SAP Notes

Syste
MBATech 8 – IT/COMP
MBATech-
em Architecture & Programm

System Architecture
&
Programming
ming
Prof. Rahhul M. Sammant, HOD MMBATech
Prof. Rahul M
Prof M. Samant
Dept. Head., Technology Management
11/12/2010 Mukesh Patel School of Technology Management & Engineering 1

Syste
Windows ÅÆ UNIX
ming
Prof.f Rahul
R M. Samant
Dept Head, MBATech

Syste
Why study this subject ?

• In the 50+ year history of the IT industry
industry, there has been
only one overriding constant:
– the continual presence of change, both in terms of the
t h l
technology and d th
the capability
bilit off computer
t systems.
t
• Few other areas in business have experienced such
rapid
p development
p and often terrifying
y g levels of
obsolescence, with equipment that was purchased new
ming
at $10,000 barely able to recoup $200 a mere three

yyears later—a 98% depreciation
p rate.
• The result of this continuing progress is that you as the
IT decision maker are caught in a difficult situation.
– You can make no changes and risk your systems slipping into
obsolescence, or you can make a change and risk joining a
computing trend that turns out to be an evolutionary dead end.

Syste
UNIX legacy

• The various implementations of the UNIX operating system have served
industry well, as witnessed by the very large base both of installed systems
and large-scale applications installed on those systems.
• However, there are increasing g signs
g of dissatisfaction with expensive,
p often
proprietary solutions and a growing sense that perhaps the concept of "big
iron" has had its day—in the same way as it has for most of the mainframes
of the type portrayed in 1970s science fiction films.
• One of the most extraordinary and unexpected successes of the Intel PC
ming
architecture is the extent to which this basic framework has been extended
to encompass very large server and data center environments.

• Large-scale hosting companies are now offering enterprise-level services to
multiple client companies at availability levels of over 99
99.99
99 percent on what
are simply racks of relatively cheap PCs.
• Technologies such as clustering, Network Load Balancing (NLB) and
p
Component Load Balancing g ((CLB)) enable the humble ppersonal computer
p to
take on and match the levels of throughput, availability and reliability of all
but the most expensive "big iron" solutions and the supercomputers.

Syste
UNIX Æ Why ???

• Three main reasons spring to mind:
– Reduced costs
– Increased flexibility
– Improved performance
ming

Syste
UNIX Æ Windows

• The b
Th bestt price-to-performance
i t f ratio
ti
• The lowest Total Cost of Ownership
• An enterprise-level directory service
• g
Integrated management
g and securityy model
ming
• Rapid application development tools
• Built-in
Built in clustering and high availability
technologies
• Worldwide enterprise support
• Large network of trained consultants

Syste
UNIX Æ LINUX

• Migrate UNIX applications with minimal
g
changes
• Move to PC-based architecture, thus
reducing hardware costs
ming
• Acquire an operating system at little or no

apparent cost

Syste
Problems with LINUX

• T
To make
k a true
t assessmentt off the
th suitability
it bilit off Li
Linux,
you need to look at the following areas.
– Do I need an enterprise
enterprise-wide
wide directory service?
– Do I need to support clustering or load-balancing?
– Will I need to integrate with a heterogeneous environment?
– Will I need
d to
t use features
f t on Linux
Li that
th t will
ill tie
ti me in
i to
t a single
i l
ming
vendor?
– Do I need consistent, integrated, enterprise management?
– Will I require a well-defined enterprise roadmap of future
innovation and features?
• If you answer yes to any of these questions
questions, then you
may find that Linux provides a less than ideal solution.

Syste
TPC C Benchmark 2004
TPC-C

ming

Syste
TPC C Benchmark 2009
TPC-C

ming

Syste
Summary

• Why study this subject ?
• UNIX legacy
• UNIX Æ Why ???
ming
• UNIX Æ WINDOWS
• UNIX Æ LINUX
• TPC-C benchmarks
– 2004
– 2009
Syste
2.
Evolution & architecture :
Introduction
ming
Prof. Rahul M. Samant

HOD, MBATech

Syste
Windows Evolution and Architecture

• In the late 1980s, Microsoft began to design a new operating system
that could take advantage of advances in processor design and
software development.
• The new operating system was called Microsoft Windows NT® (for
new technology). The current Windows 2000 and Microsoft
Windows XP operating systems are based on Windows NT.
• Figure 1 illustrates the evolutionary development of the Windows
ming
family of operating systems, culminating in today's Windows XP and
soon in Microsoft Windows Server 2003.

• do s XP is
Windows s bu
builtt on
o tthe
e robust
obust a
and
d high-performance
g pe o a ce Windows do s
NT kernel and incorporates many of the best features of Microsoft
Windows 98 and Microsoft Windows Millennium Edition (Windows
Me).
• Th
These features
f include
i l d PlugPl and d Pl
Play support, an iintuitive
i i user
interface, and many innovative support services.

Syste
Windows Evolution

Win7
Vista
ming

2009
Syste
Windows NT architecture

ming

Syste
User Mode

• Windows NT architecture uses two processor access
modes: user mode and kernel mode.
mode
• User mode includes application processes (typically
Microsoft Win32® p programs)
g ) and a set of p
protected
ming
subsystems. These subsystems are referred to as
protected because each one is a separate process with

its own protected virtual address space
space. The most
important subsystem is the Win32 subsystem, which
supplies much of the Win32 functionality to 32-bit
Wi d
Windows applications.
li ti Th
The Wi
Windows
d subsystems,
b t
including the Win32 subsystem.

Syste
POSIX…
POSIX

• A
Another
th iimportant
t t subsystem,
b t particularly
ti l l
with respect to UNIX applications, is the
POSIX subsystem. POSIX stands for
Portable Operating System Interface for
computing environments, and consists of a
ming
set of international standards for

implementing UNIX-like interfaces. POSIX
g as an effort by
began y the IEEE community y
to promote the portability of applications
across different versions of UNIX
Syste
…

• . However, POSIX is not limited to the
UNIX environment and has been
implemented on a number of non-UNIX
operating systems,
systems including Windows NT NT.
ming
The POSIX subsystem implements these

standards based interfaces
standards-based interfaces, and allows
applications developers to more easily port
their applications to Windows from another
p
operatingg system.
y
Syste
Kernel Mode

• Kernel mode is a highly privileged mode of
operation where program code has direct
access to all memory, including the address
spaces of all user mode processes and
applications, and to hardware.
ming
• Kernel mode is also known as supervisor mode,

protected mode or Ring 0. The kernel mode of
Windows NT contains the executive as well as
the system kernel.

Syste
…

• Th
The executive
ti exports t generic
i services
i th
thatt protected
t t d
subsystems call to obtain basic operating system
services,, such as file operations,
p , input/output
p p ((I/O),
), and
synchronization services.
• Partitioning of the protected subsystems and the
executive
ti simplifies
i lifi ththe b
base operating
ti system t d
design
i
ming
and makes it possible to extend the features of an

individual
d dua p protected
o ec ed subsys
subsystem
e without ou aaffecting
ec g the e
kernel.
• The kernel controls how the operating system uses the
processors, and d performs
f operations
ti suchh as scheduling,
h d li
multiprocessor synchronization, and providing objects
that the executive can use or export to applications.
Syste
Features

• The Windows operating system supports the following
features and capabilities:
• Multitaskingg
• Choice of programming interfaces (subsystem and
kernel application programming interfaces [APIs])
• Emphasis on graphical user interface (GUI) for users
ming
and administrators (the default user interface is

graphical)
• Optional
O i l command-line
d li iinterface
f
• Built-in networking (Transmission Control
Protocol/Internet Protocol [TCP/IP] is standard)
• System services are provided by Windows Services
• Single compatible implementation
Syste
UNIX Evolution and Architecture

• IIn 1969,
1969 B Bellll L
Laboratories
b t i d developed
l d UNIX as a
timesharing system (the term used at that time
to describe a multitasking operating system that
supported many users at terminals). Although
the first implementation was written in assembly
language the designers always intended for
language,
ming
UNIX to be written in a higher-level language.

