WINDOWS 7

PRESENTED BY,
SUGEERTHI G
2020614033
WINDOWS 7
 Hi sto ry
Design Principles


S y s t e m C omp o n e n t s


Environmental Subsystems


File s y s t e m


 N et w o rk i ng
P r o g r a m m e r In t e r fa c e

OBJECTIVES
To explore t h e principles upon which Windows 7 is designed a n d t h e
specific components involved in t h e system

To u n d e r s t a n d how Windows 7 can r u n programs designed for oth er

operating systems

To provide a detailed explanation of t h e Windows 7 file system

To illustrate t h e networking protocols supported in Windows 7

To cover t h e interface available to system a n d application

progra mmers
WINDOWS 7
 32-bit/64-bit preemp tiv e m u l t i t a s k i n g ope rat ing s y s t e m for In t e l a n d
AMD microprocessors

Key goals for t h e system:



 security
 reliability
 extensibility
 portability
 international support
 energy efficiency
 dynamic device support.

 Su p p o rt s multiple OS personalities usin g user-mode subs yst ems.

 Windows 7 is for desktops. Windows Serve r 2008 R2 u s e s t h e s a m e
i n t e r n a l s a s 64-bit Windows 7, b u t wi t h a d d e d f e a t u r e s for servers.
HISTORY
 In 1988, Microsoft decided to develop a “new technology” (NT) portable
operating system t h a t supported both the OS/2 and POSIX APIs. NT
supported servers as well as desktop workstations.
 Originally, NT was supposed to use the OS/2 API as its native environment
but during development NT was changed to use the Win32 API, reflecting
the popularity of the Windows 3.0 Win16 API.
 Windows XP was released in 2001 to replace the earlier versions of Windows
based on MS/DOS, such as Windows98 a nd Windows ME.
 Windows XP was updated in 2005 to provide support AMD64 compatible
CPUs, bringing support for 64-bit desktop systems.
 Windows Vista was released in late 2006, but was poorly received due to
initial problems with application and device compatibility and sluggishness
on the explosion of low-end “netbook” devices.
 Windows 7 was released in late 2009, greatly improving on Vista.
DESIGN PRINCIPLES
Extensibility — layered a rc h i t e c t u re
• Kernel layer r u n s in protected mode a n d provides access to t h e
CPU by supporting threads, inte rru pts, a n d traps.
• Executive r u n s in protected mode above t h e Kernel layer and,
provides t h e basic system services
• On top of t h e executive, environmental subsystems operate in use r
mode providing different OS APIs.
• Modular struc ture allows additional environmental
subsystems to be added without affecting t h e executive

Portability —Windows 7 ca n be moved from one h a r d w a r e

platform to a n o t h e r w i t h relatively few changes
• Written in C a n d C++

• Platform-dependent code is isolated in a dynamic link library (DLL)

called t h e “hardware abstraction layer” (HAL)
DESIGN PRINCIPLES (CONT.)
 Reliability —Windows uses hardware protection for virtual memory, and
software protection mechanisms for operating system resources

 Compatibility — applications t h a t follow the IEEE 1003.1 (POSIX) standard

can be complied to r u n on Windows without changing the source code.
Applications created for previous versions of Windows r u n using various
virtual machine techniques
 This is deprecated in Windows 8.

 Performance —Windows subsystems can communicate with one another via

high-performance message passing
 Preemption of low priority threads enables the system to respond quickly
to external events
 Designed for symmetrical multiprocessing, scaling to 100s of cores

 International support — supports different locals via the national language

support (NLS) API, use of UNICODE throughout, and providing facilities for
differences in date formats, currency, etc.
WINDOWS ARCHITECTURE
 Layered system of modules
 Protected mode—hardware abstraction layer (HAL), kernel, executive.
 Executive includes file systems, network stack, a n d device
drivers.
 Us er mode— collection of subsystems, services, DLLs, a n d t h e GUI
 Environmental subsystems emulate different operating systems
 Protection subsystems provide security functions
 Windows services provide facilities for networking, device
interfaces, background execution, a n d extension of the system
 Rich shared libraries with thousands of APIs a re implemented using
DLLs to allow code sharing a n d simplify updates
 A graphical u ser interface is built into Win32 a n d used by most
programs t h a t interact directly with the use r
DEPICTION OF WINDOWS 7
ARCHITECTURE
KERNEL — PROCESS AND THREADS
T h e process h a s a v i r t u a l me mor y a d d r e s s space, informat ion (such


a s a b a s e priority), a n d a n affinity for one or mo re processors.

