View
218
Download
1
Tags:
Embed Size (px)
Citation preview
COMP2122COMP2122Network Operating SystemsNetwork Operating Systems
University of WorcesterUniversity of Worcester
Richard HensonRichard Henson
NovemberNovember 20092009
Week 7: Week 7: Booting up into WindowsBooting up into Windows
Objectives:Objectives:– Describe each of the six boot-up stagesDescribe each of the six boot-up stages– Explain the terms firmware, ACPI, and Explain the terms firmware, ACPI, and
plug-n-playplug-n-play– Relate the different essential components Relate the different essential components
for Windows to the OSI modelfor Windows to the OSI model
Why does Operating System Why does Operating System Boot-up take so long?Boot-up take so long?
Six Stages required (including BIOS) Six Stages required (including BIOS) before the user gets their desktop:before the user gets their desktop:– Power-on self test (POST)Power-on self test (POST)– Initial startupInitial startup– Boot loaderBoot loader– Detect and configure hardwareDetect and configure hardware– Kernel loadingKernel loading– LogonLogon
Stage 1: POSTStage 1: POST
No matter which operating system is No matter which operating system is installed, theinstalled, the motherboard’s BIOS uses motherboard’s BIOS uses POST immediately after switch onPOST immediately after switch on– POST = Power-On Self-TestPOST = Power-On Self-Test– essential to check that basic hardware is essential to check that basic hardware is
OK before loading ANY operating system OK before loading ANY operating system into memory…into memory…
POST…POST… Checks the following:Checks the following:
– crucial hardware matters, such as amount of crucial hardware matters, such as amount of memory presentmemory present
– presence of the devices needed to start the presence of the devices needed to start the operating systemoperating system
Retrieves:Retrieves:– low level functions from BIOS (basic input-output low level functions from BIOS (basic input-output
system)system)– system configuration settings from CMOS memory system configuration settings from CMOS memory
(complementary metal-oxide semiconductor)(complementary metal-oxide semiconductor)
Stage 2: Initial Start-upStage 2: Initial Start-up After POST completes:After POST completes:
– motherboard “add-on” adapters that have motherboard “add-on” adapters that have their own firmware carry out internal their own firmware carry out internal diagnostic testsdiagnostic tests» (e.g. video and hard drive controllers) (e.g. video and hard drive controllers)
– CMOS memory settings (e.g. boot order) CMOS memory settings (e.g. boot order) used to determine the devices the used to determine the devices the computer will use to load an operating computer will use to load an operating systemsystem» e.g. floppy disk, hard disk, CD/DVD, USB e.g. floppy disk, hard disk, CD/DVD, USB
devicedevice
Stage 3: The Boot LoaderStage 3: The Boot Loader A single “boot loader” file needs to be detected and loaded…A single “boot loader” file needs to be detected and loaded…
– called NTLDRcalled NTLDR– should be in the boot area on the first boot device in the CMOS should be in the boot area on the first boot device in the CMOS
boot listboot list if NTLDR is not foundif NTLDR is not found
– depending on the device:depending on the device:» EITHER an error may comes upEITHER an error may comes up» OR control may pass to the next device on the listOR control may pass to the next device on the list
The boot loader file…The boot loader file…– sets the system for “32-bit mode”sets the system for “32-bit mode”– starts the file system (e.g. NTFS)starts the file system (e.g. NTFS)– loads other essential start-up files:loads other essential start-up files:
» Boot.ini – partition boot optionsBoot.ini – partition boot options» Ntdetect.com – hardware detectionNtdetect.com – hardware detection» Ntbootdd.sysNtbootdd.sys» Ntoskrnl.exeNtoskrnl.exe» Hal.dllHal.dll
Stage 4: Detecting and Stage 4: Detecting and Configuring HardwareConfiguring Hardware
NTDETECT then loaded:NTDETECT then loaded:– extracts text info from extracts text info from boot.iniboot.ini file and the file and the
registryregistry– gets hardware data from firmware routinesgets hardware data from firmware routines– passes data gathered to NTLDRpasses data gathered to NTLDR
NTLDRNTLDR– structures data from NTDETECTstructures data from NTDETECT– passes it to NTOSKRNLpasses it to NTOSKRNL
Stage 5: Kernel LoadingStage 5: Kernel Loading NTLDR creates the “WINDOWS NTLDR creates the “WINDOWS
EXECUTIVE”EXECUTIVE” Requirements:Requirements:
– Windows kernel file (NToskrnl.exe)Windows kernel file (NToskrnl.exe)– correct hardware abstraction layer correct hardware abstraction layer
