SlideShare a Scribd company logo

Understanding Windows NT Internals - Part 1

Arun Seetharaman, profile picture
Arun Seetharaman

Windows NT internals refer to the inner workings of the Windows NT operating system. It includes the system architecture, critical data, and how the system is organized.

Technology
1 of 42
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
WINDOWS NT INTERNALS – 01 Computer Call September 22, 1997
DESIGN GOALS FOR THE WINDOWS NT OPERATING SYSTEM Compatibility Portability Robustness Extensibility Performance
KERNEL MODE AND USER MODE Kernel Mode  Contains system code: executives, drivers,kernel and HAL  “Trusted”  Allowed to execute any instructions  Access all the address space User Mode  Contains Application Code  Accept to user address space only  Cannot execute instructions that directly access Hardware Kernel Mode
User Mode Kernel Mode Hardware
Application & Subsystem Hardware Kernel Hardware Abstraction Layer NT Executive
Application & Subsystem Kernel Hardware Abstraction Layer NT Executive I/O Devices DMA/Bus Controller Timers Caches, Interrupts CPU Privileged Architecture
HAL Kernel mode library of Hardware manipulating routines Provides a Kind of Hardware independent Set of Routines Call by all higher level components
KERNEL Performs low-level operating system functions like,  Thread scheduling & synchronization  Multiprocessor synchronization  Time keeping  Interrupt and execution Dispatching  Allows drivers and higher level operating system  Presents an object-based interface
Application & Subsystem Kernel Hardware Abstraction Layer Hardware Object Manager Configuration Manager Process Manager Security Reference Manage5r V M M I/O mgr. L P C System service Interface
 Provides a controlled path from user to Kernel mode code Object Manager  Creating Objects  Deleting Objects  Maintaining global object namespace System service Interface  Keeping track of outstanding references
 Maintain a model of all Hardware & Software Process Manager  Handles Creation, Management and Deletion of processes and Threads Configuration Manager  Mainly handles the Registry
SECURITY REFERENCE MONITOR Object Manager calls SRM for security checks SRM , the Logon Processes & Security Subsystem from NT Security Model
VIRTUAL MEMORY MANAGER Linear addressing with the help of 32 bits Helps an overcommiting memory with the help of physical memory and HD Code not in Physical mem. Is present as files on HD (files are of equal size called pages) Demand paging technique are swapping Technique: CPU issues page fault Trap handler receives it Asks the VMM to restore the page
LOCAL PROCEDURE CALL Passing messages between client & server when both on same M/C How a call is made & attended ? Stubs play a major role
I/O MANAGER Components of I/O Manager  Cache Manager  File Systems  Network drivers  Device drivers Major role - Communicating with drivers Attends request mode by subsystem
PROTECTED SUBSYSTEM MS-DOS Environment  Applications run in a process - NT Virtual DOS Machine(NTVDM) NTVDM - Simulates an Intel 486 Computer with MS-DOS Each Application on separate NTVDM NTVDM Consists of 3 threads 1. Application 2. Timer interrupt(simulation) 3. Console
Instruction execution unit 32-bit MS-DOS emulation Virtual Device Driver (COM, LPT,Keyboard) 16MB 640MB 32-bit 16 bit MS-DOS based application 16-bit MS-DOS emulation Intel x86 instruction ROM BIOS int.+Services+ MS-DOS int.(21 services) Virtual Hardware Structure of an MS-DOS NTVDM
WINDOWS 16-BIT ENVIRONMENT Instruction execution unit 32-bit MS-DOS emulation Virtual Device Driver (COM, LPT,Keyboard) 32-bit 16 bit Windows 3.1 Kernel Windows Mgr. & GDI stubs 16-bit Windows Application 16-bit MS-DOS emulation Win 32 subsystem Structure of the Win 16VDM 32-bit WOW transaction
OS/2 SUBSYSTEM Supports OS/2 1.x character-based applications OS/2 real mode application run on RISC computer in MS-DOS environment
POSIX SUBSYSTEM Defines C-Language API calls between applications & the OS
WIN32 SUBSYSTEM I/O for other subsystems and user application It defines GUI policy and style for the whole system Exposes Win32 API to interact with the Executive
DIAGRAM OF WINDOWS NT 4.0 MS-DOS App PSIX App. OS/2 App. Win16 App. MS-DOS Subsystem POSIX Subsystem OS/2 Subsystem Win32 Subsystem I/O Mgr.. Obj. Mgr.. Security Ref. Mgr.. Process Mgr.. LPC VMM Kernel mode Win Mgr. GDI Graphics Device Drivers Micro Kernel HAL Hardware
FEATURES OF NTFS Fast read write and search operations File System recovery on very large HD High Security