T h r e a d s a r e t h e u n i t of execution sche duled by t h e kernel’s d is p a tc he r.



E a c h t h r e a d h a s i t s own s t a t e , including a priority, processor affinity,



a n d accounting information.

A t h r e a d c a n be one of six s t a t e s : ready, runn abl e, r u n n i n g , wa itin g,



transition , a n d te rmi nate d.

KERNEL — SCHEDULING
Windows scheduler:
 Pre-emptive (since Windows NT)
 Multilevel feedback queue

The dispatcher uses a 32-level priority scheme to determine the order

of thread execution.
 Priorities are divided into two classes
 The real-time class contains threads with priorities ranging

from 16 to 31
 The variable class contains threads having priorities from 0 to

15
Characteristics of Windows 7’s priority strategy:
 Gives very good response times to interactive threads t h a t are
using the mouse and windows
 Enables I/O-bound threads to keep the I/O devices busy
 Compute-bound threads soak up the spare CPU cycles in the
background
KERNEL — SCHEDULING (CONT.)
 Scheduling c a n occur w h e n a t h r e a d e n t e r s t h e r e a d y or w a i t s t a t e ,
w h e n a t h r e a d t e r m i n a t e s , or w h e n a n application c h a n g e s a thread’s
priority or processor affinity.

 Real-time t h r e a d s a r e given p re f e r e n t i a l access to t h e CPU; b u t

Windows 7 does n o t g u a r a n t e e t h a t a re a l -t i me t h r e a d will s t a r t to
execute w i t h i n a n y p a r t i c u l a r t i m e limit.
 This is known a s soft real-time.
EXECUTIVE — OBJECT MANAGER
 Windows Objects== logical view of resources
 Kernel objects: not accessible to u se r code
 Executive objects: Process, thre ad , job, file, event, semaphore, mutex,
timer, registry key, desktop, symbolic link etc.

Windows 7 u s e s objects for all its services a n d entities; t h e object


m a n a g e r supervises t h e u s e of all t h e objects
 Gene rate s a n object handle used by applications to refer to objects
 Checks security
 Keeps track of which processes a r e using each object

Objects a r e m a n i p u l a t e d by a s t a n d a r d s e t of methods, n a me l y create,


open, close, delete, query- name, parse , a n d security.
EXECUTIVE — NAMING OBJECTS
 The Windows executive allows a n y object to be given a n a me ,
which m a y be e ith er p e r m a n e n t or temporary.

 Object n a m e s a r e s t r u c t u r e d like file p a t h n a m e s in UNIX.

 Windows impl eme nt s a symbolic l i n k object, which is similar to symbolic

links in UNIX t h a t allow multiple nick na mes or aliases to refer to t h e
s a me object.

 A process gets a n object h a n d l e by creating a n object, by opening a n

existing one, by receiving a duplicated h a n d le from a n o t h e r process,
or by inheriting a h a n d l e from its p a r e n t process.

Ea ch object is protected by a n access control list.

 The executive n a m e space is extensible to allow n a m i n g of files, registry

keys, a n d oth er objects with t h e i r own special semantics.
EXECUTIVE — VIRTUAL MEMORY
MANAGER
 Th e design of t h e VM m a n a g e r a s s u m e s t h a t t h e und erlying
h a r d w a r e s u p p o rt s v i r t u a l to physical ma pp ing , a paging
mecha nism, t r a n s p a r e n t cache coherence on multiprocessor
systems, a n d v i rt u a l a d d r e s s aliasing.

T he VM m a n a g e r in Windows u s e s a page-based m a n a g e m e n t scheme


wi t h a page size of 4 KB for both x86 a n d AMD64.

