Reading Notes _ windows Kernel programming basics _ part 2

 

When compiling the driver, you must select the platform to use, including x86, x64, and IA64.

X86 refers to the ia32 platform. It is short for an Intel universal computer series and identifies a set of general computer commands, X has nothing to do with the processor. It is a simple wildcard definition for all * 86 systems. The 32-bit Variable Length instruction set, 32-bit register, and 32-bit direct addressing range are used.

X64, sometimes referred to as "x86-64", is a 64-bit microprocessor architecture and its corresponding instruction set, is also an extension of intel X86 architecture products. "X64" was first designed by AMD and was called "amd64" when it was launched. Later, it was also used by Intel. Currently, Intel is called "Intel 64 ",

IA64: it is sometimes called "IPF". Intel has made another milestone in the high-performance computer field since it launched a 32-bit microprocessor. Servers Based on the IA64 processor architecture have 64-bit computing power and 64-bit data paths, breaking through many restrictions of the traditional ia32 architecture. It is completely incompatible with 32-bit programs and is more suitable for enterprise-level server applications.

A kernel program can be considered as a pe-format DLL, which is called by the entire Windows kernel (rather than a real DLL ), it is called by the entire Windows Kernel. Once loaded, it will become a part of the kernel, not in a specific process. All kernel space is shared, so a Kernel Pointer is assigned to a kernel program and then passed to other kernel programs. This communication method is effective. Once the kernel program crashes, the Windows system crashes, and a blue screen or automatic restart will appear.

DriverEntry is the entry of a kernel program. When the kernel program is loaded, this function is called and is generally loaded by the system process. In Windows XP, the PID of this process is 4, in Windows 2000, The PID of this process is 8.

CPU permission level

Intel's X86 processor uses ring-level access control, which is divided into four layers, from ring0 to ring3, which are hereinafter referred to as r0, R1, R2, and R3. R0 has the highest permissions, and R3 has the lowest permissions. However, Windows only has two layers: R0 and R1. The driver is on R0 and the application is on R1.

Paging memory protection in Protected Mode

The memory protection of the X86 processor is divided into segment protection and paging protection.

This section describes the CPU running mode. The current x86CPU running modes mainly include:

Real mode: the CPU is in real mode immediately after it is started. DOS runs in real mode. Its disadvantage is that it can only access 1 MB of memory by default and can only execute a single task. The advantage is that all programs can run on the R0 layer, and applications have the same permissions as system programs.

Protection Mode: The recommended CPU running mode supports segmentation and paging. You can access larger memory, run multiple tasks, and run windows and linux in this mode.

System Management Mode (SMM): This mode provides an operating system or execution environment with a transparent mechanism to handle power management and OEM unique features.

Virtual 8086 mode: In order to run the program that can run in real mode in protection mode. This is a virtual 8086 mode that allows you to execute the real mode in a multi-task environment in the protection mode.

64-bit extended mode: Both Intel and AMD support 64-bit CPU and 64-bit linear addressing. It also includes 64-Bit mode and compatibility mode. The 64-Bit mode supports 64-bit linear addressing and more than 64 GB physical addresses. All 64-bit programs run in this mode. Compatibility mode: the original 32-bit program runs in this mode, so that the 32-bit program runs directly in the 64-bit operating system without modification.

The main differences between the paging Storage Management System and the segmented Storage Management System: (reposted on the Network)

I. Paging Storage Management

1. Basic Ideas

The address space of a user program is divided into several fixed-size areas, called "pages". Correspondingly, the memory space is divided into several physical blocks, and the page and block size are equal. You can place any page of your program in any part of the memory to implement discrete allocation.

2. Address organization for paging Storage Management

15        12       11                0

    Page No. p              Page displacement W

The page number is 4 bits, and the maximum number of pages in each job is 4 to 16, indicating that the page number ranges from 0000 ~ 1111 (24-1), the number of digits of the page displacement indicates the page size. If the page displacement is 12 bits, the 12 power of 2 is 4 k, and the page size is 4 k, the page address ranges from 000000000000 ~ 111111111111

If A given logical address is A and the page size is L

Page number P = INT [A/L], page address W =MODL

3. page table

In the paging system, each page of a process can be stored discretely in any physical block of the memory. In order to find the physical block corresponding to each page in the memory, the system creates a page ing table for each process. A page table maps the address of a page number to a physical block number.

Page table:

Page number physical block number Access Control  

 0      2   

 1     15 (F)   

 2     14 (E)   

 3     1 

4. Address Conversion

(1) When executing the program, extract the page table start address and page table length from the PCB (4) and load the page table register PTR.

(2) The paging address translation mechanism automatically divides the logical address into a page number and an on-page address.

Example: 11406D = 0010 | 110010001110B = 2C8EH

     The page number is 2, and the displacement is C8EH = 3214D

Or 11406DIV4096 = 2

    11406MOD4096 = 3214

(3) Compare the page number with the page table length (2 <4). If the page number is greater than or equal to the page table length, it indicates that the access address has exceeded the address space of the process, an out-of-boundary interruption occurs.

(4) Add the beginning of the page table and the product of the page number and the length of the page table item to get the position of the page table item in the page table.

(5) retrieve the page description and obtain the physical block number of the page.2     14 (E)

(6) Check the access control of the page.

(7) Send the physical block number to the physical address register, and then directly send the page address in the valid address register to the block address field in the physical address register, concatenates to obtain the actual physical address.

