Lecture 4 System Mechanisms (2)
description
Transcript of Lecture 4 System Mechanisms (2)
![Page 1: Lecture 4 System Mechanisms (2)](https://reader035.fdocuments.us/reader035/viewer/2022062422/568141dd550346895dadba29/html5/thumbnails/1.jpg)
计算机系•信息处理实验室
Lecture 4 System Mechanisms (2)
xlanchen@03/18/2005
![Page 2: Lecture 4 System Mechanisms (2)](https://reader035.fdocuments.us/reader035/viewer/2022062422/568141dd550346895dadba29/html5/thumbnails/2.jpg)
xlanchen@03/18/2005 Understanding the Inside of Windows2000
2计算机系信息处理实验室
Contents
Trap dispatching
The executive object manager
Synchronization
System worker threads
Local procedure calls (LPCs)
![Page 3: Lecture 4 System Mechanisms (2)](https://reader035.fdocuments.us/reader035/viewer/2022062422/568141dd550346895dadba29/html5/thumbnails/3.jpg)
xlanchen@03/18/2005 Understanding the Inside of Windows2000
3计算机系信息处理实验室
Object manager
EXPERIMENT
Exploring the Object Manager
![Page 4: Lecture 4 System Mechanisms (2)](https://reader035.fdocuments.us/reader035/viewer/2022062422/568141dd550346895dadba29/html5/thumbnails/4.jpg)
xlanchen@03/18/2005 Understanding the Inside of Windows2000
4计算机系信息处理实验室
Uniform approach towards:
Object protection (C2 security)
Charging
Object naming
Object retention and garbage collection
Object access (via handles)
Standard object attributes
Standard object methods
![Page 5: Lecture 4 System Mechanisms (2)](https://reader035.fdocuments.us/reader035/viewer/2022062422/568141dd550346895dadba29/html5/thumbnails/5.jpg)
xlanchen@03/18/2005 Understanding the Inside of Windows2000
5计算机系信息处理实验室
Executive Objects Process
Memory Section
Event
Timer
Object directory
Queues
Thread
File
Semaphore
Symbolic link
Port
(registry) key
![Page 6: Lecture 4 System Mechanisms (2)](https://reader035.fdocuments.us/reader035/viewer/2022062422/568141dd550346895dadba29/html5/thumbnails/6.jpg)
xlanchen@03/18/2005 Understanding the Inside of Windows2000
6计算机系信息处理实验室
Executive objects that contain kernel objects
![Page 7: Lecture 4 System Mechanisms (2)](https://reader035.fdocuments.us/reader035/viewer/2022062422/568141dd550346895dadba29/html5/thumbnails/7.jpg)
xlanchen@03/18/2005 Understanding the Inside of Windows2000
7计算机系信息处理实验室
Object Structure
![Page 8: Lecture 4 System Mechanisms (2)](https://reader035.fdocuments.us/reader035/viewer/2022062422/568141dd550346895dadba29/html5/thumbnails/8.jpg)
xlanchen@03/18/2005 Understanding the Inside of Windows2000
8计算机系信息处理实验室
Object properties
OM deletes object when:
#open handles drops to zero
#knl refs drops to zero
Obj names
Support identification, finding, sharing
Hierarchic (per machine) name space
Symbolic links, e.g. “C:”
![Page 9: Lecture 4 System Mechanisms (2)](https://reader035.fdocuments.us/reader035/viewer/2022062422/568141dd550346895dadba29/html5/thumbnails/9.jpg)
xlanchen@03/18/2005 Understanding the Inside of Windows2000
9计算机系信息处理实验室
Type Objects
Process objects and the process type object
![Page 10: Lecture 4 System Mechanisms (2)](https://reader035.fdocuments.us/reader035/viewer/2022062422/568141dd550346895dadba29/html5/thumbnails/10.jpg)
xlanchen@03/18/2005 Understanding the Inside of Windows2000
10计算机系信息处理实验室
EXPERIMENT
Viewing the Type Objects
![Page 11: Lecture 4 System Mechanisms (2)](https://reader035.fdocuments.us/reader035/viewer/2022062422/568141dd550346895dadba29/html5/thumbnails/11.jpg)
xlanchen@03/18/2005 Understanding the Inside of Windows2000
11计算机系信息处理实验室
Type Object Attributes
Type name
Pool type
Default quota
Access types
Generic access rights mapping
Synchronization
Methods
![Page 12: Lecture 4 System Mechanisms (2)](https://reader035.fdocuments.us/reader035/viewer/2022062422/568141dd550346895dadba29/html5/thumbnails/12.jpg)
xlanchen@03/18/2005 Understanding the Inside of Windows2000
12计算机系信息处理实验室
Object Methods
