Download - Windows 2000 Operating System Introduction
Windows 2000 Operating Windows 2000 Operating System System
IntroductionIntroduction
Computing Department,Computing Department,
Lancaster University, UKLancaster University, UK
OverviewOverview
• GoalsGoals– Overview Windows 2000 and product Overview Windows 2000 and product
variationsvariations– Introduce key Windows 2000 concepts Introduce key Windows 2000 concepts
such as the Win32 API, processes, threads, such as the Win32 API, processes, threads, virtual memory, kernel mode and user virtual memory, kernel mode and user modemode
– Introduce tools that can be used to Introduce tools that can be used to examine Windows 2000 internal behaviourexamine Windows 2000 internal behaviour
Course TextbookCourse Textbook
• This book has been used This book has been used as a basis for much of as a basis for much of the material you will find the material you will find within this coursewithin this course
• By far the best textbook By far the best textbook in this area – buy it!in this area – buy it!
IntroductionIntroduction
Brief History of Windows (1)Brief History of Windows (1)
• Windows 1.0Windows 1.0– Announced in 1983, released in November 1985Announced in 1983, released in November 1985
• Windows 2.0Windows 2.0– Released in 1987Released in 1987– New feature: overlapping Windows!New feature: overlapping Windows!– Required Intel 8086 or 8088 ProcessorRequired Intel 8086 or 8088 Processor– Could access 1 megabyte of memoryCould access 1 megabyte of memory
• Windows 3.0Windows 3.0– Introduced on May 22, 1990Introduced on May 22, 1990– Big change: Supported 16-bit protected mode Big change: Supported 16-bit protected mode
(Intel 286/386 processors)(Intel 286/386 processors)– Could access upto 16 megabytes of memoryCould access upto 16 megabytes of memory
Brief History of Windows (2)Brief History of Windows (2)
• Windows 3.1Windows 3.1– Released in April 1992Released in April 1992– TrueType fonts (scalable)TrueType fonts (scalable)– MultimediaMultimedia– Ran Ran onlyonly in protected mode in protected mode– Required 286/386 with > 1MB of memoryRequired 286/386 with > 1MB of memory
• Windows NTWindows NT– Introduced in July 1993Introduced in July 1993– First Windows version supporting 32-bit mode First Windows version supporting 32-bit mode
of Intel 386, 486 and Pentium processorsof Intel 386, 486 and Pentium processors– Designed to be portable to non-Intel processorsDesigned to be portable to non-Intel processors
Brief History of Windows (3)Brief History of Windows (3)
• Windows 95Windows 95– Introduced in August 1995Introduced in August 1995– Also supported 32-bit programming modeAlso supported 32-bit programming mode
• Windows 98Windows 98– Released in June 1998Released in June 1998– Performance improvements & hardware supportPerformance improvements & hardware support– Internet IntegrationInternet Integration
• Windows 2000Windows 2000– Introduced in February 2000Introduced in February 2000
• Windows MillenniumWindows Millennium– Released in September 2000Released in September 2000
What is Windows 2000? (1)What is Windows 2000? (1)
• Protected, virtual memory, 32-bit Protected, virtual memory, 32-bit operating systemoperating system– Separate, protected per-process address spaceSeparate, protected per-process address space– Preemptive, multithreaded multitaskingPreemptive, multithreaded multitasking– Symmetric multiprocessing: 2-32 CPUsSymmetric multiprocessing: 2-32 CPUs
• Modern O/S features and functionalityModern O/S features and functionality– Design started in 1989Design started in 1989– Microkernel(-ish) architectureMicrokernel(-ish) architecture– C2 security (US Dept. of Defence)C2 security (US Dept. of Defence)– High performance, robust file systemHigh performance, robust file system– Full support for UNICODE (Full support for UNICODE (www.unicode.orgwww.unicode.org))
• Defines unique 16-bit values for the world’s character Defines unique 16-bit values for the world’s character setssets
What is Windows 2000? (2)What is Windows 2000? (2)
• Designed to be portableDesigned to be portable– Originally supported x86, MIPS, Alpha and PowerPCOriginally supported x86, MIPS, Alpha and PowerPC– Now only x86 (IA-64 Intel Itanium support in future)Now only x86 (IA-64 Intel Itanium support in future)