Thus, Bell Labs invented the C language so that
they could rewrite UNIX. UNIX has evolved into
a popular operating system that runs on
computers ranging in size from personal
computers to mainframes.

Syste
• Fi
Figure 3 shows
h the
th evolution
l ti off UNIX ffrom a single
i l code
d
base into the wide variety of UNIX systems available
today.
y In fact,, this is onlyy a summary–there
y are more
than fifty flavors of UNIX in use today. The codes on the
diagram refer to the brands and versions of UNIX that
are in common use, use including:
ming
• AIX from IBM

• Solaris from SUN Microsystems
• HP-UX and Tru64 from Hewlett Packard
• UnixWare from Caldera
• Linux and FreeBSD, which are open source products

Syste
Evolution of UNIX

ming

Syste
Structure of UNIX

ming

Syste
Features

• The UNIX operating system supports the following features and
capabilities:
• Multitasking
• Multiuser
• Kernel written in high-level language
• Programming interface
• U off fil
Use files as h
handles
dl tto reference
f d
devices
i and
d other
th objects
bj t
ming
• Large number of simple tools

• Use of pipes and filters to undertake complex tasks through simple
t l
tools
• Default user interface is character-based
• Built-in networking (TCP/IP is standard)
• System services are provided through daemon processes
• Wide number of vendor platform implementations

Syste
3
3.
Comparison
p
ming

Comparison of Windows and UNIX
Syste
Architectures

1. Kernels and APIs 9. System configuration
2 Hardware drivers
2. 10. Interprocess
p
communication (IPC)
3. Processes and
11. DLLs and shared
threads libraries
ming
4. Virtual memory
12. Component-based
management development
5 File
5. Fil systems
t andd 13 .NET
13. NET
networked file systems 14. Middleware
6 Security
6. 15 Shells and scripting
15.
7. Networking 16. Development
8. User interfaces environments
Syste
1. Kernels and APIs

• As do most operating systems, Windows
and UNIX both have kernels. The kernel is
responsible for all the basic functions of
the operating system,
system such as:
ming
• Creating files
• Starting processes
• Managing input and output
• Managing memory
Syste
Cont…

• In UNIX, the API functions are called system calls. System
calls are a p
programming
g g interface common to all
implementations of UNIX.
• In most implementations, the functions defined by the
system calls are the same; in some implementations,
implementations
however, there are minor differences. Standards such as
POSIX include a definition of the implementation of system
calls in addition to other features
calls, features.
ming
• Similarly, Windows has an API for programming calls to the

executive. In addition to this API, each subsystem provides
a higher-level
hi h l l API
API. Thi
This approach h allows
ll the
th Windows
Wi d
operating systems to provide different APIs, some of which
mimic the APIs provided by the kernels of other operating
systems.
• The standard subsystem APIs include the Win32 API (the
Windows native API) and the POSIX API (the standards- standards
based UNIX Mukesh
11/12/2010
API).Patel School of Technology Management & Engineering 30
Syste
Cont…
Cont

• Obj
Objectst andd handles
h dl
• As a Windows developer using the Win32 API, you use
kernel objects to manage and manipulate resources
such as files, synchronization objects, processes,
threads, and pipes. Kernel objects are data structures
maintained
i t i db by th
the operating
ti system
t kkernel.
l TTo iinteract
t t
ming
with a kernel object (and its associated resource), you

must
us obtain
ob a a handle
a d e to
o the
e kernel
e e objec
object by ca
calling g the
e
appropriate Win32 API. Regardless of the underlying
resource type, the procedure for manipulating kernel
objects is as follows:

Syste
Cont…
Cont

• Obt
Obtain i a kernel
k l object
bj t handle.
h dl
• For example, call the CreateFile function to open
a file
fil and d obtain
bt i a fil
file kkernell object
bj t hhandle.
dl
• Manipulate the resource by using the kernel
object
bj t h handle.
dl
ming
• For example, call the ReadFile and WriteFile

f
functions,
ti supplying
l i th the hhandle
dl as a parameter.
t
• Close the handle when your work is complete.
• Call the CloseHandle function, irrespective of
the handle type.
Syste
Cont…
Cont

• Wi
Windows
d subsystems
b t
• A subsystem is a portion of the Windows
operating
ti system
t that
th t provides
id some servicei tto
application programs through a callable API.
The subsystems run in separate processes and
Cont
Cont…
ming
do not share virtual memory. Therefore, a

subsystem must send messages to another
subsystem to communicate with it. All messages
pass through
p g the executive,, which pperforms a
security check to guarantee that the subsystems
do not interfere with one another.
Syste
Cont…
Cont

• S
Subsystems
b t come in i ttwo varieties,
i ti d
depending
di on whereh
the request is finally handled:
• Environment subsystems execute in user mode and
provide functions through a published API. The best
known environment subsystem is Win32, which provides
an API for
f operating
ti systemt services,
i GUI capabilities,
biliti
ming
and functions to control all user input and output.

• Integral subsystems perform key operating system
functions and execute as part of the executive or kernel.
The best known of the integral subsystems are the
security
it subsystem
b t andd th
the virtual
i t l memory manager.
Other subsystems include the object manager, the
process manager, and the I/O manager.
Syste
Cont…
Cont

• Th
The Win32
Wi 32 subsystem
b t
• The Win32 subsystem allows applications to
b
benefit
fit ffrom the
th full
f ll power off the
th Windows
Wi d ffamily
il
of operating systems. Win32 has a vast
collection of functions
functions, including the capabilities
ming
required for advanced operating systems, such

as security
security, synchronization
synchronization, virtual memory
management, and threads. By using the Win32
API,, you
y can write applications
pp that run on all
versions of Windows while taking advantage of
capabilities that exist only on later versions.
Syste
Cont…
Cont

• Th
The Win32
Wi 32 API iis groupedd iinto
t six
i categories:
t i
• Base services
• Base services are functions that let applications use the
features of the operating system, such as memory
management,
g file systems,
y devices, p
processes, and
ming
threads. An application uses these functions to manage
and monitor the resources that it needs to complete its

work For example,
work. example an application uses memory
management functions to allocate and free memory.
Process management and synchronization functions start
andd coordinate
di t ththe operation
ti off multiple
lti l applications
li ti or
multiple threads within a single application.