Open--When an object handle is opened
Close--When an object handle is closed
Delete--Before the object manager deletes an object
Query--name When a thread requests the name of an object, such as a file, that exists in a secondary object domain
Parse--When the object manager is searching for an object name that exists in a secondary object domain
Security--When a process reads or changes the protection of an object, such as a file, that exists in a secondary object domain
![Page 13: Lecture 4 System Mechanisms (2)](https://reader035.fdocuments.us/reader035/viewer/2022062422/568141dd550346895dadba29/html5/thumbnails/13.jpg)
xlanchen@03/18/2005 Understanding the Inside of Windows2000
13计算机系信息处理实验室
Object Handles & Process Handle Table
![Page 14: Lecture 4 System Mechanisms (2)](https://reader035.fdocuments.us/reader035/viewer/2022062422/568141dd550346895dadba29/html5/thumbnails/14.jpg)
xlanchen@03/18/2005 Understanding the Inside of Windows2000
14计算机系信息处理实验室
EXPERIMENT
Viewing Open Handles with Nthandle
![Page 15: Lecture 4 System Mechanisms (2)](https://reader035.fdocuments.us/reader035/viewer/2022062422/568141dd550346895dadba29/html5/thumbnails/15.jpg)
xlanchen@03/18/2005 Understanding the Inside of Windows2000
15计算机系信息处理实验室
Structure of a handle table entry
![Page 16: Lecture 4 System Mechanisms (2)](https://reader035.fdocuments.us/reader035/viewer/2022062422/568141dd550346895dadba29/html5/thumbnails/16.jpg)
xlanchen@03/18/2005 Understanding the Inside of Windows2000
16计算机系信息处理实验室
EXPERIMENT Viewing the Handle Table with the Kernel Debugger
![Page 17: Lecture 4 System Mechanisms (2)](https://reader035.fdocuments.us/reader035/viewer/2022062422/568141dd550346895dadba29/html5/thumbnails/17.jpg)
xlanchen@03/18/2005 Understanding the Inside of Windows2000
17计算机系信息处理实验室
Handles and reference counts
![Page 18: Lecture 4 System Mechanisms (2)](https://reader035.fdocuments.us/reader035/viewer/2022062422/568141dd550346895dadba29/html5/thumbnails/18.jpg)
xlanchen@03/18/2005 Understanding the Inside of Windows2000
18计算机系信息处理实验室
Synchronization
Mutual exclusion
one, and only one, thread can access a particular resource at a time
Critical sections
![Page 19: Lecture 4 System Mechanisms (2)](https://reader035.fdocuments.us/reader035/viewer/2022062422/568141dd550346895dadba29/html5/thumbnails/19.jpg)
xlanchen@03/18/2005 Understanding the Inside of Windows2000
19计算机系信息处理实验室
Kernel Synchronization
Kernel critical sections
For single-processor
Simple operating systems: disable all interrupts
2K: raising the processor's IRQL
For a multiprocessor
spinlock
![Page 20: Lecture 4 System Mechanisms (2)](https://reader035.fdocuments.us/reader035/viewer/2022062422/568141dd550346895dadba29/html5/thumbnails/20.jpg)
xlanchen@03/18/2005 Understanding the Inside of Windows2000
20计算机系信息处理实验室
Using a spinlock
![Page 21: Lecture 4 System Mechanisms (2)](https://reader035.fdocuments.us/reader035/viewer/2022062422/568141dd550346895dadba29/html5/thumbnails/21.jpg)
xlanchen@03/18/2005 Understanding the Inside of Windows2000
21计算机系信息处理实验室
Executive Synchronization
Dispatcher objects
WaitForSingleObject
WaitForMultipleObjects
A thread in a Win32 application can synchronize with a Win32 process, thread, event, semaphore, mutex, waitable timer, I/O completion port, or file object
Executive resources
available only to kernel-mode code
aren't accessible from the Win32 API
![Page 22: Lecture 4 System Mechanisms (2)](https://reader035.fdocuments.us/reader035/viewer/2022062422/568141dd550346895dadba29/html5/thumbnails/22.jpg)
xlanchen@03/18/2005 Understanding the Inside of Windows2000
22计算机系信息处理实验室
Waiting on a dispatcher object
A thread can synchronize with a dispatcher object by waiting on the object's handle