Example: 0010 | 110010001101B

1110 | 110010001101B = EC8EH = 60558D

Or 14*4096 + 3214 = 60558D

5. address translation mechanism with a fast table

In a paging system, the CPU needs to access the memory twice each time it needs to access one data (access the page table and access the actual physical address ). To speed up address translation, add a special high-speed buffer memory with parallel query capabilities, called "Lenovo memory" or "quick table", to store the currently accessed page table items.

 

Ii. segmented Storage Management

1. Basic Ideas

The user program address space is divided into several segments of varying sizes, each segment can define a set of relatively complete logical information. During storage allocation, segments are measured in segments. segments and segments can be connected in the memory and are allocated discretely.

2. Introduction of segmented Storage

Convenient Programming

Segment sharing

Segment Protection

Dynamic Link

Dynamic Growth

3. segment address Structure

The address space of a job is divided into several segments, each of which defines a set of logical information. Sample program segment and data segment. Each segment starts from 0 and uses a continuous address space.

The length of a segment is determined by the length of the corresponding logical information group. The address space of the entire job is two-dimensional.

15         12 11                0

      Field number          Intra-segment displacement

A four-digit field number. Each job can have a maximum of 24 = 16 segments, indicating that the field number ranges from 0000 ~ 1111 (24-1); the displacement in the segment is 12 bits, 212 = 4 k, indicating that the maximum address in each segment is 4 K (the length of each segment is different), from 000000000000 ~ 111111111111

4. Field table

Access Control for starting segments  

0   1 K   4096   

1   4 K   17500   

2   2 K   8192 

5. Address Conversion

(1) When the program is executed, the beginning address and length of the field Table (3) are taken from the PCB and loaded into the field table register.

(2) The segment address translation mechanism automatically divides the logical address into segment numbers and segments.

Example: 7310D = 0001 | 110010001110B = 1C8EH

The field number is 1, and the displacement is C8EH = 3214D

(3 ). compare the field number with the length of the field table (1 <3). If the field number is greater than or equal to the length of the field table, it indicates that the access address has exceeded the address space of the process, resulting in out-of-boundary interruption.

(4) Add the product of the beginning and end of the field table and the length of the field table item to obtain the position of the field table item in the field table.

(5) retrieve the description to obtain the starting physical address of the segment. 1       4 K           17500

(6) check whether the displacement in the section exceeds the length of the Section (3214 <4 K). If the displacement exceeds the length, cross-border interruption occurs.

(7). Check the access control for this section.

(8) Add the base address and the address in the segment to obtain the actual physical address.

Example: 0001 | 110010001101b

Start address: 17500d + segment address: 3214d = 20714d

Iii. Main differences between paging and Segmentation

There are many similarities between paging and segmentation. For example, neither of them requires continuous job storage, but the two are completely different in concept, mainly in the following aspects:

(1) The page is the physical unit of information. The page is used to achieve non-continuous allocation, so as to solve the memory fragmentation problem, or because of system management needs. segment is the logical unit of information. It contains a set of relatively complete information. The purpose of segment is to achieve better sharing and meet user needs.

(2) The page size is fixed. It is determined by the system that the logic address is divided into the page number and the page address is implemented by the machine hardware. however, the length of the segment is not fixed, which is determined by the program you write. It is usually divided by the nature of the information when compiling the source program.

(3) The paging job address space is one-dimensional. The segmented address space is two-dimensional.

Iv. segment-based storage management

1. Basic Ideas:

The paging system can effectively improve the memory usage, while the segmentation system can reflect the logic structure of the program, facilitate segment sharing and protection, and combine paging and segmented storage methods, it forms a segment-page storage management method.

In the segment-and-page storage management system, the job address space is first divided into several logical segments, each of which has its own segment number, each segment is then divided into several equal pages. The primary storage space is also divided into pages of the same size. The allocation of primary storage is in the unit of pages.

In a webpage system, the address structure of a job consists of three parts: the segment number.    Page number     Page displacement

The programmer divides the address into segments and segments according to the segment system's address structure. The address conversion mechanism splits the segment's displacement into the page number and the page's displacement.

To implement segment-and-page storage management, the system should set a segment table for each process, including the segment number, the start address of the segment and the length of the page table. Each segment has its own page table, which records the page number of each page in the segment and the physical block number stored in the primary storage.

2. address conversion process:

(1) During program execution, the beginning address and length of the field table are extracted from the PCB and loaded into the field table register.

(2) The address converter automatically divides the logical address into the segment number, page number, and page address.

(3) Compare the field number with the length of the field table. If the field number is greater than or equal to the length of the field table, it indicates that the access address has exceeded the address space of the process, resulting in out-of-boundary interruption.

(4) Add the beginning of a field table and the product of the field number and the length of the field table item to obtain the position of the field table item in the field table.

(5) retrieve the segment description to get the start address and length of the page table of the segment.

(6) Compare the page number with the page table length. If the page number is greater than or equal to the page table length, it indicates that the access address has exceeded the address space of the process, resulting in out-of-boundary interruption.

(7) Add the beginning of the page table and the product of the page number and the length of the page table item to get the position of the page table item in the page table.

(8) retrieve the page description and obtain the physical block number of the page.

(9) Check the access control of the page.

(10) Send the physical block number to the physical address register, and then directly send the page address in the valid address register to the block address field in the physical address register, concatenates to obtain the actual physical address.