Syste
Cont…
Cont

• Common control library
• A common control libraryy implements
p a set of
common controls shown as windows.
Applications use these controls to maintain
ming
consistency with the Windows shell and to
maintain the distinctive Windows behavior and

appearance. Common controls range from fairly
simple, such as combo box and status bar
controls, to complex, such as calendar and tree
view controls.
Syste
Cont…
Cont

• G
Graphics
hi Device
D i Interface
I t f
• The Graphics Device Interface (GDI) provides functions
and data structures that applications use to generate
graphical output for displays, printers, and other devices.
GDI enables applications to draw geometric shapes,
suchh as lilines, curves, andd closed
l d fifigures andd tto
ming
manipulate text and images. GDI allows the application

to
o co
control
o visible
sbea attributes,
bu es, suc
such as co color
o aand
d sstyle,
y e, when
e
drawing shapes and text. Applications can direct output
to a physical device or to a logical device such as
memory or a metafile.
metafile

Syste
Cont…
Cont

• N
Network
t k services
i
• Network services provide functions for network
management and Windows networking (WNet) (WNet). Network
management lets a systems administrator or network
manager create and manage shared resources, such as
di t i
directories, network
t k printers,
i t and
d users. WiWindows
d
ming
networking functions enable applications to query and

control
co o network
e o co connections
ec o s a and
d to
o retrieve
e e e information
o a o
about the current network configuration. These functions
are independent of any network provider or physical
network implementation.
implementation

Syste
Cont…
Cont

• U
User iinterface
t f
• User interface functions give applications the means to
create and manage a user interface
interface. Applications use
these functions to create and use windows to display
output, prompt for user input, and interact with the user.
Th b
The behavior
h i and d appearance off windows
i d th
thatt an
ming
application creates are controlled by window classes and

corresponding
co espo d g windowdo p procedures.
ocedu es A windowdo cclassass
defines default characteristics, such as whether the
window processes mouse button clicks or has a menu.
The corresponding window procedure contains code that
defines the behavior of the window in response to events
and user input.
Syste
Cont…
Cont

• Windows shell
• Windows shell functions enable applications to use the shell interfaces and
to enhance various aspects of the Windows shell. A context menu handler
is a shell extension that modifies the contents of a shortcut menu. The
system displays a shortcut menu when the user clicks an object with the
right mouse button. The shortcut menu contains commands that apply
specifically to the object that was clicked. Most shortcut menus contain a
properties
p p command that displays
p y the p property
p y sheet for the selected
ming
object. A property sheet contains information about the object in a set of
overlapping or tabbed windows called pages. A property sheet handler is a

shell extension that adds pages to the system-defined property sheet. The
y
system uses icons to represent
p files. The default icon displayed
p y is the same
for all files with the same extension. An icon handler can override the
default and display a different icon for some files.
• Note The APIs provided by different environment subsystems cannot be
mixed A file opened in the POSIX subsystem is not compatible with the API
mixed.
in the Win32 subsystem. For this reason, you must use special techniques
when linking different subsystems.

Syste
Cont…
Cont

• The POSIX subsystem and Interix
• Windows NT, Windows 2000, and Windows XP provide a fully
standards-compliant subsystem that supports programs written for
the POSIX portable operating system environment
environment. Programs
written for the POSIX environment on any other operating systems
should perform in exactly the same manner on Windows.
• Althoughg the POSIX subsystemy is standards compliant
p and p
provides
ming
the majority of the system calls found in UNIX implementations, not
all UNIX applications are POSIX compliant.

• To add more comprehensive support for UNIX programs, Windows
provides
id theth IInterix
t i subsystem.
b t IInterix
t i iis a multiuser
lti UNIX
environment for a Windows-based computer.
• Interix conforms to the POSIX.1 and POSIX.2 standards. It provides
all of the features of a traditional UNIX operating system,
system including
pipes, hard links, symbolic links, UNIX networking, and UNIX
graphical support through the X Window System (also called X
Windows). )
Syste
Cont…
Cont

• It also includes case-sensitive
case sensitive file names
names, job control tools
tools,
compilation tools, and more than 300 UNIX commands and utilities,
such as KornShell, C Shell, awk, and vi. See Chapter 10 for further
information about Interix features and commands.
• Because the Interix subsystem is layered on top of the Windows
kernel, it is not an emulation; it is a native environment subsystem
that integrates with the Windows kernel, just as the Win32
subsystem
b t does.
d
ming
• When you install Interix, you install a new extended subsystem that
replaces the POSIX subsystem provided with Windows and that
provides true UNIX functionality
functionality.
• Shell scripts and other scripted applications that use UNIX and
POSIX.2 utilities run under Interix. (For more information about shell
scripts see the "Shells
scripts, Shells and Scripting"
Scripting section later in this chapter
chapter.))

Syste
Cont…
Cont

• These behaviors of the Interix environment are different from open
systems:
• Interix has no superuser.
• Interix has different user authentication
authentication.
• User and group information is stored in the Windows Security
Access database. While the database stores both users and groups,
group names and user names must be unique; that is is, no group can
ming
have a user's name and vice versa. (This database replaces the
/etc/passwd and /etc/groups files or Network Information Service

[NIS] map files in UNIX.) Users can belong to many groups.
• Interix supports user name mapping.
• Interix uses user name mapping to associate Windows users with
user identifiers (UIDs) and group identifiers (GIDs). Mapping allows
th actual
the t l user andd group names tto appear as ththe fil
file owner andd fil
file
group when a long directory listing is requested.

Syste
2. Hardware Drivers

• Th
The Windows
Wi d D
Driver
i M
Model
d l provides
id a platform
l tf ffor
developing drivers for industry-standard hardware
devices attached to a Windows-based system.y The keys
y
to developing a good driver package are to provide good
setup and installation procedures and to provide
interactive GUI tools for configuring devices after
ming
installation. In addition, hardware must be compatible

with Windows Plug and Play technology to ensure a
user-friendly hardware installation. If hardware
manufacturers meet these and other requirements, they
can display the "Designed
Designed for Windows"
Windows logo on their
packaging and documentation.

Syste
Cont…
Cont

• In some versions of Windows, the user must
reboot the computer after installing new
hardware, drivers, and peripherals. Windows
XP, however, has features that eliminate the
need to reboot if drivers are signed with a digital
ming
certificate. This certificate indicates that a driver

has passed the Windows Hardware
Compatibility Tests, which ensure that the driver
functions correctly with the Windows operating
system.
Syste
Cont…
Cont

• In UNIX, there are several different ways
to manageg drivers. Some UNIX
implementations allow for dynamic loading
and unloading of drivers
drivers, whereas other
ming
implementations do not. The UNIX vendor

usually provides drivers
drivers. On Intel
platforms, the range of supported
hardware for UNIX is typically smaller than
that for Windows.
Syste
3 Process Management
3.Process

• Multitasking operating systems—such as Windows and
UNIX—must
UNIX must manage and control many processes at
once.
• Each p process has its own code, data, system
y resources,
ming
and state. Resources include virtual address space, files,
and synchronization objects.

• Threads are a part of a process; each process has one
or more threads running on its behalf.
• Like a process, a thread has resources and a state
associated with it. The Windows and UNIX operating
systems both provide process and threads.

Syste
4. Multitasking

• UNIX was d designed
i d tto b
be a multiprocessing,
lti i multiuser
lti
system. At any point in time, a user may have many
processes running
p g on UNIX. Consequently,
q y, UNIX is very
y
efficient at creating processes.
• Windows has evolved from its beginnings on Microsoft
MS DOS® which
MS-DOS®, hi h did nott supportt preemptive
ti
ming
multitasking. As a result, Windows relies heavily on

threads
eads instead
s ead ofo processes.
p ocesses ((A threadead is
s a co
construct
s uc
that enables parallel processing within a single process.)
Creating a new process in Windows is a relatively
expensive operation
operation.

Syste
5. Multiple users

• O
One key
k difference
diff b
between
t UNIX and
d Windows
Wi d
is the implementation of multiple users on one
computer.
• On UNIX, when a user logs on, a shell process
is started to service the user's commands. The
UNIX operating system keeps track of users and
ming
their processes and prevents processes from

interfering with one another
another. Because all the
processes run on the server, the resource
demands on the computer can grow quite large,
especially with many users and large
applications.

