1. History
• Windows XP
– Released 2001
– Merged consumer and corporate codebases
– 64-bit support
2. Design Goals
Merge corporate and consumer codebases
– Windows XP Professional and Windows XP Home Edition
– Built on same codebase
Security
– Kerberos
– Access control lists
– Internet Connection Firewall
Scalability
– Symmetric multiprocessing
– Windows XP 64-Bit Edition
– Windows XP Embedded
• User-friendly
– New GUI
– More multimedia and network support
• Fast boot
– 30 seconds after cold boot
– 20 seconds from hibernation
– 5 seconds from standby
System Architecture
System Architecture
Operating system design
– Modified microkernel
– Layered
Components
– HAL
• Interacts with hardware, drives device components on mainboard
• Abstracts hardware specifics that differ between systems of the same architecture
– Microkernel
• Basic system mechanisms
• Thread scheduling, interrupt dispatching, etc.
• Abstracts hardware specifics that differ between architectures
– Device drivers
• Control peripheral devices
– Executive
• Administers the main operating system subsystems, such as the file system, I/O subsystem and system memory
• Native API
– Environment subsystems
• Provide a specific computing environment for user-mode processes.
• Examples: Win32, SFU, WOW64
– DLLs
• User-mode modules that processes can dynamically link
• Environment subsystems’ APIs are DLLs
– System services
• Like Linux daemons: processes that execute in the background at all times.
• Examples: Task Manager, Computer Browser, etc.
3. System Management Mechanisms
• Environment in which Windows XP’s components execute.
– How data is stored and retrieved (registry)
– Objects
– Interrupt priority
– Software interrupts (APCs, DPCs)
– System threads
Registry
• Central database that stores configuration data accessible to all processes
– User data
– System data
– Hardware data
– Application data
• Logical structure
– Tree whose nodes are keys
• Subkeys and values
• Predefined keys (e.g., HKEY_LOCAL_MACHINE)
– Using the registry
• Navigate the tree structure by going from keys to subkeys
• Accessing relevant values
• Windows XP administration of the registry
– Configuration manager
– Data stored in hives
Object Manager
• Objects in Windows XP
– Represents a physical (e.g., peripheral device) or logical resource (e.g., process)
– Managed by the object manager
– Represented by a data structure in memory
– An instance of object type.
• Defines the object’s attributes
• Defines the object’s standard functions (e.g., open and close)
– Examples: processes, threads, pipes, files, devices, etc.
• Handles and Pointers
– Pointers
• Only used by kernel-mode threads
– Handles
• Used by user-mode processes and kernel components
• Like a pointer but allows the system control over what a thread can do to the object.
• Can be duplicated and passed to other processes
• Object naming
– Object can be named or unnamed
– Named objects categorized in object manager’s namespace
• Deleting objects
– No more handles: deleted from namespace (only kernel-mode threads can open a handle to an unnamed objects)
– No more handles or pointers: deleted from memory
4. System Threads:
Used by kernel-mode components that need to do
work not in response to a user request
– Cache manager flushing dirty cache pages
– Device driver that cannot accomplish all interrupt processing at an elevated IRQL (e.g., because it must access pageable data)
• Kernel threads
– Created by kernel-mode components
– Typically belong to the System process
– In general, behave the same as user-mode threads
Process and Thread Organization
Data structures that describe processes
– EPROCESS block (used mainly by executive):
• Process ID, access token, handle table, etc.
• Contains a KPROCESS block
• Points to PEB
• Stored as a linked list
– KPROCESS block (used mainly by microkernel):
• scheduling information
• synchronization information
– Process environment block (PEB):
• Process information available to user threads
• DLLs linked to process, heap information, etc.
Data structures that describe threads
– ETHREAD block (used mainly by executive)
• Process ID, pending I/O requests, thread’s start address, etc.
• Contains a KTHREAD block
• Points to the thread’s process’s EPROCESS block
– KTHREAD block (used mainly by the microkernel)
• Scheduling priority, thread state, etc.
• Points to thread’s TEB
– Thread environment block
• Thread information available to user threads
• Critical sections owned by thread, stack information, etc.
Memory Management
• Virtual memory manager (VMM)
– Executive component responsible for managing memory
• Lazy allocation
– Avoid allocating memory until necessary
• Prefetching
– Move pages from disk to main memory before they are needed
• Pagefile
– Stores pages that do not fit in main memory
– Windows XP supports up to 16 pagefiles
Memory Organization
• Large pages
– VMM treats several pages as one page
• Restrictions
– Pages must be consecutive in virtual and main memory
– Large pages allow read and write access
– Minimum size usually 2MB
– Size must be multiple of (platform specific) minimum
Page Replacement:
Working set
– Pages a process currently has in main memory
• Balance set manager
– Responsible for trimming working sets
• Localized Least Recently Used
– Similar to LRU
– Localized by process
File Systems:
• Three driver layers
– Volume drivers
• Low level drivers
• Interact with data storage hardware devices
– File system drivers
• NTFS
• FAT16 and FAT32
• CDFS and UDF
– File system filter drivers
• Perform high-level functions
• Virus scanning
• Encryption
5. NTFS
Master File Table (MFT) entry for a sample file.
Input/Output Management:
Environment subsystems
• I/O manager
• Device drivers
• Plug and Play manager
– Dynamically recognizes new devices
– Allocates resources to devices: I/O ports, DMA channels
• Power manager
– Determines each device’s and system’s power state
Interrupt Handling:
Interrupt Service Routine (ISR)
– Associated with each device
– Called by processor on an interrupt
• Returns false if device not interrupting
• Returns true and process interrupt otherwise
– Must execute quickly to avoid masking other interrupts
– Queues DPC for non-critical aspects
• Interrupt object
– One per ISR
– Stores: Interrupt DIRQL, ISR location, interrupt vector
• Interrupt dispatch table
– Maps hardware interrupts to interrupt vectors
Local and Remote Procedure Calls:
Server Process
– Executes procedures
• Client process
– Calls procedures on the server process
• Local procedure call (LPC)
– Client process and server process on same machine
– Only kernel-mode threads may expose LPCs
• Remote procedure call (RPC)
– Client process and server process on different machines
• Local remote procedure call (LRPC)
– Client process and server process on same machine
– Client process uses RPC protocol
• Synchronous or Asynchronous communication
• Stub
– Maps between client process procedure calls and server process procedures
– Marshals and unmarshals arguments
• Run-time library
– Passes data across network
– Any network protocol
• TCP/IP
• IPX/SPX
6. OTHER FEATURES:
• Encrypting File System
• Cookie management
• Control software execution
– File hash provides extra protection
• Certificates
• Trusted Internet Zones
• Automatic Update
– Notifies users of security patches
– Can download and install patches automatically