lecture 4 system mechanisms (2)

计算机系•信息处理实验室

Lecture 4 System Mechanisms (2)

xlanchen@03/18/2005

xlanchen@03/18/2005 Understanding the Inside of Windows2000

2计算机系信息处理实验室

Contents

Trap dispatching

The executive object manager

Synchronization

System worker threads

Local procedure calls (LPCs)



Object manager

EXPERIMENT

Exploring the Object Manager



Uniform approach towards:

Object protection (C2 security)

Charging

Object naming

Object retention and garbage collection

Object access (via handles)

Standard object attributes

Standard object methods



Executive Objects Process

Memory Section

Event

Timer

Object directory

Queues

Thread

File

Semaphore

Symbolic link

Port

(registry) key



Executive objects that contain kernel objects



Object Structure



Object properties

OM deletes object when:

#open handles drops to zero

#knl refs drops to zero

Obj names

Support identification, finding, sharing

Hierarchic (per machine) name space

Symbolic links, e.g. “C:”



Type Objects

Process objects and the process type object



EXPERIMENT

Viewing the Type Objects



Type Object Attributes

Type name

Pool type

Default quota

Access types

Generic access rights mapping

Synchronization

Methods



Object Methods

Open--When an object handle is opened

Close--When an object handle is closed

Delete--Before the object manager deletes an object

Query--name When a thread requests the name of an object, such as a file, that exists in a secondary object domain

Parse--When the object manager is searching for an object name that exists in a secondary object domain

Security--When a process reads or changes the protection of an object, such as a file, that exists in a secondary object domain



Object Handles & Process Handle Table



EXPERIMENT

Viewing Open Handles with Nthandle



Structure of a handle table entry



EXPERIMENT Viewing the Handle Table with the Kernel Debugger



Handles and reference counts



Synchronization

Mutual exclusion

one, and only one, thread can access a particular resource at a time

Critical sections



Kernel Synchronization

Kernel critical sections

For single-processor

Simple operating systems: disable all interrupts

2K: raising the processor's IRQL

For a multiprocessor

spinlock



Using a spinlock



Executive Synchronization

Dispatcher objects

WaitForSingleObject

WaitForMultipleObjects

A thread in a Win32 application can synchronize with a Win32 process, thread, event, semaphore, mutex, waitable timer, I/O completion port, or file object

Executive resources

available only to kernel-mode code

aren't accessible from the Win32 API



Waiting on a dispatcher object

A thread can synchronize with a dispatcher object by waiting on the object's handle



Selected kernel dispatcher objects



Wait data structures



EXPERIMENT

Looking at Wait Queues



System worker threads

Three types

Delayed worker threads

Critical worker threads

hypercritical worker threads



EXPERIMENT Listing System Worker Threads



Windows 2000 Global Flags

NtGlobalFlag

Initialize

Gflags.exe

allows you to view and change the system global flags



Local procedure calls (LPCs)

An interprocess communication facility

For high-speed message passing

An internal mechanism available only to Windows 2000 operating system components



EXPERIMENT

Viewing LPC Port Objects



“ Internal” IPC between address spaces, e.g.

Transport for local RPC

Calls to Win32 subsystem

Variants:

n <= 256 bytes done inband

n > 256 bytes via shmem section

n > shmem section – addr-to-addr copy

Typically client-server

Client connects to servers well-known LPC port

Server opens new port and tells client its address



LPC端口的使用

lecture 4 system mechanisms (2)

Documents