windows user mode components - winitor
TRANSCRIPT
![Page 1: Windows User Mode Components - Winitor](https://reader030.vdocuments.mx/reader030/viewer/2022012506/6181445d836aaa3f6737541a/html5/thumbnails/1.jpg)
Windows – Key User Mode ComponentsWindows User Mode Components
www.winitor.com – dec. 2012 1
Overview
• Organization
• Model
• Components
• CPU Modes
• System processes
• Services processes
• Users processes
• Subsystems processes
• System services
![Page 2: Windows User Mode Components - Winitor](https://reader030.vdocuments.mx/reader030/viewer/2022012506/6181445d836aaa3f6737541a/html5/thumbnails/2.jpg)
Windows – Key User Mode ComponentsWindows User Mode Components
www.winitor.com – dec. 2012 2
OS Organization
• Access to hardware is not allowed
• Access to hardware is made via system services
Virtual machine
Real machine
Applications
![Page 3: Windows User Mode Components - Winitor](https://reader030.vdocuments.mx/reader030/viewer/2022012506/6181445d836aaa3f6737541a/html5/thumbnails/3.jpg)
Windows – Key User Mode ComponentsWindows User Mode Components
www.winitor.com – dec. 2012
API
OS Model
• Applications access the OS via one defined Application Program Interface (API)
3
OS
Application
![Page 4: Windows User Mode Components - Winitor](https://reader030.vdocuments.mx/reader030/viewer/2022012506/6181445d836aaa3f6737541a/html5/thumbnails/4.jpg)
Windows – Key User Mode ComponentsWindows User Mode Components
www.winitor.com – dec. 2012 4
OS Contexts
OS
Applications
CPU runs in user mode
CPU runs in kernel mode
![Page 5: Windows User Mode Components - Winitor](https://reader030.vdocuments.mx/reader030/viewer/2022012506/6181445d836aaa3f6737541a/html5/thumbnails/5.jpg)
Windows – Key User Mode ComponentsWindows User Mode Components
www.winitor.com – dec. 2012
CPU Modes
• Protect critical system data from user applications
• User mode
• Kernel mode
5
3
1
2
0
![Page 6: Windows User Mode Components - Winitor](https://reader030.vdocuments.mx/reader030/viewer/2022012506/6181445d836aaa3f6737541a/html5/thumbnails/6.jpg)
Windows – Key User Mode ComponentsWindows User Mode Components
www.winitor.com – dec. 2012 6
CPU Modes - mechanism
• User programs typically run in both modes
• CPU mode switch <> CPU context switch
time
mode
![Page 7: Windows User Mode Components - Winitor](https://reader030.vdocuments.mx/reader030/viewer/2022012506/6181445d836aaa3f6737541a/html5/thumbnails/7.jpg)
Windows – Key User Mode ComponentsWindows User Mode Components
www.winitor.com – dec. 2012 7
CPU Modes - scenarios
kernel
user
![Page 8: Windows User Mode Components - Winitor](https://reader030.vdocuments.mx/reader030/viewer/2022012506/6181445d836aaa3f6737541a/html5/thumbnails/8.jpg)
Windows – Key User Mode ComponentsWindows User Mode Components
www.winitor.com – dec. 2012 8
TCB
• Context
• No CPU restriction in kernel
• No memory restriction in kernel
• No security check in kernel
• Definition
• Portions of the system trusted to enforce
the security
• Components
• Most hardware
• All kernel code
• Some user code (SeTcbPrivilege)
• Administrators
kernel
hardware
drivers
applications
administrators
![Page 9: Windows User Mode Components - Winitor](https://reader030.vdocuments.mx/reader030/viewer/2022012506/6181445d836aaa3f6737541a/html5/thumbnails/9.jpg)
Windows – Key User Mode ComponentsWindows User Mode Components
www.winitor.com – dec. 2012 9
Memory Layout
• Each application occupies 4 GB of address space
• All applications share system memory space
Privileged
mem
ory
addre
ss
Unprivileged
mem
ory
addre
ss
Application A
0x00000000
Application B Application C Application Z...
0x7FFFFFFF
0xFFFFFFFF
![Page 10: Windows User Mode Components - Winitor](https://reader030.vdocuments.mx/reader030/viewer/2022012506/6181445d836aaa3f6737541a/html5/thumbnails/10.jpg)
Windows – Key User Mode ComponentsWindows User Mode Components
www.winitor.com – dec. 2012 10
OS Major Components
kernel
User processes
…
Services processesSystem processes
Executive
Hardware Abstraction Layer
System services
POSIX
Win32
Environment processes
explorer
pinballalerter
…
…Session manager
Security manager
Logon manager
Services manager
user
Hardware
![Page 11: Windows User Mode Components - Winitor](https://reader030.vdocuments.mx/reader030/viewer/2022012506/6181445d836aaa3f6737541a/html5/thumbnails/11.jpg)
Windows – Key User Mode ComponentsWindows User Mode Components
www.winitor.com – dec. 2012 11
Environment Subsystems
• Definition
• Role
• Types
Win32Posix
NTVDM
Posix application
Win16 application
DOS applicationWin32 application
Win32 application
Win32 application
...
NTVDM
DOS application
Win16 application
Win16 application
.,,
…
WOW
Posix application
...