DETAILS OF NTFS Cluster- unit of allocating Partition Size Sec. Per cluster Cluster Size 512 MB or less 1 512 bytes 512MB-1024MB 2 1K 1025-2048MB 4 2K 2049-4096MB 8 4K 4097-8192MB 16 8K 8193-16,384MB 32 16K 16,384- 32,768MB 64 32K > 32,768MB 128 64K Storage Form-file with attributes
DETAILS OF NTFS CONT.... Formatting the HD with NTFS results in creation of  File systems supported by NT • Partition Boot Sector  BIOS Parameter Blk: Vol layout & FS structure Location: status at sector 0 & can be 16 sect. long  Executable Code:Load startup files • Master File Table(MFT)  The first on NTFS volume contains fold records
System File File Name MFT Record Purpose of File Master File Table $ Mft 0 A list of all contents of the NTFS vol Master File Table2 $ Mft Mirr 1 Mirror of 1 st 3 records of the MFT Log file $ logFile 2 Transaction steps used for NTFS recoverability Volume $ volume 3 Vol-name ,NTFS ver & others info. Of Vol. Attribute Def. Table $ AttribDef 4 A table of attribute names, numbers & description Root filename index $. 5 Root folder Cluster Bitmap $ Bitmap 6 A rep. Of vol., showing which clusters are in use MFT
A collection where all the bad clusters in the volume are located Used for converting lowercase characters to the matching unicode uppercase char. System File File Name MFT Record Purpose of File Partition Boot Sec $ Boot 7 The bootstrap for the vol. ,if this is a bootable vol. Bad cluster File $ Bad Clus 8 Quota Table $ Quota 9 Disk quota usage for each user on a vol, currently unused Upcase Tablee $ Upcase 10 11-15 Reserved for future use MFT Cont.... 1st 16 records - system info Entry of each & every file on HD  Small files directly fit in the form of B-trees  have pointers to external clusters
WINDOWS NT SERVICES Win32-based Application POSIX OS/2 subsystem Win32 subsystem User mode LPC Executive Privileged Processor Mode
WHAT IS AN NT OBJECT Processor Mgr.. Process Threads Mem. Mgr. Section Security System Access Token Executive Support Services Event Semaph ore Timer Mutant Event Pair
WHAT IS AN NT OBJECT CONT.. LPC Facility Port I/O Manager File Config. Mgr.. Registry Kernel Profile Object Manager Object Directory Symbolic Link
OBJECT MODEL The object model allows us to  Monitor  Secure  Share
INTERNAL OBJECT MODEL Object Attributes Object Name Object Directory Security Description Quota Changes Open Handle Counter Open Handle Database Permanent/Temporary Kernel/User Mode Type object Pointer Object Body Object Handler Type Object
OBJECT MANAGER AND OBJECTS It manages all objects  Creation  Creation of Handles  Manipulate  Track of Objects created & in use Anything in NT is an Object E.g: Semaphore, Process, Thread, File etc.
EXTERNAL OBJECT INTERFACE Generic Functions  Create xxx  Open xxx - Open Handle  BOOL Close Handle (hobject)  BOOL Duplicate Handle(hsource process, hsource, htarget process, lphtarget, fdwaccess, fInherit, fdwOptins Scope of an Object Handle is Process Relative Object Lifetime
WHAT IS PROCESS A process is an Instance of a Program Running A process Owns Objects  Objects are represented by handles What Distinguishes one Process from Another  Handle Table  Private Memory  Windows
PROCESS CREATION & GETTING HANDLE TO IT Create Process(lpszImageName, lpszCommandLine, lpsaProcess,lpsaThreads, flnInheritHandles, fdwCreate, lpvEnvironment, lpszCurDir, lpsiStartInfo, lppiProcInfo) Creates Process & Primary Thread Process & Thread ID’s are Globally Unique Open Process (fdwAccess, fInherit, IDProcess) Get’s handle for the Process
ENDING PROCESS Exit Process(uExit Code) - closes its own handle CloseHandle(hProcess) - closes the child process’s handle) TerminateProcess(hProces, uExitCode) - used by one Process to kill another Process
INTERPROCESS COMMUNICATION Sharing of two or more Objects - IPC IPC Objects  Shared Memory  Files  Semaphores  Pipes  Windows sockets RPC’s send messages between 2 processes  On same M/C or  On Remote M/Cs
THREAD SYNCHRONIZATION Why it is required ? Synchronization Objects  Mutex  Semaphore  Event  Critical Section
THREAD SCHEDULING Preemptive scheduling Co-operative scheduling
THREAD PRIORITIES 32 priority classes & levels 16-31 real time levels 1-15 variable levels 0 system level Only seven real time levels are available touser Setting priority of threads. Base Priority +or -2 Dispatcher changes priorities (Threads at level 1 through 15)
CONTROLLING PROCESS PRIORITY Setting Base priority - Create Process(--,--, fdwCreate,--,--) SetPriorityClass( ) - priority of a Process SetThreadPriority( ) - manipulates thread priority Priority Classes  High  Normal  Idle  Real-Time

