e, (c) 2008 Prentice-Hall, Inc. All rights reserved. 0-13-6006639Figure 11-15. dispatcher_header data structure embedded in many executive objects (dispatcher objects).Dispatcher ObjectsTanenbaum, Modern Operating Systems 3 e, (c) 2008 Prentice-Hall, Inc. All rights reserved. 0-13-6006639Figure 11-16. Simplified depiction of device stacks for two NTFS file volumes. I/O request packet passed from down the stack. The Device DriversTanenbaum, Modern Operating Systems 3 e, (c) 2008 Prentice-Hall, Inc. All rights reserved. 0-13-6006639Figure 11-17. The structure of an executive object managed by the object manager.Implementation of the Object ManagerTanenbaum, Modern Operating Systems 3 e, (c) 2008 Prentice-Hall, Inc. All rights reserved. 0-13-6006639Figure 11-18. Handle table data structures for a minimal table using a single page for up to 512 handles.Handles (1)Tanenbaum, Modern Operating Systems 3 e, (c) 2008 Prentice-Hall, Inc. All rights reserved. 0-13-6006639Figure 11-19. Handle table data structures for a maximal table of up to 16 million handles.Handles (2)Tanenbaum, Modern Operating Systems 3 e, (c) 2008 Prentice-Hall, Inc. All rights reserved. 0-13-6006639Figure 11-20. The object procedures supplied when specifying a new object type.The Object Name Space (1)Tanenbaum, Modern Operating Systems 3 e, (c) 2008 Prentice-Hall, Inc. All rights reserved. 0-13-6006639Figure 11-21. Some typical directories in the object name space.The Object Name Space (2)Tanenbaum, Modern Operating Systems 3 e, (c) 2008 Prentice-Hall, Inc. All rights reserved. 0-13-6006639Figure 11-22. I/O and object manager steps for creating/opening a file and getting back a file handle.The Object Name Space (3)Tanenbaum, Modern Operating Systems 3 e, (c) 2008 Prentice-Hall, Inc. All rights reserved. 0-13-6006639Figure 11-23. Some common executive object types managed by object manager.The Object Name Space (4)Tanenbaum, Modern Operating Systems 3 e, (c) 2008 Prentice-Hall, Inc. All rights reserved. 0-13-6006639Figure 11-24. The relationship between jobs, processes, threads and fibers. Jobs and fibers are optional; not all processes are in jobs or contain fibers.Processes and Threads in Windows Vista (1)Tanenbaum, Modern Operating Systems 3 e, (c) 2008 Prentice-Hall, Inc. All rights reserved. 0-13-6006639Figure 11-25. Basic concepts used for CPU and resource management.Processes and Threads in Windows Vista (2)Tanenbaum, Modern Operating Systems 3 e, (c) 2008 Prentice-Hall, Inc. All rights reserved. 0-13-6006639Job, Process, Thread, and Fiber Management API Calls (1)Actual search path for finding program to execute buried in library code for Win32, but managed more explicitly in UNIX.Current working directory is kernel-mode concept in UNIX but user-mode string in Windows. UNIX parses command line and passes an array of parameters, Win32 leaves argument parsing up to individual program.Whether file descriptors can be inherited in UNIX is property of handle. In Windows it is property of both handle and parameter to process creation.Win32 is GUI-oriented, new processes directly passed information about their primary windowTanenbaum, Modern Operating Systems 3 e, (c) 2008 Prentice-Hall, Inc. All rights reserved. 0-13-6006639Job, Process, Thread, and Fiber Management API Calls (2)Windows has no SETUID bit as property of executable, one process can create a process that runs as a different user, as long as it can obtain a token with that users credentials.Process and thread handle returned from Windows can be used to modify the new process/thread in many substantive ways. UNIX just makes modifications to new process between fork and exec calls.Tanenbaum, Modern Operating Systems 3 e, (c) 2008 Prentice-Hall, Inc. All rights reserved. 