Syste
Cont…
Cont

• O
On Windows,
Wi d when
h a user llogs on iinteractively,
t ti l th
the
Win32 subsystem's Graphical Identification and
Authentication dynamic-link
y libraryy ((GINA)) creates the
initial process for that user, known as the user desktop.
This desktop is where all user interaction or activity takes
place Only a particular instance of the logged
place. logged-on
on user
ming
has access to the desktop. This allows the user to

control the computing environment (sometimes known
as the shell). Other users are not intended to be able to
log on to that computer at the same time. However, if a
user uses Terminal Services or Citrix
Citrix, Windows can
operate in a server-centric mode similar to UNIX.

Syste
6 Multithreading
6.

• Most new UNIX kernels are multithreaded to take
advantage of symmetric multiprocessing (SMP)
computers. Initially, UNIX did not expose threads to
programmers. However, POSIX does have user-
programmable bl threads.
th d In I fact,
f t POSIX h has ttwo diff
differentt
ming
implementations of threads, depending on the POSIX

version.
e so
• In Windows, creating a new thread is very efficient.
Windows applications are able to use threads to take
advantage
d t off SMP computers
t and
d to
t maintain
i t i interactive
i t ti
capabilities when some threads take a long time to
execute.
Syste
Fibers

• Wi
Windows
d h
has another
th unitit off execution,
ti called
ll d fibers,
fib
which UNIX does not have.
• Fibers are sometimes referred to as lightweight threads
threads.
Fibers must be manually scheduled by a thread, and
they run in the context of that thread.
ming
• Fibers are usually used in applications that service a
large number of users, such as database systems.

• Fibers do not provide much improvement in speed over
threaded applications, but they do provide a good
technique
q for p porting
g applications
pp that are designed
g to
schedule their own threads.

Syste
Process hierarchy

• Wh
When a UNIX application
li ti creates t a new process, ththe
new process becomes a child of the creating process.
This p
process hierarchy y is often important,
p , and there are
system calls for manipulating child processes.
• Unlike UNIX, Windows processes do not share a
hi
hierarchical
hi l relationship.
l ti hi ThThe creating
ti process receives
i
ming
the process handle and ID of the process it created so a

hierarchical
e a c ca relationship
e a o s p ca can be maintained/simulated
a a ed/s u a ed if
the application requires it to do so. However, the
operating system treats all processes as belonging to the
same generation.
generation
• Note Both Windows and UNIX processes (by default)
inherit the security settings of the creating process.
Syste
Signals, exceptions, and events

• UNIX and Windows have mechanisms by which processes can
indicate an event or error. In both operating systems, these events
are signaled by a form of software interrupts. In UNIX, these
mechanisms are called signals
g and are used for normal events,,
simple interprocess communication, and abnormal conditions such
as floating point exceptions. Windows has two separate
mechanisms, as follows:
• A events
An t mechanism
h i h
handles
dl expected
t d events,
t suchh as
ming
communications between two processes.

• An exception mechanism handles non-standard events, such as the
termination of a process by the user
user. Computer hardware may
generate exceptions such as invalid memory access and math
errors. Windows uses a facility named Structured Exception
Handling g ((SEH)) to handle these exceptions.
p

Syste
Filters and pipes

• UNIX iintroduced
t d d a philosophy
hil h off computingti ththatt
incorporates features known as filters and pipes. A well-
designed
g UNIX p program
g g
gets its input
p from the standard
input stream and writes its results to standard output.
This makes the program a filter, analogous to a water
filter or a filter in engineering
engineering. The filter has one input
ming
and one output and performs an operation on

information passing through it. Pipes give users the
ability to link these filter programs together so that the
output of one program is fed into the input of another. A
typical use of this capability is sorting; that isis, running
one program that generates some desired output and
piping the output into the sort utility for viewing.
Syste
Daemons and services

• In UNIX
UNIX, a daemon is a process that the system starts to provide a
service to other applications. Typically, the daemon does not interact
with users. UNIX daemons are started at boot time from init or rc
p
scripts.
• A Windows service is the equivalent of a UNIX daemon; it is a

process that p
p provides one or more facilities to client p
processes.
ming
Typically, a service is a long-running Windows application that does
not interact with users and consequently does not include a user
interface. Services may start when the system boots and they
continue running across logon sessions
sessions. Services are controlled by
the Service Control Manager (SCM), and one of the few
requirements for writing a service is that it must communicate with
the SCM to handle starting, g, stopping,
pp g, and installing.
g

Syste
Cont…
Cont

• B
Because it runs in
i a separate
t process, a service
i runs iin
user mode with a specific user identity. The security
context of that user determines the capabilities
p of the
service. Most services run as the Local System account.
This account has elevated access rights on the local
computer but has no privileges on the network domain
domain. If
ming
a service needs to access network resources, it must run

as a domain user with enough privileges to perform the
required tasks. On UNIX, a daemon runs with an
appropriate user name for the service that it provides or
as the special user named nobody
nobody.

Syste
Cont…
Cont

Feature Windows UNIX
Primary mechanism Threads Processes
Processes Yes Yes
ming
Threads Yes Yes, but different implementations
Fibers Yes No
Performance Very good at creating threads Very good at creating processes
Process hierarchy No Yes
Security inherited Yes Yes (except setuid)

Syste
Virtual Memory Management

• B
Both
th UNIX and d Windows
Wi d use virtual
i t l memory tto
extend the memory available to an application
beyond the actual physical memory installed on
the computer. In UNIX, virtual memory is
handled by the kernel; in Windows, virtual
memory is handled by an executive service
service.
ming
Virtual memory uses a number of techniques to:

• Inform the application that additional memory is
available.
• Transparently enhance system performance
(and therefore application performance) by
reading for disk as efficiently as possible.
Syste
Cont…
Cont

• Vi
Virtual
t l memory uses areas on di disk
k tto
extend real memory. In addition, the virtual
memory manager moves program and
data files from the hard disk into physical
memory only when the files are needed.
ming
Because virtual memory is managed by

the operating system and is transparent to
pp
applications, there should be no need to
consider virtual memory during the
g
migration p
process.
Syste
File systems differences
differences.

F t
Feature Wi d
Windows Wi d
Windows/Interix
/I t i UNIX
Overall structure Hierarchal, multiple trees Hierarchal, single tree Hierarchal, single tree
Drive names Yes (C, D) Yes, under /dev/fs (for No
example, /dev/fs/C)
Mounting partitions Yes Yes Yes

Path separator \ / /
C
Case-sensitive
iti names N
No Y
Yes Y
Yes
ming
Hard links No Yes Yes

Symbolic links No Yes Yes
Shortcuts Yes No No
Network file system SMB NFS
Device files No Yes, with exceptions (for Yes
example /dev/mem)
example,
Set user ID No Yes Yes

Security ACLs Mapping between bit Simple bit permissions
permissions
pe ss o s aand
d ACLs
C s

Syste
Networking

• Th
The primary
i networking
t ki protocol
t l for
f UNIX and d Windows
Wi d
is TCP/IP. The standard programming API for TCP/IP is
called sockets. Sockets were created for UNIX at the
University of California, Berkeley. Sockets provide an
easy-to-use, bidirectional stream between systems
across a network.
network The Windows implementation of
ming
sockets is formally known as Windows Sockets but is

usually called Winsock. Winsock conforms well to the
Berkeley implementation, even at the API level. Most of
the functions are the same, but slight differences in
parameter lists and return values do exist.
exist

Syste
User Interfaces

• Th
The UNIX user interface
i t f was originally
i i ll b based
d on
a character-oriented command line, whereas the
Windows user interface was originally based on
a GUI. This difference is a result of the
background of the two operating systems. UNIX
originated at a time when graphic terminals were
ming
not available; Windows was (as the name

suggests) designed to take advantage of
advances in the graphics capabilities of
computers. However, both UNIX and Windows
now support a mixture of character and
graphical interfaces.

