Understanding Windows NT Internals - Part 3
arunsnarayanan
17 views
19 slides
Mar 11, 2025
Slide 1 of 19
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
About This Presentation
Windows NT internals refer to the inner workings of the Windows NT operating system. It includes the system architecture, critical data, and how the system is organized.
Slide Content
WINDOWS NT INTERNALS – 03
Computer Call
September 22, 1997
Computer Call
September 22, 1997
GENERAL LAYERED DRIVER MODEL
Drivers refers to a piece of code that
manages some peripheral devices
I/O
Manager
File System
Drive
Intermediate
Driver
Device Driver HAL
Drivers refers to a piece of code that
manages some peripheral devices
I/O
Manager
File System
Drive
Intermediate
Driver
Device Driver HAL
DEVICE DRIVERS
• Manage actual data transfer and control operations
• Starting and completing I/O operations
• Handling interrupts
• Performing any error processing required by the
device
• Hardware driver referred to as port driver
Intermediate Drivers
• Extend the capabilities of the I/O system
• Separate hardware specific operations from more
general management issues
• Referred to as class drivers
• Manage actual data transfer and control operations
• Starting and completing I/O operations
• Handling interrupts
• Performing any error processing required by the
device
• Hardware driver referred to as port driver
Intermediate Drivers
• Extend the capabilities of the I/O system
• Separate hardware specific operations from more
general management issues
• Referred to as class drivers
FILE SYSTEM DRIVERS (FSDS)
• Maintaining on-disk structures
• Microsoft currently supplies the following FSDs
FAT-windows95 extended MS-dos file systems
NTFS- windows NT high reliability file system
HPFS- OS/2 high performance file systems
CDFS- ISO 9660 CD-ROM file system
• Maintaining on-disk structures
• Microsoft currently supplies the following FSDs
FAT-windows95 extended MS-dos file systems
NTFS- windows NT high reliability file system
HPFS- OS/2 high performance file systems
CDFS- ISO 9660 CD-ROM file system
EXAMPLE OF SCSI DRIVER
ACHITECTURE
Class Drivers Filter Drivers
NT SCSI
Port Driver
Miniport
Driver
SCSI
Adapter
SCSI Device
ACHITECTURE
Class Drivers Filter Drivers
NT SCSI
Port Driver
Miniport
Driver
SCSI
Adapter
SCSI Device
SCSI DRIVER ARCHITECTURE
• SCSI port and miniport drivers
• NT SCSI port driver-interface between miniport driver
and the operating system
• SCSI miniport- supply port driver with routines that
perform any HBA-specific control operations
• SCSI class drivers
• Manages all the SCSI devices of a particular type
regardless of HBA
SCSI filter drivers
- Optimal
- Interrupt and modify request sent to a SCSI
class driver
• SCSI port and miniport drivers
• NT SCSI port driver-interface between miniport driver
and the operating system
• SCSI miniport- supply port driver with routines that
perform any HBA-specific control operations
• SCSI class drivers
• Manages all the SCSI devices of a particular type
regardless of HBA
SCSI filter drivers
- Optimal
- Interrupt and modify request sent to a SCSI
class driver
STRUCTURE OF A KERNEL-MODE DRIVER
KERNAL MODE DRIVER-collection of subroutines that are
called as needed by the I/O manager
I/O manager calls following routines:
• When a driver is being loaded
• When the driver is being unloaded or the system is shutting down
• When a user mode program issues an I/O system service
call
• When a shared hardware resource becomes available to the
drivers
• At various points during an actual device operation
KERNAL MODE DRIVER-collection of subroutines that are
called as needed by the I/O manager
I/O manager calls following routines:
• When a driver is being loaded
• When the driver is being unloaded or the system is shutting down
• When a user mode program issues an I/O system service
call
• When a shared hardware resource becomes available to the
drivers
• At various points during an actual device operation
DRIVER INITIALIZATION AND CLEANUP
ROUTINES
•Driver Entry Routine
•Loads the driver
•performs initialization functions
•setting up points to other driver routines
•Finding and allocating any hardware resources
•Making the name visible to the rest of system
•Reinitialize routine
•When other dependent drivers have not been loaded
•Unload routine