More Related Content

PDF
Windows internals Essentials
John Ombagi
 
PDF
12-Case-Study-WindowsNT.pdf in operating sysetm.
DuaRajpoot2
 
PPT
Case Study 2: WINDOWS VISTA
Munazza-Mah-Jabeen
 
PPT
Windows xp
Dr. C.V. Suresh Babu
 
PPTX
Windows 2000
pramila kanagaraj
 
PPT
운영체제론 Ch22
Jongmyoung Kim
 
PPTX
Chap1_Part2.pptx
NMohd3
 
PPT
Windows internals
Piyush Jain
 
Windows internals Essentials
John Ombagi
 
12-Case-Study-WindowsNT.pdf in operating sysetm.
DuaRajpoot2
 
Case Study 2: WINDOWS VISTA
Munazza-Mah-Jabeen
 
Windows xp
Dr. C.V. Suresh Babu
 
Windows 2000
pramila kanagaraj
 
운영체제론 Ch22
Jongmyoung Kim
 
Chap1_Part2.pptx
NMohd3
 
Windows internals
Piyush Jain
 

Similar to Understanding Windows NT Internals - Part 1 (20)

PDF
Os file
mominabrar
 
PPTX
Windows 7 Architecture
Daniyal Khan
 
PPT
Windows Kernel-
Parth Desai
 
PDF
Analysis Of Process Structure In Windows Operating System
Darian Pruitt
 
PPTX
Windows OS Architecture in Summery
Asanka Dilruk
 
PPT
Chapter 11
Google
 
PPT
Windows 2000
Agnas Jasmine
 
PPT
Chapter 22 - Windows XP
Wayne Jones Jnr
 
PPT
Case study windows
Padam Banthia
 
ODP
NTFS and Inode
Amit Seal Ami
 
PPTX
Windows XP operating system
Himanshu Choudhary
 
PPTX
Windows for Everyone(Operating System)
Waleed Khan
 
PPTX
Window architecture
IGZ Software house
 
PDF
CNIT 121: 12 Investigating Windows Systems (Part 1 of 3)
Sam Bowne
 
PPT
2337610
hantfhan
 
PPTX
Windows Architecture Explained by Stacksol
Stacksol
 
PPT
Ch11
jeffcflynn
 
PPT
Evolution of the Windows Kernel Architecture, by Dave Probert
yang
 
PPT
Oct2009
guest81ab2b4
 
PPTX
Microsoft windows
University of Central Punjab
 
Os file
mominabrar
 
Windows 7 Architecture
Daniyal Khan
 
Windows Kernel-
Parth Desai
 
Analysis Of Process Structure In Windows Operating System
Darian Pruitt
 
Windows OS Architecture in Summery
Asanka Dilruk
 
Chapter 11
Google
 
Windows 2000
Agnas Jasmine
 
Chapter 22 - Windows XP
Wayne Jones Jnr
 
Case study windows
Padam Banthia
 
NTFS and Inode
Amit Seal Ami
 
Windows XP operating system
Himanshu Choudhary
 
Windows for Everyone(Operating System)
Waleed Khan
 
Window architecture
IGZ Software house
 
CNIT 121: 12 Investigating Windows Systems (Part 1 of 3)
Sam Bowne
 
2337610
hantfhan
 
Windows Architecture Explained by Stacksol
Stacksol
 
Ch11
jeffcflynn
 
Evolution of the Windows Kernel Architecture, by Dave Probert
yang
 
Oct2009
guest81ab2b4
 
Microsoft windows
University of Central Punjab
 
Ad

More from Arun Seetharaman (14)

