Upload
lamtuong
View
230
Download
3
Embed Size (px)
Citation preview
Windows Kernel Mode Components
www.winitor.com
1
Overview
• Operating system model
• Operating system logical view
• Operating system physical view
• Executive
• Kernel
• Win32
• HAL
Windows Kernel Mode Components
www.winitor.com
2
Operating System - Model
Virtual machine
Applications
Non-p
rivileged m
ode
Privileged m
ode
user
kernel
Windows Kernel Mode Components
www.winitor.com
3
Operating System – Logical view
executive
Applications
Non-p
rivileged m
ode
Privileged m
ode
user
kernel
device drivers
HAL
kernel
Win32, GDI
Windows Kernel Mode Components
www.winitor.com
4
Operating System– Physical View
Devices driver
System services dispatcher
Window manager
security
m
anager
HAL
pro
cesses
manager
mem
ory
m
anager
LPC
manager
obje
ct m
anager
kernel
user
kernel
cache
manager
PnP
manager
Applications
GDI
GDD
Kernel mode system services
pow
er
manager
configura
tion
manager
I/O manager
hardware
Windows Kernel Mode Components
www.winitor.com
5
Execution Context
• Kernel activities take place in the context of the process that made the request. • There is no process context switching
• Only the context of the CPU is changed
• Kernel and the application invoking it live in the same process • Application is loaded on demand
• Kernel loaded during boot phase
Application A
0x00000000
Application B Application C Application Z ...
0x7FFFFFFF
0xFFFFFFFF Privileged
mem
ory
addre
ss
Unprivileged
mem
ory
addre
ss
Windows Kernel Mode Components
www.winitor.com
6
Executive
• Functions • Global, exported, undocumented and available to user mode
• Global, exported, documented and available only to kernel mode
• Global, exported, undocumented and available only to kernel mode
• Global not exported
• Local not exported
*.sys *.sys Object manager ...
1
2 3 4
5
App
user
kernel
OEM manafacturer Device drivers
Windows Devices drivers
5
Windows Kernel Mode Components
www.winitor.com
7
Object Manager
• Resoures are represented by objects • Process, Thread, File, Semaphore, Timer, Window, Event, I/O, ...
• Objects cannot be directly accessed from user mode • The Object Manager translates names into handlers
• Roles • Reference counting
• Life time managemen
• Mapping
Application Object
manager
Nam
e
Handle
Global name space
Windows Kernel Mode Components
www.winitor.com
8
Object Manager - Organization
• Hierarchy
Windows Kernel Mode Components
www.winitor.com
9
Security Manager
• Also called the “Security Reference Monitor” - SRM
• Access Control
• Access Auditing
Object Security manager
Principal
Intention
Windows Kernel Mode Components
www.winitor.com
10
Memory Manager
• Definition
• Tasks
Mem
ory
manager
virtual memory physical memory
swap files
Application
Windows Kernel Mode Components
www.winitor.com
11
Executive – I/O manager
• Definition
• Role
Kernel32.dll
Ntdll.dll
Cache manager
I/O manager
NTFS FAT
SCSI IDE
application
Windows Kernel Mode Components
www.winitor.com
12
Executive – Process manager
• Definition
• Tasks
Windows Kernel Mode Components
www.winitor.com
13
Executive – LPC manager
• Definition
• Ports
Connection
Communication
1
3
2
4
Windows Kernel Mode Components
www.winitor.com
14
Devices Drivers
• Definition
• Types
• Usage
Windows Kernel Mode Components
www.winitor.com
15
Kernel
• Definition
• Tasks
• Particularities
• Objects
Windows Kernel Mode Components
www.winitor.com
16
Hardware Abstraction Layer
• Motivation
• Definition
• Installation
• Extension
Windows Kernel Mode Components
www.winitor.com
Thanks!
17