Professional Documents
Culture Documents
Windows Internal Training Day1
Windows Internal Training Day1
==============
1. window arch
2. Process & thrreads
3. Memory
4. Threads
5. Sockets
1. windows arcgh:
==================
3. .COM files should be < 64K and will fit into one segment in Segmented Memory
Management. I t doest contain the exe header and
loads always at memory 100 usually and loads and excutes very fastly
windows uses only 0 and 3 to be portable to other hardware. So out of 4GB in 32-bit
systems, first/upper2GB is for OS and the oher is for users.
6. David Kutler
9. ntvdm - NT Virtual DOS Manager - Sub System for Running DOS in Win NT
10 wowExec - windows on windows exceutor - part of ntvdm
1. SMP - OS selects any processor for any thread be it a kerner thread or user
thread.In this even if one processor goes off nothing happens. Both memory and IO
devices are shared.
2. ASMP - One processor for kernel and onefor user. In this if one processor goes
off then those thread will be at a task. IO devices will ebsed by only kernel
processor. Memory is shared.
==> P4 first supported HyperThreading. With HT single Processor can have two states
eneabling two threads to run at a time truely parallely.
--> This is achieved by usingone CU(one bus) and 2 ALUs. If one ALU gets BUS
Lock, another HAS TO Wait.
==> Dual Core is an extension ofUSBC#�8�#######################l#lingle BUS. So to
get true parallel processing we need to feed MANY instructions to BUS.
--> Each unit should have a HUGE cache.
The number ofprocessors windows supports islimited only by bits its supports. 32 or
64.
--> Windows uses bit masks to identify theprocessors, as the 32 bis ae native
its so.
NTOSKRNL.EXE exports all its functions via a stubcalled NTDLL.dll. All the
functions in NTDLL has same signature as NTOSKRNL.exe functions.
Now NTDLL raises Interrupts that wll be caught via actual functions in NTOSKRNL
1. Through System service interrupt via Interrupt Service routines(ISR). ISRs runs
at very highInterrupt ReQuest Levels(IRQLs)
2. ISR makes a DPC - Defferred Procedure call and sends for scheduling the
DPCObjects. There will be a DPC manager that picks up DPC Objects and does the
actual job.
3. DPC manager first checks the priveleges via security reference monitor and then
checks if Object reference presents, if not create the object,
update all DataStuctures and then use Device Drivers to do the function and then
return this HANDLE to User mode.
This is just a API wrapper that provides much easy to use and remember API than
NTDLL.dll.
This delegates every call to NTDLL.dll