UNIX interprocess
Syste
communication

• UNIX has several IPC mechanisms that have different
characteristics and are appropriate for different situations. Shared
memory, pipes, and message queues are all suitable for processes
runningg on a single
g computer.
p Shared memory y and message g
queues are suitable for communicating among unrelated processes.
Pipes are the mechanism usually chosen for communicating with a
child process through standard input and output. (For more
information about message queues
queues, refer to the "Message
Message Queues"
Queues
ming
section later in this chapter.)
• For communication across the network, sockets are usually the

chosen technique
technique. Migration from UNIX sockets to Windows sockets
is s usually a straightforward process involving few changes to the
code.

Windows interprocess
Syste
communication

• Windows has many IPC mechanisms, some of
which have no counterpart in UNIX. As with
UNIX, Windows has shared memory, pipes, and
events (equivalent to signals). These are
appropriate for processes local to a computer.
ming
The shared memory implementation is based on

file mapping, because certain forms of shared
memory can be used across the network.
Named pipes can also be used for network
communications.
Syste
Cont…
Cont

• Other IPC mechanisms supported by
p y
Windows are the clipboard/Dynamic Data
Exchange (DDE), Component Object
Model (COM),
(COM) and send message
message. These
ming
are mostly used for local communications,

but DDE and COM both have network
capabilities. Windows sockets and
Message Queuing (also known as MSMQ)
are g
good choices for cross-network tasks.
Syste
Cont…
Cont

• Two additional IPC mechanisms for Windows
are remote procedure call (RPC) and mailslots.
RPC is designed for use by client/server
applications and is most appropriate for C and
C++ programs. Mailslots are memory-based files
ming
that a program can access by using standard file

functions. Mailslots have a fairly small maximum
size. Usage is often similar to named pipes
except that mailslots are effective for
broadcasting small messages.
Syste
Synchronization

• B
Both
th UNIX and d Wi
Windows
d h
have an
extensive set of process and thread
synchronization techniques. Both
operating systems use semaphores, which
are synchronization primitives used to
ming
control access to a resource that can

support a limited number of users. Both
UNIX and Windows also use mutex
objects to control mutually exclusive
access to a resource.
Syste
Cont…
Cont

• For lightweight control of multithread
access to a section of code,, Windows
offers critical section objects. Critical
sections are similar to mutexes
mutexes, but
ming
access is limited to the threads of a single

process This makes them appropriate for
process.
controlling access to a shared resource.
Threads can access the critical section in
anyy order, but the order is not guaranteed.
g
Syste
Message queues

• IIn UNIX,
UNIX a message queue is i an IPC
mechanism. One application sends messages to
the queue; another application reads messages
from the queue. The queues are memory based
and are very fast as a result
result. However
However, the
ming
messages will disappear if the system fails.
Message g q
queues were introduced in AT&T
System V UNIX. Because of this, many versions
of UNIX that are based on BSD may not have
them. POSIX has message queues but the API
is not exactly the same as in System V.
Syste
Cont…
Cont

• Wi
Windows
d provides
id a reliable
li bl messaging i system
t
called Message Queuing (MSMQ). Message
Queuing provides guaranteed message deliverydelivery,
efficient routing, security, and priority-based
messaging In essence
messaging. essence, a Message Queuing
ming
message is guaranteed to be delivered, but
there is no specific
p g
guarantee about exactly y
when it will be received. The operation is the
same as on UNIX—one application writes to the
queue and another reads from it. The API,
however, is completely different
Syste
DLLs and Shared Libraries

• Wi
Windows
d andd UNIX both
b th have
h a facility
f ilit ththatt
allows the application developer to put common
functionality in a separate code module. UNIX
calls this feature a shared library. Windows calls
this feature a dynamic-link library (DLL). Both
allow application developers to link together
ming
object files from different compilations and to

specify which symbols will be exported from the
library for use by external programs. The result
is the ability to reuse code across applications.
The Windows operating system and most
Windows programs use many DLLs

Syste
Shells and Scripting

• A shell is a command
command-line line interpreter that accepts typed commands
from a user and executes the resulting request. In addition to
executing programs, shells usually support advanced features, such
y to recall recent commands and a built-in scripting
as the ability p g
language for writing programs.
• Programs written through the programming features of a shell are
called shell scripts. In addition to scripts written through the use of
shells,
h ll th
there are also
l llanguages specifically
ifi ll d
designed
i d ffor writing
iti
ming
scripts. As with shell scripts, these scripting languages are

interpreted. The use of scripting languages leads to rapid
development (often with relaxed syntax checking) but slower
performance.
• Windows and UNIX support a number of shells and scripting
g g , some of which are common to both operating
languages, p g systems.
y

Syste
Conclusion

• Wi
Windows
d provides
id allll th
the ffeatures
t th
thatt make
k it th
the right
i ht
choice for organizations that want to run all their
applications
pp on a single
g desktop. p On the Windows
platform, line-of-business and office productivity
applications can run side by side and exchange data
seamlessly Earlier UNIX applications can be ported to
seamlessly.
ming
run under Windows, or they can use Interix or other

migration environments to run the applications with
minimum modification. In either case, users do not need
to switch environments. User productivity will increase
and frustration will decrease by having a single user
environment to learn and use.

Syste
Cont…
Cont

• F
For example, l Windows
Wi d applications
li ti use th
the Wi
Win32
32 API
API,
which is implemented by the Win32 subsystem.
Programs
g written for MS-DOS,, OS/2,, Microsoft Windows
version 3.x, and POSIX run in their own environmental
subsystems, all of which interact extensively with the
Win32 subsystem to implement their functionality
functionality.
ming
• The Interix subsystem implements POSIX APIs. Even

with thiss independence,
depe de ce, you ca can sstill run
u Win323
programs, such as Notepad (Notepad.exe) and
Calculator (Calc.exe), from the Interix shell prompt.

Syste
Windows Registry-
Introduction
ming

Syste
Warning !!!

• You have to be doubly careful when
workingg with the Registry,
g y, as there is
no confirmation prompt or a click OK to
save prompt.
prompt Changes made are
ming
directly incorporated.

Syste
Registry: A Wealth of Information

I f
Information
ti that
th t can be
b recovered
d include:
i l d
– System Configuration
– D i
Devices on th
the S
System
t
– User Names
– Personal Settings and Browser Preferences
ming
– Web Browsing Activity

– Files Opened
– Programs Executed
– Passwords

Syste
Registry History

• B
Before
f the
th Windows
Wi d R
Registry:
i t (DOS
(DOS,
Windows 3.x)
– INI files
• SYSTEM.INI – This file controlled all the hardware
on the computer system.
ming
• WIN.INI – This file controlled all the desktop and

applications on the computer system
system.
• Individual applications also utilized their
own INI files that are linked to the WIN
WIN.INI.
INI

Syste
Registry History: INI File Problems

• Proliferation of INI files.
• Other problems Size limitations
• Slow access
• No standards
ming
• Fragmented
• Lack of network support

Syste
Registry History

• The Windows 3.x OS also contained a file
called REG.DAT.
• The REG.DAT was utilized to store
information about Object Link Embedding
ming
(OLE) objects.