file (HAL.dll by default)file (HAL.dll by default)» example HAL files:example HAL files:
Halacpi.dll (Advanced Configuration and Halacpi.dll (Advanced Configuration and Power Interface (ACPI) PC)Power Interface (ACPI) PC)
Halmacpi.dll (ACPI Multiprocessor)Halmacpi.dll (ACPI Multiprocessor) Halaacpi.dll (ACPI Uniprocessor)Halaacpi.dll (ACPI Uniprocessor) Hal.dll (Standard PC)Hal.dll (Standard PC)
Creating the Creating the “system” registry key“system” registry key
NTLDR…NTLDR…– reads and processes the reads and processes the systemrootsystemroot\\
System32\Config\System fileSystem32\Config\System file» contains essential information for determining contains essential information for determining
which drivers need to be loadedwhich drivers need to be loaded
– creates HKEY_LOCAL_ MACHINE\SYSTEM creates HKEY_LOCAL_ MACHINE\SYSTEM registry keyregistry key» usually includes several “control sets” as subkeysusually includes several “control sets” as subkeys» set up and presented as menu options before the set up and presented as menu options before the
system key can be usedsystem key can be used
System key “control sets”System key “control sets”
– Typical Control sets:Typical Control sets:» \CurrentControlSet, a pointer to a \CurrentControlSet, a pointer to a
ControlSetControlSetxxxxxx subkey subkey wherewhere xxx xxx represents a control set number, represents a control set number,
such as 001 designated in the \Select\Current such as 001 designated in the \Select\Current entryentry
» \Clone\Clone a copy of \CurrentControlSet, created each a copy of \CurrentControlSet, created each
time you start your computertime you start your computer
» \\Select options (next slide)Select options (next slide)
\SELECT control set options\SELECT control set options 1. Default:1. Default:
– points to the control set number for next points to the control set number for next startupstartup» e.g. 001=ControlSet001e.g. 001=ControlSet001» if no error or manual invocation of the if no error or manual invocation of the
LastKnownGood startup optionLastKnownGood startup option assuming that a user is able to log on successfully…assuming that a user is able to log on successfully… BECOMES the Default, Current, and BECOMES the Default, Current, and
LastKnownGood entriesLastKnownGood entries
2.2. Current:Current:– last control set that was used to start the last control set that was used to start the
systemsystem
\SELECT control set \SELECT control set optionsoptions
3. “Failed”:3. “Failed”:– a control set that did not start Windows XP a control set that did not start Windows XP
Professional successfullyProfessional successfully– updated when the LastKnownGood option is used updated when the LastKnownGood option is used
to start the system.to start the system. 4. LastKnownGood:4. LastKnownGood:
– the control set used during the last user sessionthe control set used during the last user session– updated during logon with configuration
information from the previous user session
Creating the “Hardware” KeyCreating the “Hardware” Key Once the Control Set is loaded…Once the Control Set is loaded…
– kernelkernel uses the data structures provided by NTLDR uses the data structures provided by NTLDR to create the HKEY_LOCAL_MACHINE\to create the HKEY_LOCAL_MACHINE\HARDWARE keyHARDWARE key
» hardware data collected at system startuphardware data collected at system startup» includes information about various hardware components includes information about various hardware components
and system resources allocated to each deviceand system resources allocated to each device
The Starting up progress indicator at the bottom The Starting up progress indicator at the bottom of the screen monitors and displays aspects of of the screen monitors and displays aspects of the kernel load process during the creation of the kernel load process during the creation of this keythis key
Drivers, Services, and Drivers, Services, and Kernel InitiationKernel Initiation
Drivers:Drivers:– kernel-mode components required by kernel-mode components required by
devices to function with the operating devices to function with the operating systemsystem
Services:Services:– components that support operating system components that support operating system
functions and applicationsfunctions and applications– can run in various different contextscan run in various different contexts– typically do not offer many user-configurable typically do not offer many user-configurable
optionsoptions Drivers are treated as services…Drivers are treated as services…
Which Services are loaded Which Services are loaded during kernel initiation?during kernel initiation?
