Windows XP: An OverviewCSE 8343 – Group A6Brett O’NeillTable of ContentsTable of Figures.…………………………………………………….3Introduction…………………………………………………………4Programs, Processes, Threads and Jobs…………………………….4Processes……………………………………………………..4Threads……………………………………………………….5Registry and Memory……………………………………………….8Booting….…………………………………………………….8Memory….……………………………………………………9The Registry…………………………………………………10File System Architecture and Management………………………..13FAT16….…………………………………………………….13FAT32….…………………………………………………….14NTFS………………………………………………………...14History..………………………………………………..14Goals….………………………………………………..15Architecture……………………………………………15Volume Boot Sector.…………………………….15Metadata Files and the MFT….…………………16Partition and Cluster Sizes………………………17Inter-Process Communication…….……………………………….19Dynamic Data Exchange…….………………………………..19Object Linking and Embedding………………………………20NetBIOS………………………………………………………20Named Pipes………………………………………………….20Windows Sockets……………………………………………..21Mailslots………………………………………………………22Remote Procedure Calls………………………………………23References……………………………………….…………………………25 2Table of Figures1.1 Fields in an EPROCESS Block………………………………………..51.2 Fields in an ETHREAD Block……………...........................................61.3 Process Priority Classes with Relative Thread Priorities……………...62.1Microsoft Boot Time Performance Goals………………………….…..82.2SBF Register…………………………………………………………...82.3Registry Key Fragmentation…………………………………………..112.4Registry Key Searches – Windows 2000 vs. Windows XP…………...123.1 Basic Organization of a FAT16 Voume………………………………133.2 FAT16 Default Cluster Size…………………………………………..133.3 Basic Organization of a FAT32 Volume……………………………...143.4 FAT32 Default Cluster Size…………………………………………..143.5 Basic Organization of an NTFS Volume……………………………..153.6 MFT Resident Attributes……………………………………………..163.7 Important MFT Records………………………………………………173.8 NTFS Default Cluster Size……………………………………………184.1 WinSock 2.0 Architecture…………………………………………….224.2 RPC Architecture….………………………………………………….233IntroductionWindows XP is Microsoft’s most recent operating system. It has introduced numerous enhancements and improvements to previous versions of Windows. This paper will detail important features of the new operating system.1. Programs, Processes, Threads and JobsThe largest unit of work in Windows XP is known as a program. A program is simply a static set of instructions. Smaller units of work are grouped logically into entities called processes, threads and jobs. Processes and threads have priority schemes to determine theorder in which they should run on the processor.1.1. ProcessesA process is a container for the set of resources used by threads that execute an instance of a program. Each process includes a private virtual address space, an executable program, a list of open handles to various system resources, a security context, a unique identifier, and at least one thread of execution known as the executive thread.Each Windows XP process is represented by an executive process (EPROCESS) block. An EPROCESS block contains many attributes associated with the process, as well as several data structures and pointers. An EPROCESS block exists in system space, with the exception of the Process Environment Block (PEB), which exists in process address space. Additionally, Windows XP maintains a parallel structure for each process that executes a Win32 program.4Kernel Process BlockProcess IDParent Process IDExit StatusCreate and Exit TimesNext Process BlockQuota BlockMemory Management InformationException PortDebugger PortPrimary Access TokenHandle TableDevice MapProcess Environment BlockImage FilenameImage Base AddressProcess Priority ClassWin32 Process BlockJob ObjectFigure 1.1: Fields in an EPROCESS BlockA job is simply a function to group several processes together, making them easy to manage and manipulate as a single unit.1.2 ThreadsA thread contains a set of instructions that can be executed, the contents of machine registers that define the processor state while the thread is running, and two stacks – one for User mode and one for Kernel mode. Kernel mode always has a higher priority than User mode.A Windows XP thread is represented by an Executive Thread (ETHREAD) block. An ETHREAD block exists in system space, with the exception of the Thread Environment Block (TEB), which exists in process address space. Additionally, Windows XP maintainsa parallel structure for each thread that executes a Win32 program.When a process is created, one thread is created. This thread is known as the primary thread. As this thread executes, it can create additional threads. All threads in a process run in the same address space and share the same resources. Using multiple threads is very efficient because Windows XP can multitask to continue working when some threads are blocked. 5KTHREADCreate and Exit TimesProcess IDEPROCESSThread Start AddressAccess TokenImpersonation InformationLPC Message InformationTimer InformationPending I/O RequestsFigure 1.2: Fields in an ETHREAD BlockWindows XP uses a priority-driven,