 Th e VM m a n a g e r u s e s a two s t e p process to allocate memory

 The first step reserves a portion of t h e process’s address space
 The second step commits t h e allocation by assigning space in
physical memory or in t h e paging file on disk
VIRTUAL-MEMORY LAYOUT (32-BIT)
Top-level Page Directory
Table 0 1 2 3

page- Page page-

directory Directory directory
entry
0 … entry
511

page- page page- page- page page-

table table table table
entry table entry entry table entry
0 0 511 0 511 511

… …
4K page 4K page 4K page 4K page
VIRTUAL MEMORY MANAGER (CONT.)
The v i r t u a l a d d r e s s t r a n s l a t i o n i n Windows u s e s several d a t a s t r u c t u r e s
wi t h i n each process
 A top-level page directory containing 4 page directory entries
(PDEs) of size 8 bytes t h a t ma y each point to a page directory.
 Each page directory contains 512 page directory entries, t h a t may
each point to a page table.
 Each page table contains 512 page table entries (PTEs) of size 8 bytes.
 Each valid P TE points to a 4 KB page frame in physical
memory.
 Invalid PTEs are used by the OS to find pages on disk

 A 9-bit inte ge r c a n r e p r e s e n t all t h e values form 0 to 511, therefore,

can select a n y e n t r y in t h e page directory, or in a page table.
 This property is u s e d w h e n t r a n s l a t i n g a v i rt u a l a d d r e s s pointer to a byte
a d d r e s s in physical memory.
A physical page c an be in one of six s t a t e s : valid, zeroed, free, st and by,
modified a n d bad.
VIRTUAL-TO-PHYSICAL ADDRESS
TRANSLATION
31 0

T
PDE PTE page offset
O

Translation for a 32-bit Virtual Address to a Physical Address

 2 bit index into top-level page directory to get page directory
 9 bit index into page directory to get page directory entry for page table
 9 bit index into page table to get page table entry for physical page

 12 bits for byte offset within physical

page

 SoweFor 64 abit,
have it is ahierarchy
3 level 4 level hierarchy
for Win32
EXECUTIVE — PROCESS MANAGER

Provides services for crea ti ng, deleting, a n d u s i n g t h r e a d s



a n d processes

I s s u e s s u c h a s p aren t/c hil d r e l a t i o n s h i p s or process h i e ra r c h i e s a r e



left to t h e p a r t i c u l a r e n v i r o n m e n t a l s u b s y s t e m t h a t owns the

process .
EXECUTIVE — LOCAL PROCEDURE CALL
FACILITY
 This is part of the undocumented Native API, not normally to be used by
programs.
 The ALPC (Advanced Local Procedure Call) component passes requests and
results between client and server processes within a single machine.
 ALPC is used to request operations between the various Windows
subsystems and services, as well as to provide the lower layer
for standard RPC (Remote Procedure Calls) for a single machine.
 Standard RPC can connect multiple machines, using TCP/IP or named
pipes.
 When a n ALPC channel is created, one of three types of message passing
techniques mu st be specified.
 First type is used for small messages; the port's message queue provides
intermediate storage to copy between processes.
 Second type avoids copying large messages by pointing to a shared
memory section object created for the channel.
 Third method reads and writes directly into each processes’s address
space, and is used by the Win32 GUI.
EXECUTIVE — I/O MANAGER
T h e I/O m a n a g e r is responsible for
 file systems
 cache management
 device and network drivers

Keeps t r a c k of which i ns t a l l a b l e file s y s t e m s a r e loaded, a n d

m a n a g e s buffers for I/O r e q u e s t s .
Works w i t h VM M a n a g e r to provide memory- m a p p e d file I/O.
In t erfa c e s w i t h t h e Windows cache m a n a g e r, which h a n d l e s caching
for t h e e n t i r e I/O s y s t e m.
 The cache manager memory-maps files into the kernel memory
 Also tries to predict the future reading models
 Flush cache contents for writes: write-back cache, accumulates writes
for 4-5 seconds, then writes them
FILE I/O
EXECUTIVE — SECURITY REFERENCE
MONITOR
T h e object-oriented n a t u r e of t h e Windows k e r n e l e n ab l e s t h e u s e of a
u niform m e c h a n i s m to perform r u n t i m e access va lidation a n d a u d i t
checks for every e n t i t y i n t h e s y s t e m.

W h e n e v e r a process opens a h a n d l e to a n object, t h e se curity reference

moni tor checks t h e process’s se curity t o k e n a n d t h e object’s access
control list to see w h e t h e r t h e process h a s t h e n e c e s sa ry r i g h t s .
EXECUTIVE – P N P AND POWER
MANAGERS
P n P (Plug-and-Play) m a n a g e r is u s e d to recognize a n d a d a p t to changes


in t h e h a r d w a r e configuration.
 When new devices a r e added (for example, PCI or USB), t h e P n P
m a n a g e r loads t h e appropriate driver.
 P n P also keeps track of t h e resources used by each device.