Services loaded before user loginServices loaded before user login– act independently of the user act independently of the user – typically stored in the typically stored in the systemrootsystemroot\System32 and \System32 and
systemrootsystemroot\System32\Drivers folders\System32\Drivers folders– use .exe, .sys, or .dll file name extensionsuse .exe, .sys, or .dll file name extensions
Each Service has a “start” value to determine Each Service has a “start” value to determine conditions of loading…conditions of loading…– can be altered by those with admin rightscan be altered by those with admin rights
Service “Start” valuesService “Start” values 0 (Boot)0 (Boot)
– Specifies a driver that is loaded (but not started) Specifies a driver that is loaded (but not started) by firmware calls made by Ntldr. If no errors occur, by firmware calls made by Ntldr. If no errors occur, the kernel starts the driver.the kernel starts the driver.
1 (System)1 (System)– Specifies a driver that loads at kernel initialization Specifies a driver that loads at kernel initialization
during the startup sequence by calling Windows during the startup sequence by calling Windows XP Professional boot drivers.XP Professional boot drivers.
2 (Auto load)2 (Auto load)– Specifies a driver or service that will be initialized Specifies a driver or service that will be initialized
at system startup by Session Manager (Smss.exe) at system startup by Session Manager (Smss.exe) or Service Controller (Services.exe)or Service Controller (Services.exe)
More “Start” valuesMore “Start” values
3 (Load on demand)3 (Load on demand)– a driver or service that is manually a driver or service that is manually
started by a user, a process, or started by a user, a process, or another serviceanother service
4 (Disabled)4 (Disabled)– a disabled (not started) driver or a disabled (not started) driver or
serviceservice
Loading Services and creating Loading Services and creating the system keythe system key
During kernel initialization:During kernel initialization:– NTLDR reads HKEY_LOCAL_MACHINE\NTLDR reads HKEY_LOCAL_MACHINE\
SYSTEM\CurrentControlSet\Services\SYSTEM\CurrentControlSet\Services\servicename, then…servicename, then…
» Ntldr searches the Services subkey for drivers with a Ntldr searches the Services subkey for drivers with a Start value of 0Start value of 0
e.g. hard disk controllerse.g. hard disk controllers
» Ntoskrnl.exe searches for and starts drivers, that have a Ntoskrnl.exe searches for and starts drivers, that have a Start value of 1Start value of 1
e.g. network protocolse.g. network protocols
The kernel then starts the The kernel then starts the session managersession manager
Session Manager (SMss.exe)Session Manager (SMss.exe)
Important initialization functions:Important initialization functions:– creates system environment variablescreates system environment variables– starts kernel-mode part of the Windows subsystem starts kernel-mode part of the Windows subsystem
found at found at systemrootsystemroot\System32\Win32k.sys\System32\Win32k.sys» Windows XP Professional can now switch from text mode Windows XP Professional can now switch from text mode
to graphics modeto graphics mode» Windows-based applications can run in the Windows Windows-based applications can run in the Windows
subsystemsubsystem» applications can now access operating system functions, applications can now access operating system functions,
such as displaying information to the screensuch as displaying information to the screen
Session Manager (continued)Session Manager (continued) Also starts the Also starts the user-modeuser-mode portion of the portion of the
Windows subsystem found at Windows subsystem found at systemrootsystemroot\System32\Csrss.exe \System32\Csrss.exe
Windows subsystem and the Windows subsystem and the applications that run within it all user applications that run within it all user mode processesmode processes– no direct access to hardware or device no direct access to hardware or device
driversdrivers– run at a lower priority than kernel-mode run at a lower priority than kernel-mode
processesprocesses– when it needs more memory the operating when it needs more memory the operating
system can page memory used by user-system can page memory used by user-mode processes to diskmode processes to disk
Session Manager (continued)Session Manager (continued) Next starts the Logon Manager found at Next starts the Logon Manager found at