PDF
Implementing Load Balancing in COM+ Applications
Arun Seetharaman
 
PDF
Advanced Windows DNA Scripting with Visual InterDev
Arun Seetharaman
 
PDF
Implementing DHTML Behavior Script Components
Arun Seetharaman
 
PDF
Creating Data-based Applications Using DHTML
Arun Seetharaman
 
PDF
COM Events for Late-bound Delivery of Information
Arun Seetharaman
 
PDF
Understanding Windows NT Internals - Part 4
Arun Seetharaman
 
PDF
Understanding Windows NT Internals - Part 5
Arun Seetharaman
 
PDF
Understanding Windows NT Internals - Part 3
Arun Seetharaman
 
PDF
Understanding Windows NT Internals - Part 2
Arun Seetharaman
 
PDF
OLE DB Provider Development - Encapsulating a Service Provider
Arun Seetharaman
 
PDF
OLE DB 2.0 Architecture - Supporting Remote Data Exchange
Arun Seetharaman
 
PDF
Data Structures in Java and Introduction to Collection Framework
Arun Seetharaman
 
PDF
AWT Enhancements in V1.1 - Supporting Richer GUI Development
Arun Seetharaman
 
PDF
Java Foundation Classes - Building Portable GUIs
Arun Seetharaman
 
Implementing Load Balancing in COM+ Applications
Arun Seetharaman
 
Advanced Windows DNA Scripting with Visual InterDev
Arun Seetharaman
 
Implementing DHTML Behavior Script Components
Arun Seetharaman
 
Creating Data-based Applications Using DHTML
Arun Seetharaman
 
COM Events for Late-bound Delivery of Information
Arun Seetharaman
 
Understanding Windows NT Internals - Part 4
Arun Seetharaman
 
Understanding Windows NT Internals - Part 5
Arun Seetharaman
 
Understanding Windows NT Internals - Part 3
Arun Seetharaman
 
Understanding Windows NT Internals - Part 2
Arun Seetharaman
 
OLE DB Provider Development - Encapsulating a Service Provider
Arun Seetharaman
 
OLE DB 2.0 Architecture - Supporting Remote Data Exchange
Arun Seetharaman
 
Data Structures in Java and Introduction to Collection Framework
Arun Seetharaman
 
AWT Enhancements in V1.1 - Supporting Richer GUI Development
Arun Seetharaman
 
Java Foundation Classes - Building Portable GUIs
Arun Seetharaman
 
Ad

Recently uploaded (20)

PDF
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
PDF
gpt5_lecture_notes_comprehensive_20250812015547.pdf
Chinchu40
 
PDF
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
PDF
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
PDF
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
PPTX
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
PDF
cuic standard and advanced reporting.pdf
SimoneTitaniumTomase
 
PDF
Optimiser vos workloads AI/ML sur Amazon EC2 et AWS Graviton
Julien SIMON
 
PPTX
Machine Learning_overview_presentation.pptx
kondavamsidharreddy2
 
PPTX
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
PDF
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
PPTX
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
PDF
Encapsulation theory and applications.pdf
gurumoop
 
PDF
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 
PPTX
Cloud computing and distributed systems.
kkkkkhan
 
PDF
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
PDF
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
PPT
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
PPTX
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
PDF
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
gpt5_lecture_notes_comprehensive_20250812015547.pdf
Chinchu40
 
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
cuic standard and advanced reporting.pdf
SimoneTitaniumTomase
 
Optimiser vos workloads AI/ML sur Amazon EC2 et AWS Graviton
Julien SIMON
 
Machine Learning_overview_presentation.pptx
kondavamsidharreddy2
 
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
Encapsulation theory and applications.pdf
gurumoop
 
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 
Cloud computing and distributed systems.
kkkkkhan
 