•Undoing everything that was done by the driver entry routine
•Shutdown routine
•Put the hardware into a known state
•Bug check callback routine
•Put the devices into a known state
•Record some state information that is helpful in debugging
ROUTINES
•Driver Entry Routine
•Loads the driver
•performs initialization functions
•setting up points to other driver routines
•Finding and allocating any hardware resources
•Making the name visible to the rest of system
•Reinitialize routine
•When other dependent drivers have not been loaded
•Unload routine
•Undoing everything that was done by the driver entry routine
•Shutdown routine
•Put the hardware into a known state
•Bug check callback routine
•Put the devices into a known state
•Record some state information that is helpful in debugging
I/O SYSTEM SERVICE DISPATCH
ROUTINES
• Open and close operations
- Provide a dispatch routine that handles Win32 Create File request
- Performs cleanup operations on close handle calls
• Device operations
- Handle actual data transfers and control operation
- Called in response of Win32 Read File,Write File and
Device I/O control requests
ROUTINES
• Open and close operations
- Provide a dispatch routine that handles Win32 Create File request
- Performs cleanup operations on close handle calls
• Device operations
- Handle actual data transfers and control operation
- Called in response of Win32 Read File,Write File and
Device I/O control requests
DATA TRANSFER ROUTINES
•Start I/O routine
•Allocates any resources needed to process the request
•Requests exclusive ownership of the controller
•Interrupt service routine (ISR)
•Acknowledge the device
•Gathering any volatile information needed by other parts
Of the drive
•Execute DPC routine
•DPC routine
•Releasing various system resources
•Reporting errors
•Handling completed I/O requests
•Start next device operation
•Start I/O routine
•Allocates any resources needed to process the request
•Requests exclusive ownership of the controller
•Interrupt service routine (ISR)
•Acknowledge the device
•Gathering any volatile information needed by other parts
Of the drive
•Execute DPC routine
•DPC routine
•Releasing various system resources
•Reporting errors
•Handling completed I/O requests
•Start next device operation
RESOURCE SYNCHRONIZATION
CALLBACKS
•Controller control routine
•Used for a peripheral card that supports multiple physical devices
•Sets up the devices registers and starts I/O operation
•Adapter control routine
•Used for DMA hardware that is sharable
•Sets up the DMA hardware and starts data transfers
•Synchronization routine
•Used for low-IRQL sections of code
•Performs operations on the resources like device control registers
and state information shared with the interrupt service routine
CALLBACKS
•Controller control routine
•Used for a peripheral card that supports multiple physical devices
•Sets up the devices registers and starts I/O operation
•Adapter control routine
•Used for DMA hardware that is sharable
•Sets up the DMA hardware and starts data transfers
•Synchronization routine
•Used for low-IRQL sections of code
•Performs operations on the resources like device control registers
and state information shared with the interrupt service routine
OTHER ROUTINES
•I/O completion routines
•Process the notification sent by low level drivers
•Cancel I/O routines
•Performs necessary cleanup operations in case if
request is canceled
•I/O completion routines
•Process the notification sent by low level drivers
•Cancel I/O routines
•Performs necessary cleanup operations in case if
request is canceled
KERNEL MODE CODE
•Executed on
•Exceptions
•Interrupts
•Kernel Mode Threads
•Executed on
•Exceptions
•Interrupts
•Kernel Mode Threads
USE OF INTERRUPTS BY NT
•CPU priority levels
•Interrupt request level (IRQL)-number that defines
the importance of CPU’s current activity
•CPU priority levels
•Interrupt request level (IRQL)-number that defines
the importance of CPU’s current activity
NT MAPS THESE IRQL LEVELS ONTO
PLATFORM SPECIFIC LEVELS IRQL levels
Generated
By
IRQL Puppose
Hardware Highest-level
Power-level
Ipi-level
Clock2-level
Clock1-level
Profile-level
DIRQLs
Machine checks and bus errors
Power-fail interrupts
Interprocessor doorbell for
multiprocessor system
Internal clock2 (used by 80*86
platforms)
………………………………….