Syste
Registry History

• The Windows
Th Wi d 9x/NT
9 /NT 3.5
3 5 Operating
O ti S System
t iis composed
d off th
the
following files:
– System.dat – Utilized for system settings. (Win 9x/NT)
– User.dat – One profile for each use with unique settings specific to the
user. (Win 9x/NT)
– Classes.dat – Utilized for program associations, context menus and file
types (Win Me only)
types.
ming
• To provide redundancy, a back-up of the registry was made after

each boot of the computer system. These files are identified as:
– System.dao (Win 95)
– User.dao (Win 95)
– Rbxxx.cab (Windows 98/Me)

Syste
Registry History

• If there
th are numerous users on a computer
t system,
t the
th
following issues arise:
– The User.dat file for each individual will be different as to the
content.
– If all users on the computer system utilize the same profile, the
information will all be mingled in the User.dat
User dat and will be difficult
ming
if not impossible to segregate the data.
– On Windows 9.x systems, the User.dat file for the default user is
utilized to create the User
User.dat
dat files for all new profiles
profiles.

Syste
Registry Definition

• Th
The Microsoft
Mi ft Computer
C t Dictionary
Di ti d
defines
fi th
the registry
i t
as:
– A central hierarchical database used in the Microsoft Windows
family of Operating Systems to store information necessary to
configure the system for one or more users, applications and
hardware devices.
ming
– The registry contains information that Windows continually
references during operation, such as profiles for each user, the

applications installed on the computer and the types of
documents that each can crate, property sheet settings for
folders and application icons, what hardware exists on the
y
system and the pports that are being
g sued.

Syste
Registry Definition

• Th
The registry
i t was developed
d l d tot overcome the th
restrictions of the INI and REG.DAT files.
• The
Th registry
i t iis composed d off ttwo pieces
i off
information:
–SSystem-Wide
t Wid IInformation
f ti – This
Thi iis d
data
t about
b t
ming
software and hardware settings. This information

tends to be apply
pp y to all users of the computer.
p
– User Specific Information – This is data about an
individual configuration. This information is specific to
a user’s
’ profile.
fil

Syste
Registry Organization

• The Windows registry contains the
g
following:
– Hives are utilized by the registry to store data
on itself
itself.
ming
– Hives are stored in a variety of files that are

dependent on the Windows Operating System
that is being utilized.

Syste
Windows Registry Cont.
Below are a few Example NT API’s available
for managing the Windows Registry:
NtEnumerateValueKey(KHANDLE, int);
ming
NtQueryValueKey(KHANDLE, VarName);
NtLoadKey(KHANDLE HiveFileName);
NtLoadKey(KHANDLE,
… more found in Advapi32

Advapi32.dll
dll
Syste
Windows 9x Registry

Filename Location Content
system.dat C:\Windows Protected storage
area for all users
All installed
programs and their
ming
settings
System settings
user.dat
d t C \Wi d
C:\Windows Mostt Recently
M R tl
If there are multiple user Used (MRU) files
profiles, each user has an
User ppreference
i di id l user.dat
individual d t fil
file iin
settings
windows\profiles\user
account

Windows XP Registry
g y
Syste
Filename
e a e Location
ocat o Content
Co te t
ntuser.dat \Documents and Settings\user Protected storage area for user
If there are multiple user profiles, account Most Recently Used (MRU)
each user has an individual files
user.dat file in
User preference settings
windows\profiles\user
account
Default \Windows\system32\config System settings
ming
SAM \Windows\system32\config User account management and

security settings
Security \Windows\system32\config Security settings
S ft
Software \Wi d
\Windows\system32\config
\ t 32\ fi All iinstalled
t ll d programs and
d th
their
i
settings
System \Windows\system32\config System settings

Syste

• Root Keys
– HKEY_CLASSES_ROOT (HKCR)
• Contains information in order that the correct program opens when
executing a file with Windows Explorer
Explorer.
– HKEY_CURRENT_USER (HKCU)
• Contains the profile (settings, etc) about the user that is logged in.
– HKEY_LOCAL_MACHINE
HKEY LOCAL MACHINE (HKLM)
ming
• Contains system-wide hardware settings and configuration

information.
– HKEY_USERS
HKEY USERS (HKU)
• Contains the root of all user profiles that exist on the system.
– HKEY_CURRENT_CONFIG (HKCC)
• Contains information about the hardware profile used by the
computer during start up.
• Sub Keys – These are essentially sub directories that
exist under the Root Keys
Keys.
ming
Syste
Syste
Registry: Loading the Hive
Loaded at boot time by Boot Loader (NTLDR) and the
kernel (ntoskrnl.exe)
(ntoskrnl exe)
Explicitly loaded by calling NtLoadKey/RegLoad Key
- Thiss requires
equ es ‘Restore’
esto e security
secu ty privileges.
p eges
ming
Files are opened in “exclusive” mode; and kept open by

the kernel.
Read Primary header and verify checksums, if failed:
- Physical integrity check, walk entire Hive and
check each individual cell
- Logical integrity check, walk the tree check every
key/value.
key/value
Syste

ming

Syste
The Registry - data types

• REG_SZ
REG SZ : The SZ indicates zero-terminated
zero terminated string.
string This is a variable-length
variable length
string that can contain Unicode as well as ANSI characters.
• REG_BINARY
_ : It contains binary
y data. 0's & 1's.
• REG_DWORD : This data type is a Double Word. It is, a 32-bit numeric

value and can hold any number from 0 to 232.
ming
• REG_QWORD : This data type is a Quadruple Word. It is a 64-bit numeric
value.
• REG_MULTI_SZ
REG MULTI SZ : Thi
This ddata type contains
i a group off zero-terminated
i d
strings assigned to a single value.
• REG_EXPAND_SZ
REG EXPAND SZ : This data type is a zero
zero-terminated
terminated string containing
an unexpanded reference to an environment variable, like say,
%SystemRoot%.

Syste
Windows Security and Relative ID

• Th
The Windows
Wi d Registry
R i t utilizes
tili a alphanumeric
l h i
combination to uniquely identify a security
principal or security group
group.
• The Security ID (SID) is used to identify the
computer system.
system
ming
• The Relative ID (RID) is used to identity the

specific user on the computer system
system.
• The SID appears as:
– S-1-5-21-927890586-3685698554-67682326-1005
S 1 5 21 927890586 3685698554 67682326 1005

Syste
SID Examples

SID: S-1-0
Name: Null Authority
Description: An identifier authority
authority.
– SID: S-1-0-0
Name: Nobody
Description: No security principal.
– SID: S-1-1
S11
ming
Name: World Authority
Description: An identifier authority.