• Integrated networkingIntegrated networking– Peer to peer bundled (similar to Windows 9x)Peer to peer bundled (similar to Windows 9x)– 2000 Server adds enterprise-wide capability 2000 Server adds enterprise-wide capability
(domains)(domains)– 5 transports: NetBeui, TCP/IP, IPX/SPX, AppleTalk, DLC5 transports: NetBeui, TCP/IP, IPX/SPX, AppleTalk, DLC
• Multiple O/S personalitiesMultiple O/S personalities– Win32, OS/2 1.x character mode, POSIX subsystemsWin32, OS/2 1.x character mode, POSIX subsystems– Win32 is “primary” environmentWin32 is “primary” environment
Windows 2000 vs. Windows 9x Windows 2000 vs. Windows 9x (1)(1)• Windows 2000Windows 2000
– Requirement: Requirement: O/S stability, applications protected O/S stability, applications protected from each other, O/S protected from applicationsfrom each other, O/S protected from applications
– Goal:Goal: Runs “most” 16-bit DOS and Win16 business Runs “most” 16-bit DOS and Win16 business applicationsapplications
– Long term desktop and server OS for MicrosoftLong term desktop and server OS for Microsoft
• Windows 9xWindows 9x– Requirement:Requirement: Runs all 16-bit DOS and Win16 Runs all 16-bit DOS and Win16
applications, including games and device driversapplications, including games and device drivers– Still contains a lot of 16-bit code (graphic & Still contains a lot of 16-bit code (graphic &
windowing system)windowing system)– Many 32-bit APIs call 16-bit code in the Win9x Many 32-bit APIs call 16-bit code in the Win9x
kernelkernel
Windows 2000 vs. Windows 9x Windows 2000 vs. Windows 9x (2)(2)• Windows 2000 supports symmetric Windows 2000 supports symmetric
multiprocessing (SMP)multiprocessing (SMP)– No master processor: OS and user threads can be No master processor: OS and user threads can be
scheduled to run on any processorscheduled to run on any processor
• Windows 2000 filing system supports securityWindows 2000 filing system supports security• Windows 2000 is fully 32-bitWindows 2000 is fully 32-bit
– Windows 9x contains lots of 16-bit codeWindows 9x contains lots of 16-bit code
• Windows 2000 is fully reentrantWindows 2000 is fully reentrant– Significant portions of 9x are nonreentrantSignificant portions of 9x are nonreentrant
• Windows 2000 can’t run all older Windows 2000 can’t run all older MS-DOS/Windows applications (direct hardware MS-DOS/Windows applications (direct hardware access)access)
Product PackagingProduct Packaging
• Windows 2000 ProfessionalWindows 2000 Professional– Desktop versionDesktop version– Licensed for 2CPUs, 4GB RAMLicensed for 2CPUs, 4GB RAM
• Windows 2000 ServerWindows 2000 Server– Superset of Win2K ProfessionalSuperset of Win2K Professional– Adds Server and Networking Adds Server and Networking
Functionality (Domains, DNS)Functionality (Domains, DNS)
• Windows 2000 Advanced ServerWindows 2000 Advanced Server– Licensed for 8 CPUs, 8GB RAMLicensed for 8 CPUs, 8GB RAM
• Windows 2000 Datacenter ServerWindows 2000 Datacenter Server– 4 node clusters4 node clusters– Licensed for 32 CPUs, 64GB RAMLicensed for 32 CPUs, 64GB RAM
Key ConceptsKey Concepts
Win32 Application Win32 Application Programming Interface (API)Programming Interface (API)
• Primary programming interface to Microsoft Primary programming interface to Microsoft Windows operating systems (95, 98, 2000, CE)Windows operating systems (95, 98, 2000, CE)
• Think “Win32.EXE”, not “Windows 2000.EXE”Think “Win32.EXE”, not “Windows 2000.EXE”• Windows 2000 is designed to support multiple Windows 2000 is designed to support multiple
programming interfaces using environment programming interfaces using environment systemssystems
Windows 2000Windows 95/98/
MillenniumWin 3.1/DOS
Win32 API
Win32s
Win32 Application .EXE
Processes, Threads and JobsProcesses, Threads and Jobs
• What is a process?What is a process?– Represents an instance of a Represents an instance of a
running programrunning program• You create a process to run a You create a process to run a
programprogram• Starting an application creates Starting an application creates
a processa process