![Page 23: Lecture 4 System Mechanisms (2)](https://reader035.fdocuments.us/reader035/viewer/2022062422/568141dd550346895dadba29/html5/thumbnails/23.jpg)
xlanchen@03/18/2005 Understanding the Inside of Windows2000
23计算机系信息处理实验室
Selected kernel dispatcher objects
![Page 24: Lecture 4 System Mechanisms (2)](https://reader035.fdocuments.us/reader035/viewer/2022062422/568141dd550346895dadba29/html5/thumbnails/24.jpg)
xlanchen@03/18/2005 Understanding the Inside of Windows2000
24计算机系信息处理实验室
![Page 25: Lecture 4 System Mechanisms (2)](https://reader035.fdocuments.us/reader035/viewer/2022062422/568141dd550346895dadba29/html5/thumbnails/25.jpg)
xlanchen@03/18/2005 Understanding the Inside of Windows2000
25计算机系信息处理实验室
Wait data structures
![Page 26: Lecture 4 System Mechanisms (2)](https://reader035.fdocuments.us/reader035/viewer/2022062422/568141dd550346895dadba29/html5/thumbnails/26.jpg)
xlanchen@03/18/2005 Understanding the Inside of Windows2000
26计算机系信息处理实验室
EXPERIMENT
Looking at Wait Queues
![Page 27: Lecture 4 System Mechanisms (2)](https://reader035.fdocuments.us/reader035/viewer/2022062422/568141dd550346895dadba29/html5/thumbnails/27.jpg)
xlanchen@03/18/2005 Understanding the Inside of Windows2000
27计算机系信息处理实验室
System worker threads
Three types
Delayed worker threads
Critical worker threads
hypercritical worker threads
![Page 28: Lecture 4 System Mechanisms (2)](https://reader035.fdocuments.us/reader035/viewer/2022062422/568141dd550346895dadba29/html5/thumbnails/28.jpg)
xlanchen@03/18/2005 Understanding the Inside of Windows2000
28计算机系信息处理实验室
EXPERIMENT Listing System Worker Threads
![Page 29: Lecture 4 System Mechanisms (2)](https://reader035.fdocuments.us/reader035/viewer/2022062422/568141dd550346895dadba29/html5/thumbnails/29.jpg)
xlanchen@03/18/2005 Understanding the Inside of Windows2000
29计算机系信息处理实验室
Windows 2000 Global Flags
NtGlobalFlag
Initialize
Gflags.exe
allows you to view and change the system global flags
![Page 30: Lecture 4 System Mechanisms (2)](https://reader035.fdocuments.us/reader035/viewer/2022062422/568141dd550346895dadba29/html5/thumbnails/30.jpg)
xlanchen@03/18/2005 Understanding the Inside of Windows2000
30计算机系信息处理实验室
Local procedure calls (LPCs)
An interprocess communication facility
For high-speed message passing
An internal mechanism available only to Windows 2000 operating system components
![Page 31: Lecture 4 System Mechanisms (2)](https://reader035.fdocuments.us/reader035/viewer/2022062422/568141dd550346895dadba29/html5/thumbnails/31.jpg)
xlanchen@03/18/2005 Understanding the Inside of Windows2000
31计算机系信息处理实验室
EXPERIMENT
Viewing LPC Port Objects
![Page 32: Lecture 4 System Mechanisms (2)](https://reader035.fdocuments.us/reader035/viewer/2022062422/568141dd550346895dadba29/html5/thumbnails/32.jpg)
xlanchen@03/18/2005 Understanding the Inside of Windows2000
32计算机系信息处理实验室
![Page 33: Lecture 4 System Mechanisms (2)](https://reader035.fdocuments.us/reader035/viewer/2022062422/568141dd550346895dadba29/html5/thumbnails/33.jpg)
xlanchen@03/18/2005 Understanding the Inside of Windows2000
33计算机系信息处理实验室
![Page 34: Lecture 4 System Mechanisms (2)](https://reader035.fdocuments.us/reader035/viewer/2022062422/568141dd550346895dadba29/html5/thumbnails/34.jpg)
xlanchen@03/18/2005 Understanding the Inside of Windows2000
34计算机系信息处理实验室
“ Internal” IPC between address spaces, e.g.
Transport for local RPC
Calls to Win32 subsystem
Variants:
n <= 256 bytes done inband
n > 256 bytes via shmem section
n > shmem section – addr-to-addr copy
Typically client-server
Client connects to servers well-known LPC port
Server opens new port and tells client its address
![Page 35: Lecture 4 System Mechanisms (2)](https://reader035.fdocuments.us/reader035/viewer/2022062422/568141dd550346895dadba29/html5/thumbnails/35.jpg)
xlanchen@03/18/2005 Understanding the Inside of Windows2000
35计算机系信息处理实验室
LPC端口的使用