Scribd Logo
Upload

Welcome to Scribd!

  • 2 views

    Essential Key Kernel Mode Components

    Uploaded by

    Cường WIND

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content

    You might also like

    Essential Key Kernel Mode Components

    Uploaded by

    Cường WIND
    2 views24 pages

    Original Title

    EssentialKeyKernelModeComponents

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    2 views24 pages

    Essential Key Kernel Mode Components

    Uploaded by

    Cường WIND

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 24

    Windows – Key

    Essential User Mode


    Windows Components
    Kernel Mode Components

    Overview

    • Organization
    • Model
    • Components
    • CPU Modes
    • System processes
    • Services processes
    • Users processes
    • Subsystems processes
    • System services

    www.winitor.com 1
    Windows – Key
    Essential User Mode
    Windows Components
    Kernel Mode Components

    OS Organization

    • Access to hardware is not allowed


    • Access to hardware is made via system services

    Applications

    Virtual machine

    Real machine

    www.winitor.com 2
    Windows – Key
    Essential User Mode
    Windows Components
    Kernel Mode Components

    OS Model

    • Applications access the OS via one defined


    Application Program Interface (API)

    Application

    API

    OS

    www.winitor.com 3
    Windows – Key
    Essential User Mode
    Windows Components
    Kernel Mode Components

    OS Contexts

    Applications

    CPU runs in user mode

    CPU runs in kernel mode

    OS

    www.winitor.com 4
    Windows – Key
    Essential User Mode
    Windows Components
    Kernel Mode Components

    CPU Modes

    • Protect critical system data from user applications


    • User mode 3
    2
    • Kernel mode 1

    www.winitor.com 5
    Windows – Key
    Essential User Mode
    Windows Components
    Kernel Mode Components

    CPU Modes - mechanism

    • User programs typically run in both modes


    • CPU mode switch <> CPU context switch

    mode

    time

    www.winitor.com 6
    Windows – Key
    Essential User Mode
    Windows Components
    Kernel Mode Components

    CPU Modes - scenarios

    user
    kernel

    www.winitor.com 7
    Windows – Key
    Essential User Mode
    Windows Components
    Kernel Mode Components

    TCB

    • Context
    • No CPU restriction in kernel
    • No memory restriction in kernel
    • No security check in kernel
    • Definition administrators

    • Portions of the system trusted to enforce applications

    the security kernel

    drivers
    • Components
    • Most hardware hardware

    • All kernel code


    • Some user code (SeTcbPrivilege)
    • Administrators

    www.winitor.com 8
    Windows – Key
    Essential User Mode
    Windows Components
    Kernel Mode Components

    Memory Layout

    • Each application occupies 4 GB of address space


    • All applications share system memory space
    memory address
    Unprivileged

    0x00000000

    Application A Application B Application C ... Application Z

    0x7FFFFFFF
    memory address
    Privileged

    0xFFFFFFFF

    www.winitor.com 9
    Windows – Key
    Essential User Mode
    Windows Components
    Kernel Mode Components

    OS Major Components

    System processes Services processes User processes Environment processes

    Session manager POSIX


    … …

    Logon manager
    alerter pinball
    Security manager Win32

    … explorer
    Services manager

    System services
    user

    kernel

    Executive

    Hardware Abstraction Layer

    Hardware

    www.winitor.com 10
    Windows – Key
    Essential User Mode
    Windows Components
    Kernel Mode Components

    Environment Subsystems

    • Definition
    • Role
    • Types
    .,,

    ... Win16 application

    ... Win32 application Win16 application

    Posix application Win32 application Win16 application

    Posix application Win32 application WOW DOS application DOS application

    NTVDM NTVDM …

    Posix Win32

    www.winitor.com 11
    Windows – Key
    Essential User Mode
    Windows Components
    Kernel Mode Components

    Environment Subsystems - interfaces

    • Subsystem
    • Process runs in a private address space
    • Application
    • Sends messages to subsystem
    • Unaware of messages
    • Implicitely linked with systems‘s interfaces (image = code +
    metadata)
    application.exe

    Functions calls

    Win32 API

    Kernel32.dll Gdi32.dll ... User32.dll

    Native API

    Ntdll.dll

    www.winitor.com 12
    Windows – Key
    Essential User Mode
    Windows Components
    Kernel Mode Components

    Environment Subsystems - strategy

    Application Subsystem

    Win32 API

    Subsystem DLLs

    Executive

    www.winitor.com 13
    Windows – Key
    Essential User Mode
    Windows Components
    Kernel Mode Components

    Environment Subsystems - strategy

    Application Subsystem

    Win32 API

    Subsystem DLLs

    Native API CPU mode switch

    Executive

    www.winitor.com 14
    Windows – Key
    Essential User Mode
    Windows Components
    Kernel Mode Components

    Environment Subsystems - strategy

    Application Subsystem

    API

    message CPU context switch


    Subsystem DLLs

    Native API CPU mode switch

    Executive

    www.winitor.com 15
    Windows – Key
    Essential User Mode
    Windows Components
    Kernel Mode Components

    Environment Subsystems - strategy

    Service implementation CPU mode switching CPU context switching Message sent

    performance
    User process No No No

    Executive Yes No No

    Server Yes Yes Yes

    www.winitor.com 16
    Windows – Key
    Essential User Mode
    Windows Components
    Kernel Mode Components

    Win16 Support

    • MS-DOS applications
    • One-one relation
    • Win16 applications
    • Many-one relation
    < NT > NT

    Windows MS-DOS

    MS-DOS Windows

    www.winitor.com 17
    Windows – Key
    Essential User Mode
    Windows Components
    Kernel Mode Components

    System processes

    • Are started by the system


    • Are running on every system
    • Cannot be stopped

    www.winitor.com 18
    Windows – Key
    Essential User Mode
    Windows Components
    Kernel Mode Components

    Session Manager Subsystem

    • Definition
    • Role
    • Particularities
    • Part of the TCB
    • Native user application

    www.winitor.com 19
    Windows – Key
    Essential User Mode
    Windows Components
    Kernel Mode Components

    Logon Manager

    • Definition
    • Role
    • Interactive logon request management
    • Authentication User interface management
    • User profile initialization
    • Shell creation
    • TASKMGR management
    Who you are
    (identification)

    What you know What you are


    (authentication) (authentication)

    www.winitor.com 20
    Windows – Key
    Essential User Mode
    Windows Components
    Kernel Mode Components

    Local Security Authority Subsystem

    • Definition
    • Role

    www.winitor.com 21
    Windows – Key
    Essential User Mode
    Windows Components
    Kernel Mode Components

    Service Control Manager

    • Definition
    • Role

    www.winitor.com 22
    Windows – Key
    Essential User Mode
    Windows Components
    Kernel Mode Components

    User Processes - creation


    System

    Smss

    Permanent
    Winlogon Csrss

    Services Lsass

    Userinit

    Volatile (interactive)
    Shell

    ...

    www.winitor.com 23
    Windows – Key
    Essential User Mode
    Windows Components
    Kernel Mode Components

    Thanks!

    www.winitor.com 24

    You might also like