Profiling timer
Platform-dependent number of
levels
For I/o device inetrrupts
Software Dispatch-level
APC-level
Passive-level
Thread scheduler and deferred
Procedure call execution
Asynchronous procedure call
execution
Normal thread execution level
PLATFORM SPECIFIC LEVELS IRQL levels
Generated
By
IRQL Puppose
Hardware Highest-level
Power-level
Ipi-level
Clock2-level
Clock1-level
Profile-level
DIRQLs
Machine checks and bus errors
Power-fail interrupts
Interprocessor doorbell for
multiprocessor system
Internal clock2 (used by 80*86
platforms)
………………………………….
Profiling timer
Platform-dependent number of
levels
For I/o device inetrrupts
Software Dispatch-level
APC-level
Passive-level
Thread scheduler and deferred
Procedure call execution
Asynchronous procedure call
execution
Normal thread execution level
INTERRUPT PROCESSING
SEQUENCE
If (CPU’s current IRQL>= incoming IRQL)
request remains pending
else if (CPU’s current < incoming IRQL)
1.Suspends introduction execution
2.Saves state information
3.Raises IRQL value of CPU
4.Transfers control to an interrupt routine
SEQUENCE
If (CPU’s current IRQL>= incoming IRQL)
request remains pending
else if (CPU’s current < incoming IRQL)
1.Suspends introduction execution
2.Saves state information
3.Raises IRQL value of CPU
4.Transfers control to an interrupt routine
DEFERRED PROCEDURE
CALLS (DPCS)
DPC
object
DPC
object
DPC
Routine
DPC interrupt
High IRQL
ISR
DPC
Dispatcher
System DPC
queue
CALLS (DPCS)
DPC
object
DPC
object
DPC
Routine
DPC interrupt
High IRQL
ISR
DPC
Dispatcher
System DPC
queue
OPERATION OF DPC
1.Add DPC object to the end of the system’s DPC
dispatching queue
2.Request a DPC software interrupt
3.Interrupt serviced by the DPC dispatcher
4.DPC object is removed and dispatcher calls the
DPC routine
5.DPC dispatcher dismisses the interrupt
1.Add DPC object to the end of the system’s DPC
dispatching queue
2.Request a DPC software interrupt
3.Interrupt serviced by the DPC dispatcher
4.DPC object is removed and dispatcher calls the
DPC routine
5.DPC dispatcher dismisses the interrupt
ACCESS TO USER BUFFERS
“Data”
“Data”
DATA
“Data”
“Data”
Copy
Descriptor
Page A
Page B
Page C
A
B
C
Use virtual Space
BIO
DIO
System virtual space
Physical Memory
B
A
C
“Data”
“Data”
DATA
“Data”
“Data”
Copy
Descriptor
Page A
Page B
Page C
A
B
C
Use virtual Space
BIO
DIO
System virtual space
Physical Memory
B
A
C
Tags
Categories
GeneralDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 17
- Slides 19
- Age 267 days
Related Slideshows
22
Pray For The Peace Of Jerusalem and You Will Prosper
RodolfoMoralesMarcuc
32 views
26
Don_t_Waste_Your_Life_God.....powerpoint
chalobrido8
35 views
31
VILLASUR_FACTORS_TO_CONSIDER_IN_PLATING_SALAD_10-13.pdf
JaiJai148317
32 views
14
Fertility awareness methods for women in the society
Isaiah47
30 views
35
Chapter 5 Arithmetic Functions Computer Organisation and Architecture
RitikSharma297999
29 views
5
syakira bhasa inggris (1) (1).pptx.......
ourcommunity56
30 views