• What is a thread?What is a thread?• An execution context within a An execution context within a
processprocess• All threads in a process share All threads in a process share
the same per-process address the same per-process address spacespace
• What is a job?What is a job?• Allows groups of process to be Allows groups of process to be
managed as a single unitmanaged as a single unit
ExecutiveExecutiveExecutiveExecutive
Per-processaddress space
Per-processaddress space
SystemwideAddress Space
SystemwideAddress Space
Thread
Thread
Thread
Task ManagerTask Manager
• To start: Ctrl+Alt+Del To start: Ctrl+Alt+Del or right click on empty or right click on empty area of task bararea of task bar
• Applications tab:Applications tab:• Lists visible windows Lists visible windows
owned by threadsowned by threads
• Processes tab:Processes tab:• Lists processesLists processes• Change priorityChange priority
• Performance tab:Performance tab:• Subset of performance Subset of performance
counterscounters
Virtual MemoryVirtual Memory
• Virtual address space = logical viewVirtual address space = logical view• Memory manager translates virtual addresses Memory manager translates virtual addresses
into physical addressesinto physical addresses• PagingPaging transfers some memory contents to disk, transfers some memory contents to disk,
freeing physical memoryfreeing physical memory
Virtual MemoryPhysical Memory
Kernel Mode vs. User Mode (1)Kernel Mode vs. User Mode (1)
• Operating System ModesOperating System Modes– Kernel Mode (OS)Kernel Mode (OS)
• Privileged process modePrivileged process mode• Access to system data/hardwareAccess to system data/hardware
– User Mode (Applications)User Mode (Applications)• Nonprivileged processor modeNonprivileged processor mode• Limited access to system data/no direct hardware accessLimited access to system data/no direct hardware access
• Applications separated from the operating Applications separated from the operating system – prevented from modifying critical system – prevented from modifying critical datadata
• However, OS components/device drivers can However, OS components/device drivers can still corrupt system!still corrupt system!
Kernel Mode vs. User Mode Kernel Mode vs. User Mode (2)(2)
• Finding process with Most Kernel-Mode Finding process with Most Kernel-Mode TimeTime– Run Performance Monitor (perfmon.exe)Run Performance Monitor (perfmon.exe)– Click on “+” (add counter)Click on “+” (add counter)– Select “Process” as Performance ObjectSelect “Process” as Performance Object– Click on %Privileged TimeClick on %Privileged Time– Select all processes in Instance box (except Select all processes in Instance box (except
_Total)_Total)– Click on “Add”, click on “Close”Click on “Add”, click on “Close”– Use up/down arrow keys to scroll through Use up/down arrow keys to scroll through
counters (type CTRL/H to turn on highlighting)counters (type CTRL/H to turn on highlighting)
Kernel Mode vs. User Mode Kernel Mode vs. User Mode (3)(3)
• Compare time spent in kernel mode Compare time spent in kernel mode vs. user modevs. user mode– Run Performance Monitor (perfmon.exe)Run Performance Monitor (perfmon.exe)– Click on “+” (add counter)Click on “+” (add counter)– Select “Process” as Performance ObjectSelect “Process” as Performance Object– Click on %Privileged Time and, whilst holding Click on %Privileged Time and, whilst holding
Ctrl, click the %User Time counterCtrl, click the %User Time counter– Click on “Add”, click on “Close”Click on “Add”, click on “Close”– Move mouse rapidly, and watch how the Move mouse rapidly, and watch how the
%Privileged Time and %User Time counters %Privileged Time and %User Time counters increaseincrease
Windows 2000 RegistryWindows 2000 Registry
• Repository for system/user configuration Repository for system/user configuration informationinformation– Contains information Windows 2000 requires to boot Contains information Windows 2000 requires to boot
& configure as well as current running system & configure as well as current running system dynamic status informationdynamic status information