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 

Understanding Windows NT Internals - Part 1

  • 1. WINDOWS NT INTERNALS – 01 Computer Call September 22, 1997
  • 2. DESIGN GOALS FOR THE WINDOWS NT OPERATING SYSTEM Compatibility Portability Robustness Extensibility Performance
  • 3. KERNEL MODE AND USER MODE Kernel Mode  Contains system code: executives, drivers,kernel and HAL  “Trusted”  Allowed to execute any instructions  Access all the address space User Mode  Contains Application Code  Accept to user address space only  Cannot execute instructions that directly access Hardware Kernel Mode
  • 5. Application & Subsystem Hardware Kernel Hardware Abstraction Layer NT Executive
  • 6. Application & Subsystem Kernel Hardware Abstraction Layer NT Executive I/O Devices DMA/Bus Controller Timers Caches, Interrupts CPU Privileged Architecture
  • 7. HAL Kernel mode library of Hardware manipulating routines Provides a Kind of Hardware independent Set of Routines Call by all higher level components
  • 8. KERNEL Performs low-level operating system functions like,  Thread scheduling & synchronization  Multiprocessor synchronization  Time keeping  Interrupt and execution Dispatching  Allows drivers and higher level operating system  Presents an object-based interface
  • 9. Application & Subsystem Kernel Hardware Abstraction Layer Hardware Object Manager Configuration Manager Process Manager Security Reference Manage5r V M M I/O mgr. L P C System service Interface
  • 10.  Provides a controlled path from user to Kernel mode code Object Manager  Creating Objects  Deleting Objects  Maintaining global object namespace System service Interface  Keeping track of outstanding references
  • 11.  Maintain a model of all Hardware & Software Process Manager  Handles Creation, Management and Deletion of processes and Threads Configuration Manager  Mainly handles the Registry
  • 12. SECURITY REFERENCE MONITOR Object Manager calls SRM for security checks SRM , the Logon Processes & Security Subsystem from NT Security Model
  • 13. VIRTUAL MEMORY MANAGER Linear addressing with the help of 32 bits Helps an overcommiting memory with the help of physical memory and HD Code not in Physical mem. Is present as files on HD (files are of equal size called pages) Demand paging technique are swapping Technique: CPU issues page fault Trap handler receives it Asks the VMM to restore the page
  • 14. LOCAL PROCEDURE CALL Passing messages between client & server when both on same M/C How a call is made & attended ? Stubs play a major role
  • 15. I/O MANAGER Components of I/O Manager  Cache Manager  File Systems  Network drivers  Device drivers Major role - Communicating with drivers Attends request mode by subsystem
  • 16. PROTECTED SUBSYSTEM MS-DOS Environment  Applications run in a process - NT Virtual DOS Machine(NTVDM) NTVDM - Simulates an Intel 486 Computer with MS-DOS Each Application on separate NTVDM NTVDM Consists of 3 threads 1. Application 2. Timer interrupt(simulation) 3. Console
  • 17. Instruction execution unit 32-bit MS-DOS emulation Virtual Device Driver (COM, LPT,Keyboard) 16MB 640MB 32-bit 16 bit MS-DOS based application 16-bit MS-DOS emulation Intel x86 instruction ROM BIOS int.+Services+ MS-DOS int.(21 services) Virtual Hardware Structure of an MS-DOS NTVDM
  • 18. WINDOWS 16-BIT ENVIRONMENT Instruction execution unit 32-bit MS-DOS emulation Virtual Device Driver (COM, LPT,Keyboard) 32-bit 16 bit Windows 3.1 Kernel Windows Mgr. & GDI stubs 16-bit Windows Application 16-bit MS-DOS emulation Win 32 subsystem Structure of the Win 16VDM 32-bit WOW transaction
  • 19. OS/2 SUBSYSTEM Supports OS/2 1.x character-based applications OS/2 real mode application run on RISC computer in MS-DOS environment
  • 20. POSIX SUBSYSTEM Defines C-Language API calls between applications & the OS
  • 21. WIN32 SUBSYSTEM I/O for other subsystems and user application It defines GUI policy and style for the whole system Exposes Win32 API to interact with the Executive
  • 22. DIAGRAM OF WINDOWS NT 4.0 MS-DOS App PSIX App. OS/2 App. Win16 App. MS-DOS Subsystem POSIX Subsystem OS/2 Subsystem Win32 Subsystem I/O Mgr.. Obj. Mgr.. Security Ref. Mgr.. Process Mgr.. LPC VMM Kernel mode Win Mgr. GDI Graphics Device Drivers Micro Kernel HAL Hardware
  • 23. FEATURES OF NTFS Fast read write and search operations File System recovery on very large HD High Security