The power m a n a g e r controls energy u s e of by t h e C P U a n d devices.



 Drivers for devices not being used a r e told to s h u t off device

 CPUs a r e r u n a t lower clock r a t e and/or lower energy s t a t e s

 System can be p u t into standby mode with only memory on, or

 Hibernated by writing t h e contents of memory to disk a n d t u rn i ng
t h e system completely off
ENVIRONMENTAL SUBSYSTEMS
 User-mode processes layered over t h e n a t i ve Windows executive
services to ena ble Windows to r u n pr o gra ms developed for o t h e r
operating system.

 Windows 7 u s e s t h e Win32 s u b s y st e m a s t h e m a i n operating

environment; Win32 is u s e d to s t a r t all processes.
 It also provides all t h e keyboard, mouse a n d graphical display
capabilities.

The POSIX s u b s y st e m is designed to r u n POSIX applications following



t h e POSIX.1 s t a n d a r d which is ba sed on t h e UNIX model.

ENVIRONMENTAL SUBSYSTEMS
(CONT.)
Logon a n d Se curity S u b s y s t e m s a u t h e n t i c a t e s u s e r s logging on
to Windows 7 s y s t e m s
 U s e r s a r e re quire d to hav e account n a m e s a n d
passwords.
 The a ut h e n t i c a t i o n package a u t h e n t i c a t e s u s e r s whenever
t he y a t t e m p t to access a n object from a remote system.
 Windows 7 u se s Kerberos a s t h e default
a ut h e n t i c a t i o n package
FILE SYSTEM - NTFS
 Introduced in 1993, to replace older FAT
 Max file size: 256TB (Win8)
 Max volume: 256TB (2^64 clusters)
 Journaling file system
 The fundamental structure of the Windows 7 file system (NTFS) is a volume
 Created by the Windows disk administrator utility
 Based on a logical disk partition
 May occupy a portions of a disk, a n entire disk, or span across several
disks
 All metadata, such as information about the volume, is stored in a regular
file
 NTFS uses clusters as the underlying unit of disk allocation
 A cluster is a number of disk sectors t h a t is a power of two
 Because the cluster size is smaller t h a n for the older 16-bit FAT file
system, the amount of internal fragmentation is reduced
 Internally NTFS uses B+ trees to organize file system data
 Complex dat a structure, ensures fast lookup
FILE SYSTEM — SECURITY
Security of a n N T F S volume is derived from t h e Windows object model.
E a c h file object h a s a security descriptor a t t r i b u t e s t o r e d i n t h e M F T
record.
This a t t r i b u t e c ont ai ns t h e se curity ID of t h e o wne r of t h e file, a n d
a n access control list t h a t s t a t e s t h e access privileges t h a t g r a n t e d
to ea c h u s e r a n d g roup t h a t h a s access to t h e file.
FILE SYSTEM — COMPRESSION

To compress a file, N T F S divides t h e file’s d a t a into compression



u n i t s , which a r e blocks of 16 contiguous cluste rs.

Fo r s p a r s e files, N T F S u s e s a n o t h e r t e c h n i q ue to sa v e space.


 Cl ust ers t h a t contain all zeros a r e not actually allocated

or stored on disk.
 In ste a d, gaps a r e left in t h e sequence of v irtua l cluster n u m b e r s
stored in t h e MFT e n t r y for t h e file.
 W h e n rea din g a file, if a gap in t h e vi rtu a l cluster n u m b e r s is
found, N T F S j ust zero-fills t h a t portion of t h e caller’s buffer.
FILE SYSTEM — ENCRYPTION
 EFS (Encrypted File System)
 encrypting individual files or directories of files
 transparent to the user

 BitLocker
 Essentially all of the volume is encrypted
 There are three levels of key protection
 Hardware TPM

 An electronic key plugged into a USB connection

 User password

 BitLocker machines should be shutdown ra ther t h a n placed in standy to

avoid attacks on the unencrypted physical memory.
 Systems protected by BitLocker have a high-degree of security against
d at a theft of lost laptops or stolen systems. Both EFS and Bitlocker
only enabled in Professional, Ultimate and Server versions of
Windows
PRO’s & CON’s
THANK YOU