• Most common registry parameters can be Most common registry parameters can be adjusted using a graphical utilityadjusted using a graphical utility– Advanced tuning/configuration requires direct accessAdvanced tuning/configuration requires direct access
• Regedt32 or RegeditRegedt32 or Regedit
• Organised to “hives”Organised to “hives”– Pieces of the registry database stored in different filesPieces of the registry database stored in different files
Windows 2000 RegistryWindows 2000 Registry
• Repository for system/user configuration Repository for system/user configuration informationinformation– Contains information Windows 2000 requires to boot Contains information Windows 2000 requires to boot
& configure as well as current running system & configure as well as current running system dynamic status informationdynamic status information
• Most common registry parameters can be Most common registry parameters can be adjusted using a graphical utilityadjusted using a graphical utility– Advanced tuning/configuration requires direct accessAdvanced tuning/configuration requires direct access
• Regedt32 or RegeditRegedt32 or Regedit
• Organised to “hives”Organised to “hives”– Pieces of the registry database stored in different filesPieces of the registry database stored in different files
Registry OrganisationRegistry Organisation
• Five main hives for location machine informationFive main hives for location machine information\HKEY_LOCAL_MACHINE\System\HKEY_LOCAL_MACHINE\System
• Controls booting and running the systemControls booting and running the system
\HKEY_LOCAL_MACHINE\Hardware\HKEY_LOCAL_MACHINE\Hardware• Hardware configuration data, resource usageHardware configuration data, resource usage• Volatile (not saved across boots)Volatile (not saved across boots)
\HKEY_LOCAL_MACHINE\Software\HKEY_LOCAL_MACHINE\Software• Per-machine software data (not critical for booting)Per-machine software data (not critical for booting)
\HKEY_LOCAL_MACHINE\SAM\HKEY_LOCAL_MACHINE\SAM• Account & groups database (replicated on domain Account & groups database (replicated on domain
controllers)controllers)
\HKEY_LOCAL_MACHINE\Security\HKEY_LOCAL_MACHINE\Security• System-wide security policies (on domain controllers)System-wide security policies (on domain controllers)
• Try Try regmonregmon!!
Windows 2000 Professional vs. Windows 2000 Professional vs. Server vs. Advanced ServerServer vs. Advanced Server• Core operating system executables are Core operating system executables are
identicalidentical• Registry indicates system type (set at Registry indicates system type (set at
install time)install time)– HKEY_LOCAL_MACHINE\System\HKEY_LOCAL_MACHINE\System\
CurrentControlSet\Control\ProductOptionsCurrentControlSet\Control\ProductOptions• ProductType: WinNT=Workstation, ServerNT=Server, ProductType: WinNT=Workstation, ServerNT=Server,
LanManNT=Server (Domain Controller)LanManNT=Server (Domain Controller)
• Code in the OS tests these values and Code in the OS tests these values and behaves slightly differently in a few placesbehaves slightly differently in a few places– Licensing limits (no. of processors)Licensing limits (no. of processors)– Boot-time calculations (Memory Manager)Boot-time calculations (Memory Manager)– Length of a time sliceLength of a time slice
Tools PreviewTools PreviewToolTool ExecutableExecutable FunctionalityFunctionality
Performance Performance MonitorMonitor
perfmonperfmon Bundled Bundled with 2000with 2000
System Monitoring, System Monitoring, Viewing Performance Viewing Performance Counter LogsCounter Logs
Task ManagerTask Manager taskmantaskman Bundled Bundled with 2000with 2000
Provides information about Provides information about processes and processes and performanceperformance
Process ViewerProcess Viewer pviewpview Resource Resource KitKit
Shows processes and Shows processes and thread detailsthread details
TlistTlist tlisttlist Resource Resource KitKit
Shows process tree and Shows process tree and thread detailsthread details
Registry MonitorRegistry Monitor regmonregmon Inside Inside Windows Windows 20002000
Monitor registry activityMonitor registry activity
File MonitorFile Monitor filemonfilemon Inside Inside Windows Windows 20002000
Monitor file system activityMonitor file system activity