– SID: S-1-1-0
Name: Everyone
Description: A group that includes all users, even anonymous users and guests.
Membership is controlled by the operating system.
– SID: S-1-2
Name: Local Authority
– SID: S-1-3
Name: Creator Authority

Syste
SID

• Security
S it ID
– NT/2000/XP/2003
• HKLM>SAM>Domains>Accounts>Aliases>Members
– This key will provide information on the computer identifier
• HKLM>SAM>Domains>Users
– This key
y will p
provide information in hexadecimal
ming
• User ID
– Administrator – 500
– Guest – 501
• Global Groups ID
– Administrators – 512
– Users – 513
– Guest - 514

Syste
MRU

• To identify the Most Recently Used (MRU) files
on a suspect computer system:
– Windows 9x/Me
• User.dat
User dat
ming
– Search should be made for MRU, LRU, Recent

– Windows NT/2000
• Ntuser.dat
– Search should be made for MRU, LRU, Recent
– Windows XP/2003
• HKU>UserSID>Software>Microsoft>Windows>
CurrentVersion>Explorer>RecentDoc
• Select file extension and select item
Syste
Registry

• System
– Recent documents
– Recent commands entered in Windows run
box
ming
– Programs that run automatically

• Startup
St t software
ft
• Good place to look for Trojans

Syste
Registry

• User Application Data
– Adobe products
– IM contacts
– Search terms in google
ming
– Kazaa data
– Windows media player data

– Word recent docs and user info
– Access, Excel, Outlook, Powerpoint recent files

Syste
Registry Research

• Use REGMON (MS Sysinternals) to monitor
changes to the registry
– Registry is accessed constantly
• Need to set filter
• Or enable Regmon’s log boot record
ming
– Captures registry activity in a regmon file

• Do it yourself: Windows API
– RegNotifyChangeKeyValue
• Manyy commercial products
p
– DiamondCS RegProt
• Intercepts changes to the registry

Syste
Registry Investigation

• Software Key
– Installed Software
• Registry keys are usually created with installation
• But not deleted when program is uninstalled
• Find them
– Root of the software key
» Beware of bogus names
ming
– HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVer
sion\App Paths
– HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVer
sion\Uninstall
• If suspicious, use information from the registry to find the actual
code
• Registry time stamps will confirm the file MAC data or show them to
be altered

Syste

• Software Key
– Last Logon
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\WinLogon
– Logon Banner Text / Legal Notice
ming
NT\CurrentVersion\WinLogon
– Security Center Settings
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center
• HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Shar
edAccess\Parameters\FirewallPolicy
– If firewall logging is enabled, the log is typically at
%SystemRoot%/pfirewall.log

Syste

• Analyze Restore Point Settings
– Restore points developed for Win ME / XP
– Restore point settings at
NT\CurrentVersion\SystemRestore
ming
– Restore points created every RPGlobalInterval value seconds

(~every 24h)
– Retention period is RPLifeInterval seconds (default 90 days)
– Restore point taking in ON by default
– Restore points in System Volume Information\restore
Information\restore…

Syste

• Aside:
A id H How tto access restore
t points
i t
– Restore points are protected from user,
including administrator
– Administrator can add her/himself to the
access list of the system volume directory
ming
• Turn off “Use simple file sharing” in Control Panel

Æ Folder
F ld O Options
ti
• Click on “Properties” of the directory in Explorer
and

Syste

• Restore
R t point
i t
– makes copies of important system and program files
that were added since the last restore points
• Files
– Stored in root of RP### folder
ming
– Names have changed
– File extension is unchanged

– Name changesg kept p in change.log
g g file
• Registry data
– in Snapshot folder
– Names have changed
changed, but predictably so

Syste

• SID (security identifier)
– Well-known SIDs
• SID: S-1-0 Name: Null Authority
• SID: S
S-1-5-2
152 Name: Network
– S-1-5-21-2553256115-2633344321-4076599324-1006
• S string is SID
• 1 revision number
ming
• 5 authority level (from 0 to 5)
• 21-2553256115-2633344321-4076599324 domain or local computer

identifier
• 1006 RID – Relative identifier
• Local SAM resolves SID for locally authenticated users (not domain
users)
– Use recycle
y bin to check for owners

Syste

ming
Resolving local SIDs through the Recycle Bin

(life view)
Syste

• HKEY_CURRENT_USER\SOFTWARE\Microsof
t\Windows\CurrentVersion\Exlorer\UserAssist\{**
*******}\Count
– ROT-13 encoding of data used to populate the User
Assist Area of the start button
ming
• Contains most recently used programs

Syste

• AutoRun Programs
– Long list of locations in registry
– Long list of locations outside the registry
• SystemDrive\autoexec.bat
• SystemDrive\config.exe
• Windir\wininit.ini
• Windir\winstart.bat
\
ming
• Windir\win.ini
• Windir\system.ini
• Wi di \d
Windir\dosstart.bat
t tb t
• Windir\system\autoexec.nt
• Windir\system\config.nt
• Windir\system32\autochk exe
Windir\system32\autochk.exe

Syste
2009 Updates
ming

Syste
Vista's
Vista s Registry Virtualization

• IIn Windows
Wi d Vista,
Vi t the
th Registry
R i t has
h bbeen
Virtualized, and hence unlike XP, does not tend
to suffer from bloat
bloat. The same has been
continued in Windows 7.
• Virtualization basically means that,
that
ming
applications are prevented from writing to

System Folders in Vista or Windows 7 7's
s file
system and ALSO to the 'machine wide keys'
in the registry.
g y However,, this does not
prevent standard user accounts from
installing or running applications.
Syste
…

• IIn Vista/
Vi t / 7,
7 the
th UAC utilizes
tili the
th Registry
R i t
Virtualization Feature, to redirect attempts to
write to subkeys of
HKEY_LOCAL_MACHINE\SoftwareWhen an
application attempts to write to this hive
hive, Vista
ming
instead, writes it, to a per-user location,
HKEY_CLASSES_ROOT\VirtualStore\Machine\
Software
• This is done discreetly. y No one gets
g to know that
this is happening ! This is, in short Registry
Virtualization, and it is a useful Security feature.
Syste
Kernel Transaction Manager

• IIncidentally,
id t ll mentionti mustt also
l b be maded off
another new technology underlying Vista :
The Kernel Transaction Manager, which
enables Transactional Registry. This
feature enables a sort of a registry
ming
rollback. But it’s not implemented in

Registry Editor. Instead, this feature is
g
designed for use byy developers
p who need
to create robust applications using
transactional pprocessing.
g
Syste
How To Edit The Registry

• . The primary tool in Windows Vista / 7 for working
directly with the registry is Registry Editor. To access it,
simply type regedit in Vista's Start Menu Search Bar and
hit E
Enter
t !
• You have to be doubly careful when working with the
Registry,
g y, as there is no confirmation prompt
p p or a
ming
click OK to save prompt. Changes made are directly
incorporated.
• Mention must specifically be made of
• HKEY_LOCAL_MACHINE\System\CurrentControlSethiv
e as the keys in this particular are so essential for Vista
t start-up,
to t t th t it
that its b
backup
k iis maintained,
i t i d which
hi h you can
restore when necessary, simply by booting in Safe Mode
and selecting
Syste
Wi d
Windows API programming
i
ming
• Prof. Rahul M. Samant

• Dept Head, MBATech

Syste
Windows Programming

• Central to the workings of Windows is a concept known
as "dynamic linking."
• Windows p provides a wealth of function calls that an
application can take advantage of, mostly to implement
its user interface and display text and graphics on the
video display.
p y
ming
• These functions are implemented in dynamic-link
libraries, or DLLs.
• These are files with the extension .DLL
DLL or sometimes
.EXE, and they are mostly located in the
\WINDOWS\SYSTEM subdirectory under Windows 98
andd th
the \WINNT\SYSTEM and d \WINNT\SYSTEM32
subdirectories under Windows NT.

Syste
• In the early days, the great bulk of Windows was
implemented in just three dynamic-link libraries.
• These represented the three main subsystems
of Windows, which were referred to as Kernel,
ming
User, and GDI.
• While the number of subsystems has

proliferated in recent versions of Windows, most
function calls that a typical Windows program
makes will still fall in one of these three modules.