systemrootsystemroot\System32\Winlogon.exe\System32\Winlogon.exe– creates additional virtual memory paging creates additional virtual memory paging
filesfiles– performs delayed rename operations for performs delayed rename operations for
files listed in the registry key files listed in the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Control\Session Manager\PendingFileRenameOperationsPendingFileRenameOperations» e.g. prompts to restart the computer after e.g. prompts to restart the computer after
installing a new driver or application installing a new driver or application so that the file in use can be replacedso that the file in use can be replaced
Session Manager (continued)Session Manager (continued) Finally, searches the registry for service Finally, searches the registry for service
information that is contained in the following information that is contained in the following subkeys:subkeys:– HKEY_LOCAL_MACHINE\SYSTEM\HKEY_LOCAL_MACHINE\SYSTEM\
CurrentControlSet\Control\Session ManagerCurrentControlSet\Control\Session Manager– HKEY_LOCAL_MACHINE\SYSTEM\HKEY_LOCAL_MACHINE\SYSTEM\
CurrentControlSet\Services\CurrentControlSet\Services\servicenameservicename– HKEY_LOCAL_MACHINE\SYSTEM\HKEY_LOCAL_MACHINE\SYSTEM\
CurrentControlSet\Control\Session ManagerCurrentControlSet\Control\Session Manager\Subsystems\Subsystems
Subkey Information for SMssSubkey Information for SMss
HKEY_LOCAL_MACHINE\SYSTEM\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session CurrentControlSet\Control\Session Manager provides a list of commands to Manager provides a list of commands to run before loading servicesrun before loading services– e.g. The Autochk.exe toole.g. The Autochk.exe tool
» specified by the value of the BootExecute entry specified by the value of the BootExecute entry and virtual memory (paging file) settings stored in and virtual memory (paging file) settings stored in the Memory Management subkeythe Memory Management subkey
» version of the Chkdsk toolversion of the Chkdsk tool» runs at startup if the operating system detects a runs at startup if the operating system detects a
file system problem that requires repair before file system problem that requires repair before completing the startup processcompleting the startup process
Subkey Information for SMssSubkey Information for SMss
– HKEY_LOCAL_MACHINE\SYSTEM\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CurrentControlSet\Services\servicenameservicename» Service Control Manager initializes services that Service Control Manager initializes services that
the Start entry has designated as Auto-loadthe Start entry has designated as Auto-load
– HKEY_LOCAL_MACHINE\SYSTEM\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session ManagerCurrentControlSet\Control\Session Manager\Subsystems\Subsystems» contains a list of available subsystemscontains a list of available subsystems
e.g. Csrss.exe contains the user-mode portion of e.g. Csrss.exe contains the user-mode portion of the Windows subsystemthe Windows subsystem
Stage 6: Logon PhaseStage 6: Logon Phase Managed by Winlogon.exeManaged by Winlogon.exe
– initializes security and authentication initializes security and authentication componentscomponents
– starts the Services subsystem or Service starts the Services subsystem or Service Control Manager (SCM): services.exeControl Manager (SCM): services.exe» starts the Local Security Authority (LSA) starts the Local Security Authority (LSA)
process (lsass.exe)process (lsass.exe)» parses the Ctrl+Alt+Del key combination at the parses the Ctrl+Alt+Del key combination at the
Begin Logon promptBegin Logon prompt
Logon PhaseLogon Phase The Graphical Identification and The Graphical Identification and
Authentication (GINA) component:Authentication (GINA) component:– collects the user name and passwordcollects the user name and password– passes this information securely to the LSA passes this information securely to the LSA
for authenticationfor authentication– if the user supplied valid credentials, if the user supplied valid credentials,
access is granted by using either the access is granted by using either the Kerberos V 5 authentication protocol or Kerberos V 5 authentication protocol or NTLMNTLM
Logon PhaseLogon Phase
After the user has logged on:After the user has logged on:– Control sets are updatedControl sets are updated– Group Policy settings take effectGroup Policy settings take effect– Startup programs run e.g.Startup programs run e.g.
