In-depth analysis of Windows operating system notes-concepts and terminologies of notebook

1. concepts and tools

This chapter describes the key concepts and terminologies of the Windows operating system.

1. concepts and tools... 1

1.1 operating system version... 1

1.2 Basic concepts and terminology... 2

1.2.1Windows API2

1.2.2 Services, functions and routines... 3

1.2.3 process, thread and job... 4

1.2.3.1 process... 4

1.2.3.2 thread... 4

1.2.3.3 Virtual Address Descriptor... 4

1.2.3.4 job... 4

1.2.4 virtual memory... 5

1.2.5 kernel mode and user mode... 5

1.2.6 Terminal Services and multiple sessions... 6

1.2.7 objects and handles... 6

1.2.8 security... 6

1.2.9 registry... 6

1.2.10 UNICODE. 6

1.3 explore the internal mechanism of Windows... 7

See... 7

 

1.1 operating system version

There are already many Windows operating system versions.

1.2 Basic concepts and terminologies 1.2.1 Windows API

Windows API (application interface) is a system programming interface for Windows operating systems.

Windows APIs are classified as follows:

N basic services

N component service

N user interface service

N graphics and multimedia services

N messages and protocols

N Web Services

This book focuses on basic services (such as processes and threads, memory management, I/O, and security ).

About. NetAnd WinFX

. NET FrameWork consists of a FrameWork class library (FCL) and a (CLR) that provides a hosted code runtime environment.

CLR provides instant compilation, type check, garbage collection, and code access security.

Managed code: during initial compilation, the source code is compiled into the intermediate code (IL), and then the intermediate code is compiled into the machine code in a controlled environment using the runtime compiler.

In the Microsoft system, it is regarded as either managed code or unmanaged code.

CLR is a typical COM server built on Windows APIs.

WinFX is a new Windows API (specially designed for vista) and also provides the function of hosting Code. However, it is easy to be confused and later changed to. Net FrameWork 3. (The Introduction to WinFX is no longer available in version 6th ).

. NET FrameWork is an extension of APIs.

1.2.2 Services, functions, and routines

This article mainly introduces some technical terms mentioned in the book:

NWindows APIFunction: Mainly refers to the callable child routines that have been documented

NNative system services: Indicates the underlying service that is not documented in the operating system and can be called in user mode, such as NtCreateProcess.

NKernel-supported functions (routines): Number of child routines within the operating system that can only be called by the kernel

NWindowsService: A process started by the Windows Service Manager (in the Registry, the driver is considered to be a service, but this is not referenced in the book)

NDLL: A set of callable child routines that are linked together into a binary file. Applications can dynamically load these binary files.

1.2.3 process, thread, and job 1.2.3.1 Process

A program refers to a static command sequence, and a process is a program instantiation and has various resources. A process consists of the following elements:

N private virtual address space

N Program-defined code and data are mapped to the virtual address space of the process.

N a list of opened handles pointing to various resources

N is a security environment called an access token. It indicates the users, security groups, and privileges associated with the modified process.

N process ID, which uniquely identifies a process

N At least one thread

Each process points to a parent process or creator process. However, if the parent process is disabled, the process points to a non-existing parent process.

1.2.3.2 thread

A thread is an entity in a process and a scheduling entity for Windows to execute this process. It is impossible to run a process without a thread.

Basic components of a thread:

N content in the CPU registers that represent the processor status

N two stacks, one for thread execution in kernel mode and the other for thread execution in user mode

Nthread local storage zone (TLS), thread private storage zone, each subsystem, Runtime Library, DLL will use this zone

N indicates the ID of the thread.

N thread's own security environment

The easy-to-lose registers, stacks, and private storage areas are collectively called the thread environment.

Although the thread has its own environment, the threads in the same process share the virtual address space of the process and other resources belonging to the process.

That is to say, the thread can read and write the memory of other threads in the process, but it cannot be accessed across processes, unless another process changes the virtual address space into a shared memory zone.

1.2.3.3 Virtual Address Descriptor

The Virtual Address Descriptor is a data structure used by the Memory Manager to record the virtual address used by a process.

1.2.3.4 job

A job refers to a group of processes to maintain and manage as a whole.

1.2.4 virtual memory

Windows implements a virtual memory system with a flat address space. Each process feels that it has a large private address space independently. The Virtual Memory provides a logical memory view, which does not correspond to the physical memory layout. When running, the memory manager uses hardware support to translate virtual addresses into real physical addresses.

Processes are isolated from each other. A process does not access other processes.

Most systems have less physical memory than virtual addresses, so when the memory is insufficient, the memory manager will move the memory to the disk to release the memory for use by processes.

In 32 bits, the address space is 4 GB, of which 2 GB is the kernel address space, 2 GB is the user mode address space, and 3 GB is used at the start, kernel Mode address space: 1 GB

The AWE address window extension allows 32 bit systems to access 64 GB memory. The disadvantage is that programmers solve ing relationships themselves.

The address space in 64 bit mode can reach 8 TB, and the address space in Itanium system can reach 7 TB.

1.2.5 kernel mode and user mode

To prevent users' programs from reading and writing key operating system data, Windows uses the 2-medium processor access mode: user mode and kernel mode. The user program code runs in user mode, and the system code runs in kernel mode. The kernel mode allows access to all system memory and cpu commands. Use kernel mode to protect the operating system stability.

Although the Windows process has its own address space, the kernel-mode operating system and the driver both use the same virtual address space.

Pages in system space can only be accessed in kernel mode, and pages in user space can be accessed in user mode.

The code running in kernel mode can access the memory in all system spaces.

Due to the lack of protection when entering the kernel mode, be careful when loading third-party device drivers.

When calling system services in user mode, the system switches to kernel mode. To return cpu control to users, switch to user mode first.

1.2.6 Terminal Services and multiple sessions

Omitted

1.2.7 objects and handles

A kernel object is a single runtime instance of a static defined object type. The object type includes a data type defined by the system, available functions on the object, and a set of object attributes. For example, all processes are an instance of the Process object type.

The difference between an object and a common data structure is that the internal structure of an object is hidden. The object service must be called to read and write internal data of the object.

Object technology implements four System Tasks of the operating system:

N provides names that can be read by users.

N share resources and data between processes

N protect resources and avoid unauthorized access

N Reference trail, which can be released if it is no longer in use.

1.2.8 Security

The core security functions of Windows include: Self-protection, security audit, password authentication during logon for all shared objects, and the release of a resource by a process, other processes cannot see the resources left by the previous process.

1.2.9 Registry

The Registry is a system database that contains all the information about the import and Configuration System. It also reflects data windows that are easy to lose in memory, such as the current hardware status and performance counters.

1.2.10 UNICODE

Omitted

1.3 explore the internal mechanism of Windows

This section mainly introduces some debugging tools and Windows SDK

Reference

Http://zh.wikipedia.org/wiki/WinFX

Http://en.wikipedia.org/wiki/Framework_Class_Library

Http://zh.wikipedia.org/wiki/#code

Http://zh.wikipedia.org/wiki/CLR