  • 24. DETAILS OF NTFS Cluster- unit of allocating Partition Size Sec. Per cluster Cluster Size 512 MB or less 1 512 bytes 512MB-1024MB 2 1K 1025-2048MB 4 2K 2049-4096MB 8 4K 4097-8192MB 16 8K 8193-16,384MB 32 16K 16,384- 32,768MB 64 32K > 32,768MB 128 64K Storage Form-file with attributes
  • 25. DETAILS OF NTFS CONT.... Formatting the HD with NTFS results in creation of  File systems supported by NT • Partition Boot Sector  BIOS Parameter Blk: Vol layout & FS structure Location: status at sector 0 & can be 16 sect. long  Executable Code:Load startup files • Master File Table(MFT)  The first on NTFS volume contains fold records
  • 26. System File File Name MFT Record Purpose of File Master File Table $ Mft 0 A list of all contents of the NTFS vol Master File Table2 $ Mft Mirr 1 Mirror of 1 st 3 records of the MFT Log file $ logFile 2 Transaction steps used for NTFS recoverability Volume $ volume 3 Vol-name ,NTFS ver & others info. Of Vol. Attribute Def. Table $ AttribDef 4 A table of attribute names, numbers & description Root filename index $. 5 Root folder Cluster Bitmap $ Bitmap 6 A rep. Of vol., showing which clusters are in use MFT
  • 27. A collection where all the bad clusters in the volume are located Used for converting lowercase characters to the matching unicode uppercase char. System File File Name MFT Record Purpose of File Partition Boot Sec $ Boot 7 The bootstrap for the vol. ,if this is a bootable vol. Bad cluster File $ Bad Clus 8 Quota Table $ Quota 9 Disk quota usage for each user on a vol, currently unused Upcase Tablee $ Upcase 10 11-15 Reserved for future use MFT Cont.... 1st 16 records - system info Entry of each & every file on HD  Small files directly fit in the form of B-trees  have pointers to external clusters
  • 28. WINDOWS NT SERVICES Win32-based Application POSIX OS/2 subsystem Win32 subsystem User mode LPC Executive Privileged Processor Mode
  • 29. WHAT IS AN NT OBJECT Processor Mgr.. Process Threads Mem. Mgr. Section Security System Access Token Executive Support Services Event Semaph ore Timer Mutant Event Pair
  • 30. WHAT IS AN NT OBJECT CONT.. LPC Facility Port I/O Manager File Config. Mgr.. Registry Kernel Profile Object Manager Object Directory Symbolic Link
  • 31. OBJECT MODEL The object model allows us to  Monitor  Secure  Share
  • 32. INTERNAL OBJECT MODEL Object Attributes Object Name Object Directory Security Description Quota Changes Open Handle Counter Open Handle Database Permanent/Temporary Kernel/User Mode Type object Pointer Object Body Object Handler Type Object
  • 33. OBJECT MANAGER AND OBJECTS It manages all objects  Creation  Creation of Handles  Manipulate  Track of Objects created & in use Anything in NT is an Object E.g: Semaphore, Process, Thread, File etc.
  • 34. EXTERNAL OBJECT INTERFACE Generic Functions  Create xxx  Open xxx - Open Handle  BOOL Close Handle (hobject)  BOOL Duplicate Handle(hsource process, hsource, htarget process, lphtarget, fdwaccess, fInherit, fdwOptins Scope of an Object Handle is Process Relative Object Lifetime
  • 35. WHAT IS PROCESS A process is an Instance of a Program Running A process Owns Objects  Objects are represented by handles What Distinguishes one Process from Another  Handle Table  Private Memory  Windows
  • 36. PROCESS CREATION & GETTING HANDLE TO IT Create Process(lpszImageName, lpszCommandLine, lpsaProcess,lpsaThreads, flnInheritHandles, fdwCreate, lpvEnvironment, lpszCurDir, lpsiStartInfo, lppiProcInfo) Creates Process & Primary Thread Process & Thread ID’s are Globally Unique Open Process (fdwAccess, fInherit, IDProcess) Get’s handle for the Process
  • 37. ENDING PROCESS Exit Process(uExit Code) - closes its own handle CloseHandle(hProcess) - closes the child process’s handle) TerminateProcess(hProces, uExitCode) - used by one Process to kill another Process
  • 38. INTERPROCESS COMMUNICATION Sharing of two or more Objects - IPC IPC Objects  Shared Memory  Files  Semaphores  Pipes  Windows sockets RPC’s send messages between 2 processes  On same M/C or  On Remote M/Cs
  • 39. THREAD SYNCHRONIZATION Why it is required ? Synchronization Objects  Mutex  Semaphore  Event  Critical Section
  • 41. THREAD PRIORITIES 32 priority classes & levels 16-31 real time levels 1-15 variable levels 0 system level Only seven real time levels are available touser Setting priority of threads. Base Priority +or -2 Dispatcher changes priorities (Threads at level 1 through 15)
  • 42. CONTROLLING PROCESS PRIORITY Setting Base priority - Create Process(--,--, fdwCreate,--,--) SetPriorityClass( ) - priority of a Process SetThreadPriority( ) - manipulates thread priority Priority Classes  High  Normal  Idle  Real-Time