» login scriptslogin scripts» programs in startup foldersprograms in startup folders» services found in registry subkeys & services found in registry subkeys &
folder locationsfolder locations
Logon PhaseLogon Phase ServicesServices loaded from these registry subkeys: loaded from these registry subkeys:
» HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunonceWindows\CurrentVersion\Runonce
» HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RunWindows\CurrentVersion\policies\Explorer\Run
» HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunWindows\CurrentVersion\Run
» HKEY_CURRENT_USER\Software\Microsoft\Windows HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\ RunNT\CurrentVersion\Windows\ Run
» HKEY_CURRENT_USER\Software\Microsoft\Windows\HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunCurrentVersion\Run
» HKEY_CURRENT_USER\Software\Microsoft\Windows\HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnceCurrentVersion\RunOnce
Logon PhaseLogon Phase
Services loaded from these folder Services loaded from these folder locations…locations…– ssystemdriveystemdrive\Documents and Settings\All \Documents and Settings\All
Users\Start Menu\Programs\StartupUsers\Start Menu\Programs\Startup– systemdrivesystemdrive\Documents and Settings\\Documents and Settings\
usernameusername\Start Menu\Programs\ Startup\Start Menu\Programs\ Startup– windirwindir\Profiles\All Users\Start Menu\\Profiles\All Users\Start Menu\
Programs\StartupPrograms\Startup– windirwindir\Profiles\\Profiles\usernameusername\Start Menu\\Start Menu\
Programs\StartupPrograms\Startup
Concluding Logon Phase…Concluding Logon Phase… Winlogon provides Plug and Play support for Winlogon provides Plug and Play support for
computers equipped with ACPI firmware computers equipped with ACPI firmware (Advanced Configuration & Power Interface):(Advanced Configuration & Power Interface):– enables enhanced features, e.g hardware resource enables enhanced features, e.g hardware resource
sharingsharing– especially useful for mobile users who use portable especially useful for mobile users who use portable
computers that support standby, hibernation, hot and computers that support standby, hibernation, hot and warm docking, or undocking featureswarm docking, or undocking features
Plug and Play Device DetectionPlug and Play Device Detection– runs asynchronously with the logon processruns asynchronously with the logon process– relies on system firmware, hardware, device driver, relies on system firmware, hardware, device driver,
and operating system e.g. ACPI to detect and and operating system e.g. ACPI to detect and enumerate new devicesenumerate new devices
Protecting the Server SoftwareProtecting the Server Software
All hardware can go wrong and should have All hardware can go wrong and should have a backupa backup
What of software… need tools…What of software… need tools…– what to backup?what to backup?– when to backup?when to backup?– How to backup?How to backup?– where to put the backup?where to put the backup?– how long to keep the backup?how long to keep the backup?– can the backed up software be fully restored…can the backed up software be fully restored…
Client BackupClient Backup
Windows XP presents four backup choices:Windows XP presents four backup choices:– all filesall files– current user settingscurrent user settings– all user settingsall user settings– custom choicecustom choice
» can choose between anything from all files and can choose between anything from all files and folders to nonefolders to none
Where to backup to?Where to backup to? Computer hard disk?Computer hard disk?
– ideal backup location is a separate partition on the same diskideal backup location is a separate partition on the same disk– e.g. hard disk is partitioned into drive C and drive De.g. hard disk is partitioned into drive C and drive D
» data is on drive Cdata is on drive C» can safely it back up to drive D.can safely it back up to drive D.
Zip drive or other removable mediaZip drive or other removable media Unfortunately, the Windows Backup utility can't save files Unfortunately, the Windows Backup utility can't save files
directly to a CD-RW drivedirectly to a CD-RW drive A shared network drive. Limited only by the amount of A shared network drive. Limited only by the amount of
free space on the network share. free space on the network share. External hard disk drive. External hard disk drive. USB, IEEE 1394, FireWire drivesUSB, IEEE 1394, FireWire drives
Prioritising Server Backup?Prioritising Server Backup?
Servers typically hold a lot of dataServers typically hold a lot of data Generally accepted that “system state” files Generally accepted that “system state” files
are those that are most important for are those that are most important for keeping the NOS functioning normallykeeping the NOS functioning normally– need to be backed up on a regular basisneed to be backed up on a regular basis
System stateSystem state
Active Directory (NTDS)Active Directory (NTDS) System Volume (SYSVOL)System Volume (SYSVOL) Boot filesBoot files RegistryRegistry COM+ class registration databaseCOM+ class registration database