0-13-6006639Figure 11-26. Some of the Win32 calls for managing processes, threads, and fibers.SynchronizationTanenbaum, Modern Operating Systems 3 e, (c) 2008 Prentice-Hall, Inc. All rights reserved. 0-13-6006639Scheduling (1)The following conditions cause the currently running thread to execute the scheduler code:The currently running thread blocks on a semaphore, mutex, event, I/O, etc.The thread signals an object (e.g., does an up on a semaphore or causes an event to be signaled).The quantum expires.Tanenbaum, Modern Operating Systems 3 e, (c) 2008 Prentice-Hall, Inc. All rights reserved. 0-13-6006639Scheduling (2)The scheduler is also called under two other conditions:An I/O operation completes.A timed wait expires.Tanenbaum, Modern Operating Systems 3 e, (c) 2008 Prentice-Hall, Inc. All rights reserved. 0-13-6006639Figure 11-27. Mapping of Win32 priorities to Windows priorities.Scheduling (3)Tanenbaum, Modern Operating Systems 3 e, (c) 2008 Prentice-Hall, Inc. All rights reserved. 0-13-6006639Figure 11-28. Windows Vista supports 32 priorities for threads.Scheduling (4)Tanenbaum, Modern Operating Systems 3 e, (c) 2008 Prentice-Hall, Inc. All rights reserved. 0-13-6006639Figure 11-29. An example of priority inversion.Scheduling (5)Tanenbaum, Modern Operating Systems 3 e, (c) 2008 Prentice-Hall, Inc. All rights reserved. 0-13-6006639Memory Management(1)Tanenbaum, Modern Operating Systems 3 e, (c) 2008 Prentice-Hall, Inc. All rights reserved. 0-13-6006639Figure 11-30. Virtual address space layout for three user processes on the x86. The white areas are private per process. The shaded areas are shared among all processes.Figure 11-30. Virtual address space layout for three user processes on the x86. The white areas are private per process. The shaded areas are shared among all processes.Memory Management (2)Tanenbaum, Modern Operating Systems 3 e, (c) 2008 Prentice-Hall, Inc. All rights reserved. 0-13-6006639Figure 11-30. Virtual address space layout for three user processes on the x86. The white areas are private per process. The shaded areas are shared among all processes.Memory Management (3)Tanenbaum, Modern Operating Systems 3 e, (c) 2008 Prentice-Hall, Inc. All rights reserved. 0-13-6006639Figure 11-31. The principal Win32 API functions for managing virtual memory in Windows.Addressing Large Physical MemoriesTanenbaum, Modern Operating Systems 3 e, (c) 2008 Prentice-Hall, Inc. All rights reserved. 0-13-6006639Figure 11-32. Mapped regions with their shadow pages on disk. The lib.dll file mapped into two address spaces at same time.Implementation of Memory ManagementTanenbaum, Modern Operating Systems 3 e, (c) 2008 Prentice-Hall, Inc. All rights reserved. 0-13-6006639Figure 11-33. A page table entry (PTE) for a mapped page on the (a) Intel x86 and (b) AMD x64 architectures.Page Fault Handling (1)Tanenbaum, Modern Operating Systems 3 e, (c) 2008 Prentice-Hall, Inc. All rights reserved. 0-13-6006639Page Fault Handling (2)Each page fault can be considered as being in one of five categories:The page referenced is not committed.Attempted access to a page in violation of the permissions.A shared copy-on-write page was about to be modified.The stack needs to grow.The page referenced is committed but not currently mapped in.Tanenbaum, Modern Operating Systems 3 e, (c) 2008 Prentice-Hall, Inc. All rights reserved. 0-13-6006639Figure 11-34. Windows self-map entry used to map the physical pages of page tables and page directory into kernel virtual addresses, for the x86.Page Fault Handling (3)Tanenbaum, Modern Operating Systems 3 e, (c) 2008 Prentice-Hall, Inc. All rights reserved. 