![Page 12: Windows User Mode Components - Winitor](https://reader030.vdocuments.mx/reader030/viewer/2022012506/6181445d836aaa3f6737541a/html5/thumbnails/12.jpg)
Windows – Key User Mode ComponentsWindows User Mode Components
www.winitor.com – dec. 2012 12
Environment Subsystems - interfaces
• Subsystem
• Process runs in a private address space
• Application
• Sends messages to subsystem
• Unaware of messages
• Implicitely linked with systems‘s interfaces (image = code + metadata)
Ntdll.dll
Native API
Kernel32.dll Gdi32.dll ... User32.dll
application.exe
Functions calls
Win32 API
![Page 13: Windows User Mode Components - Winitor](https://reader030.vdocuments.mx/reader030/viewer/2022012506/6181445d836aaa3f6737541a/html5/thumbnails/13.jpg)
Windows – Key User Mode ComponentsWindows User Mode Components
www.winitor.com – dec. 2012 13
Environment Subsystems - strategy
Subsystem
Executive
Application
Subsystem DLLs
Win32 API
![Page 14: Windows User Mode Components - Winitor](https://reader030.vdocuments.mx/reader030/viewer/2022012506/6181445d836aaa3f6737541a/html5/thumbnails/14.jpg)
Windows – Key User Mode ComponentsWindows User Mode Components
www.winitor.com – dec. 2012 14
Environment Subsystems - strategy
Subsystem
Executive
Application
Subsystem DLLs
CPU mode switch
Win32 API
Native API
![Page 15: Windows User Mode Components - Winitor](https://reader030.vdocuments.mx/reader030/viewer/2022012506/6181445d836aaa3f6737541a/html5/thumbnails/15.jpg)
Windows – Key User Mode ComponentsWindows User Mode Components
www.winitor.com – dec. 2012 15
Environment Subsystems - strategy
Subsystem
Executive
Application
Subsystem DLLs
message CPU context switch
CPU mode switch
API
Native API
![Page 16: Windows User Mode Components - Winitor](https://reader030.vdocuments.mx/reader030/viewer/2022012506/6181445d836aaa3f6737541a/html5/thumbnails/16.jpg)
Windows – Key User Mode ComponentsWindows User Mode Components
www.winitor.com – dec. 2012 16
Environment Subsystems - strategy
Service implementation CPU mode switching CPU context switching Message sent
User process No No No
Executive Yes No No
Server Yes Yes Yes
perf
orm
ance
![Page 17: Windows User Mode Components - Winitor](https://reader030.vdocuments.mx/reader030/viewer/2022012506/6181445d836aaa3f6737541a/html5/thumbnails/17.jpg)
Windows – Key User Mode ComponentsWindows User Mode Components
www.winitor.com – dec. 2012 17
Win16 Support
• MS-DOS applications
• One-one relation
• Win16 applications
• Many-one relation
MS-DOS
Windows
Windows
MS-DOS
> NT< NT
![Page 18: Windows User Mode Components - Winitor](https://reader030.vdocuments.mx/reader030/viewer/2022012506/6181445d836aaa3f6737541a/html5/thumbnails/18.jpg)
Windows – Key User Mode ComponentsWindows User Mode Components
www.winitor.com – dec. 2012 18
System processes
• Are started by the system
• Are running on every system
• Cannot be stopped
![Page 19: Windows User Mode Components - Winitor](https://reader030.vdocuments.mx/reader030/viewer/2022012506/6181445d836aaa3f6737541a/html5/thumbnails/19.jpg)
Windows – Key User Mode ComponentsWindows User Mode Components
www.winitor.com – dec. 2012 19
Session Manager Subsystem
• Definition
• Role
• Particularities
• Part of the TCB
• Native user application
![Page 20: Windows User Mode Components - Winitor](https://reader030.vdocuments.mx/reader030/viewer/2022012506/6181445d836aaa3f6737541a/html5/thumbnails/20.jpg)
Windows – Key User Mode ComponentsWindows User Mode Components
www.winitor.com – dec. 2012 20
Logon Manager
• Definition
• Role
• Interactive logon request management
• Authentication User interface management
• User profile initialization
• Shell creation
• TASKMGR management
Who you are
(identification)
What you know
(authentication)
What you are
(authentication)
![Page 21: Windows User Mode Components - Winitor](https://reader030.vdocuments.mx/reader030/viewer/2022012506/6181445d836aaa3f6737541a/html5/thumbnails/21.jpg)
Windows – Key User Mode ComponentsWindows User Mode Components
www.winitor.com – dec. 2012 21
Local Security Authority Subsystem
• Definition
• Role
![Page 22: Windows User Mode Components - Winitor](https://reader030.vdocuments.mx/reader030/viewer/2022012506/6181445d836aaa3f6737541a/html5/thumbnails/22.jpg)
Windows – Key User Mode ComponentsWindows User Mode Components
www.winitor.com – dec. 2012 22
Service Control Manager
• Definition
• Role
![Page 23: Windows User Mode Components - Winitor](https://reader030.vdocuments.mx/reader030/viewer/2022012506/6181445d836aaa3f6737541a/html5/thumbnails/23.jpg)
Windows – Key User Mode ComponentsWindows User Mode Components
www.winitor.com – dec. 2012 23
User Processes - creation
System
Smss
Winlogon Csrss
Services Lsass
Userinit
Shell
Perm
anent
Vola
tile
(in
tera
ctive)
...
![Page 24: Windows User Mode Components - Winitor](https://reader030.vdocuments.mx/reader030/viewer/2022012506/6181445d836aaa3f6737541a/html5/thumbnails/24.jpg)
Windows – Key User Mode ComponentsWindows User Mode Components
www.winitor.com – dec. 2012 24
Thanks!