Windows XP An Overview Brett O Neill CSE 8343 Group A6 1 Overview Programs Processes Jobs and Threads Registry and Memory File System Architecture and Management Inter Process Communication Questions References 2 Processes Threads Windows XP process architecture is the same as Windows 2000 process architecture There are 4 units of work Processes Threads Jobs and Programs Simple definitions Program A static set of instructions Process A container for a set of threads that execute an instance of a program Job A group of processes that can be manipulated as a single unit Thread A container for the set of instructions to be executed and the contents of machine registers that define processor state 3 Processes Threads Each process includes a private virtual address space an executable program a list of open handles to various system resources a security context a unique identifier and at least one thread 4 Processes Threads Fields in a Windows XP Executive Process EPROCESS Block 5 Processes Threads Each thread contains a set of instructions to execute the contents of machine registers that define the processor state while the thread is running and two stacks one for User mode and one for Kernel mode 6 Processes Threads Fields in a Windows XP Executive Thread ETHREAD Block 7 Thread Scheduling Priority driven preemptive scheduling is used Priorities levels are determined by both the process and the thread Processes have 4 priority levels Idle Screen savers other display updates Normal The default priority class High Receive most of the CPU s time Real Time Kernel processes 8 Thread Scheduling The process s priority class sets a range of priority values for its threads For example Real Time processes will always have a value from 16 31 Process Priority Classes with Relative Thread Priorities 9 Thread Scheduling Threads run for a length of time known as a quantum Quantum values vary from thread to thread Threads do not necessarily finish their quantum because the system is preemptive If another thread with a higher priority becomes ready it will run However if all threads are the same priority they will run in a round robin fashion 10 Thread Scheduling Thread scheduling code is distributed throughout the kernel It is collectively known as the dispatcher The dispatcher can be triggered by A thread becoming ready to execute A thread leaving the running state A threads priority changing Thread granularity Processes are disregarded when scheduling threads if Process A has 20 threads and Process B has 1 thread each received 1 21st of CPU time 11 Registry and Memory Boot time improvements Simple Boot Flag SBF is a 3 bit flag in CMOS BIOS The 3 bits indicate if the system is Plug and Play if the last boot was successful and if diagnostics need to run The boot loader uses parallel pre fetching of drivers boot code and Registry items Driver loading is prioritized during startup 12 Registry and Memory Boot time improvements cont The first time Windows XP boots it monitors drivers startup applications Registry entries and shell code being loaded and saves the information On the 2nd boot Windows XP pre loads drivers and code asynchronously in parallel into memory in anticipation of their use Therefore when the boot execution path attempts to load a driver the driver is already in memory The previous 8 boots are analyzed heuristically to determine what drivers to pre fetch Drivers which aren t being used drop off the pre fetch list 13 Registry and Memory Physical memory can be page pooled or non page pooled Non Page Pooled Time Critical memory such as the Virtual Memory Manager Page Pooled Memory mapped to disk Pool memory is managed by descriptors called Page Table Entries PTE s that hold memory page frame numbers that point to physical memory pages 14 Registry and Memory PTE s also hold several bits to indicate the current status of the page in use dirty clean or unused Several algorithms are used to avoid interfering with actively used memory and to avoid excessive paging to disk 1 3 GB of memory can be mapped to PTE s so more memory can be actively tracked 15 Registry and Memory Previous versions of Windows allowed drivers to run necessary memory routines Drivers demanded the O S allocate memory even if not enough memory was available Windows XP has eliminated these drivers 3rd Party drivers are not signed drivers if they don t eliminate this code I O Throttling When there is no memory left to allocate Windows XP throttles down its processing of memory to a page at a time using only the memory it can This slows the system but prevents a crash 16 Registry and Memory In previous versions of Windows system performance suffered as the Registry grew This was primarily due to Registry fragmentation new Registry keys were placed in the first available Registry space When applications needed to find these keys an excessive number of memory pages were loaded from disk 17 Registry and Memory In Windows XP when a Registry key needs to be stored the kernel searches for a space large enough to contain all related data Registry keys are physically adjacent so fewer page faults result 18 Registry and Memory Programmers often use Registry keys as flags Therefore there are many empty Registry key trees that applications need to search through at run time This slows performance noticeably Windows XP caches both empty and nonempty Registry keys to solve this problem 19 Registry and Memory 20 File System Architecture and Management Windows XP supports FAT16 FAT32 and NTFS file systems 21 File System Architecture and Management FAT16 Compatible with most operating systems including Linux UNIX and OS 2 Disadvantages Fixed number of clusters per partition File names limited to 8 characters Lack of support for compression security and encryption 22 File System Architecture and Management FAT32 File names can be longer greater number of clusters per partition Disadvantages Clusters are still too large Not compatible with many operating systems Lack of support for compression security and encryption 23 File System Architecture and Management NTFS Capability for security compression file names of 255 characters large volume sizes Architecture The first block of information on an NTFS volume is the Volume Boot Sector It holds 2 primary structures BIOS Parameter Block Contains fundamental information about the volume Volume Boot Code A small block of code that tells the system how to load the operating system This code has