0-13-6006639The Page Replacement AlgorithmThree levels of activity by the working-set managerPeriodic based on a timerNew activity is added at each level:Lots of memory availableMemory getting tightMemory is tightTanenbaum, Modern Operating Systems 3 e, (c) 2008 Prentice-Hall, Inc. All rights reserved. 0-13-6006639Figure 11-35. Some of the major fields in the page frame database for a valid page.Physical Memory Management (1)Tanenbaum, Modern Operating Systems 3 e, (c) 2008 Prentice-Hall, Inc. All rights reserved. 0-13-6006639Figure 11-36. The various page lists and the transitions between them.Physical Memory Management (2)Tanenbaum, Modern Operating Systems 3 e, (c) 2008 Prentice-Hall, Inc. All rights reserved. 0-13-6006639Figure 11-37. Native NT API calls for performing I/O.Input/Output API CallsTanenbaum, Modern Operating Systems 3 e, (c) 2008 Prentice-Hall, Inc. All rights reserved. 0-13-6006639Figure 11-38. A single level in a device stack.Device DriversTanenbaum, Modern Operating Systems 3 e, (c) 2008 Prentice-Hall, Inc. All rights reserved. 0-13-6006639Figure 11-39. The major fields of an I/O Request Packet.I/O Request PacketsTanenbaum, Modern Operating Systems 3 e, (c) 2008 Prentice-Hall, Inc. All rights reserved. 0-13-6006639Figure 11-40. Windows allows drivers to be stacked to work with a specific instance of a device. The stacking is represented by device objects.Device StacksTanenbaum, Modern Operating Systems 3 e, (c) 2008 Prentice-Hall, Inc. All rights reserved. 0-13-6006639Figure 11-41. The NTFS master file table.File System Structure (1)Tanenbaum, Modern Operating Systems 3 e, (c) 2008 Prentice-Hall, Inc. All rights reserved. 0-13-6006639Figure 11-42. The attributes used in MFT records.File System Structure (2)Tanenbaum, Modern Operating Systems 3 e, (c) 2008 Prentice-Hall, Inc. All rights reserved. 0-13-6006639Figure 11-43. An MFT record for a three-run, nine-block stream.Storage Allocation (1)Tanenbaum, Modern Operating Systems 3 e, (c) 2008 Prentice-Hall, Inc. All rights reserved. 0-13-6006639Figure 11-44. A file that requires three MFT records to store all its runs.Storage Allocation (2)Tanenbaum, Modern Operating Systems 3 e, (c) 2008 Prentice-Hall, Inc. All rights reserved. 0-13-6006639Figure 11-45. The MFT record for a small directory.Storage Allocation (3)Tanenbaum, Modern Operating Systems 3 e, (c) 2008 Prentice-Hall, Inc. All rights reserved. 0-13-6006639Figure 11-46. (a) An example of a 48-block file being compressed to 32 blocks. (b) The MFT record for the file after compression.File CompressionTanenbaum, Modern Operating Systems 3 e, (c) 2008 Prentice-Hall, Inc. All rights reserved. 0-13-6006639Security in Windows Vista (1)Security properties inherited from the original security design of NT:Secure login with anti-spoofing measures.Discretionary access controls.Privileged access controls.Address space protection per process.New pages must be zeroed before being mapped in.Security auditing.Tanenbaum, Modern Operating Systems 3 e, (c) 2008 Prentice-Hall, Inc. All rights reserved. 0-13-6006639Figure 11-47. Structure of an access token.Security in Windows Vista (2)Tanenbaum, Modern Operating Systems 3 e, (c) 2008 Prentice-Hall, Inc. All rights reserved. 0-13-6006639Figure 11-48. An example security descriptor for a file.Security in Windows Vista (3)Tanenbaum, Modern Operating Systems 3 e, (c) 2008 Prentice-Hall, Inc. All rights reserved. 0-13-6006639Figure 11-49. The principal Win32 API functions for security.Security API CallsTanenbaum, Modern Operating Systems 3 e, (c) 2008 Prentice-Hall, Inc. All rights reserved. 0-13-6006639