Syste
• Kernel (which is currently implemented by the 16 16-bit
bit
KRNL386.EXE and the 32-bit KERNEL32.DLL) handles
all the stuff that an operating system kernel traditionally
h dl
handles—memory management, t file
fil I/O
I/O, and
d tasking.
t ki
• User (implemented in the 16-bit

16 bit USER.EXE
USER EXE and the 32-
32
ming
bit USER32.DLL) refers to the user interface, and
implements all the windowing logic.
• GDI (implemented in the 16-bit GDI.EXE and the 32-bit

GDI32.DLL)) is the Graphics
p Device Interface, which
allows a program to display text and graphics on the
screen and printer.

Syste
• In your Windows program, you use the
Windows function calls in ggenerally y the
same way you use C library functions such
as strlen.
strlen
ming
• The primary difference is that the machine

code for
f C library ffunctions is linked into
your p
y program
g code, whereas the code for
Windows functions is located outside of
your program in the DLLs.
Syste
• Wh
When you run a Windows
Wi d program, it iinterfaces
t f
to Windows through a process called "dynamic
linking "
linking.
• A Windows .EXE file contains references to the
various dynamic
dynamic-link
link libraries it uses and the
ming
functions therein.
• When a Windows program is loaded into
memory, the calls in the program are resolved to
point to the entries of the DLL functions
functions, which
are also loaded into memory if not already there.

Syste
• Wh
When you linkli k a Wi
Windows
d program tto produce
d
an executable file, you must link with special
"import
import libraries"
libraries provided with your
programming environment.
• These import libraries contain the dynamic
dynamic-link
link
ming
library names and reference information for all

the Windows function calls
calls.
• The linker uses this information to construct the
table in the .EXE
EXE file that Windows uses to
resolve calls to Windows functions when loading
the pprogram
g
Syste
Windows programming options

• API
APIs and d Memory
M Models
M d l
• To a programmer, an operating system is
d fi d b
defined by itits API
API. A
An API encompasses allll
the function calls that an application
program can make of an operating system,
system
ming
as well as definitions of associated data

types and structures
structures.
• In Windows, the API also implies a
particular program architecture .Generally,
Generally
the Windows API has remained quite
consistent since Windows 1.0.
Syste
• A Windows
Wi d programmer with
ih
experience
p in Windows 98 would find
the source code for a Windows 1.0
program very familiar
familiar.
ming
• One way the API has changed has

been in enhancements. Windows 1.0 10
supported
pp fewer than 450 function
calls; today there are thousands.
Syste
• Th
The biggest
bi t change
h iin th
the Wi
Windows
d API
and its syntax came about during the
switch from a 16-bit architecture to a 32-bit
architecture. Versions 1.0 through 3.1 of
Windows used the so-called segmented
ming
memory mode of the 16-bit Intel 8086,

8088, and 286 microprocessors, a mode
pp
that was also supported for compatibility
p y
purposes in the 32-bit Intel
p
microprocessors beginning
g g with the 386.
Syste
• The microprocessor register size in this
mode was 16 bits,, and hence the C int
data type was also 16 bits wide. In the
segmented memory modelmodel, memory
ming
addresses were formed from two

components a 16
components—a 16-bit
bit segment pointer
and a 16-bit offset pointer.

Syste
• F
From the
th programmer's ' perspective,
ti this
thi was quite
it
messy and involved differentiating between long, or far,
pointers ((which involved both a segment
p g address and an
offset address) and short, or near, pointers (which
involved an offset address with an assumed segment
address).
address)
ming
• Beginning in Windows NT and Windows 95, Windows

supported
suppo ed a 3
32-bit
b flat
a memory
e o y modelode us
usingg the
e332-bit
b
modes of the Intel 386, 486, and Pentium processors.
The C int data type was promoted to a 32-bit value.
Programs written for 32
32-bit
bit versions of Windows use
simple 32-bit pointer values that address a flat linear
address space
Syste
• Th
The API for
f the
th 16-bit
16 bit versions
i off Windows
Wi d
(Windows 1.0 through Windows 3.1) is
now known as Win16. The API for the 32-
bit versions of Windows (Windows 95,
Windows 98, and all versions of Windows
ming
NT) is now known as Win32.

• Many function calls remained the same in
the transition from Win16 to Win32, but
some needed to be enhanced.

Syste
• For example, graphics coordinate points
g from 16-bit values in Win16 to
changed
32-bit values in Win32. Also, some Win16
function calls returned a two-dimensional
two dimensional
ming
coordinate point packed in a 32-bit integer.

This was not possible in Win32
Win32, so new
function calls were added that worked in a
different way.

Syste
• All 32
32-bit
bit versions
i off Windows
Wi d supportt both
b th the
th Win16
Wi 16
API to ensure compatibility with old applications and the
Win32 API to run new applications.
pp Interestingly
g y enough,
g ,
this works differently in Windows NT than in Windows 95
and Windows 98. In Windows NT, Win16 function calls
go through a translation layer and are converted to
ming
Win32 function calls that are then processed by the

operating system.
• In Windows 95 and Windows 98, the process is
opposite that: Win32 function calls go through a
translation layer and are converted to Win16 function
calls to be processed by the operating system.

Syste
• At one titime, th
there were two
t other
th Windows
Wi d
API sets (at least in name). Win32s ("s" for
"subset") was an API that allowed
programmers to write 32-bit applications
that ran under Windows 3.1. This API
ming
supported only 32-bit versions of functions

already supported by Win16. Also, the
Windows 95 API was once called Win32c
("c" for "compatibility"), but this term has
been abandoned.
Syste
• At this
thi titime, Wi
Windows
d NT and
d Wi
Windows
d 98
are both considered to support the Win32
API. However, each operating system
supports some features not supported by
the other. Still, because the overlap is
ming
considerable, it's possible to write

programs that run under both systems.
Also, it's widely y assumed that the two
products will be merged at some time in
the future. ((its done!!!))
Syste
8 -Categories
Categories

• The functionality provided by the Windows API can be
grouped into eight categories:
• Base Services
– Provide access to the fundamental resources available to a
Windows system. Included are things like file
systems, devices, processes and threads, and error handling.
Th
These functions
f ti reside
id
ming
in kernel.exe, krnl286.exe or krnl386.exe files on 16-bit

Windows, and kernel32.dll on 32-bit Windows.
• Advanced Services
– Provide access to functionality that is an addition on the kernel.
Included are things like the Windows registry, shutdown/restart
the system (or abort)
abort), start/stop/create a Windows service,
service
manage user accounts. These functions reside
in advapi32.dll on 32-bit Windows.

Syste
• Graphics Device Interface
– Provides functionality for outputting graphical content
to monitors, printers and other output devices. It resides
in gdi.exe
gdi exe on 16
16-bit
bit Windows
Windows, and gdi32.dll
gdi32 dll on 32
32-bit
bit Windows in
user-mode. Kernel-mode GDI support is provided
by win32k.sys which communicates directly with the graphics
driver.
ming
• User Interface
– Provides the functionality to create and manage

screen windows and most basic controls,
controls such
as buttons and scrollbars, receive mouse and keyboard input,
and other functionality associated with the GUI part of Windows.
This functional unit resides in user.exe on 16-bit Windows,
and
d user32.dll
32 dll on 32-bit
32 bit Wi
Windows.
d Si
Since Windows
Wi d XP versions,
i
the basic controls reside in comctl32.dll, together with the
common controls (Common Control Library).

Syste
• Common
C Di
Dialog
l B Box Lib
Library
– Provides applications the standard dialog boxes for
opening and saving files, choosing color and font, etc.
The library resides in a file called commdlg.dll on 16-bit
Windows, andcomdlg32.dll on 32-bit Windows. It is
grouped under the User Interface category of the API.
ming
• Common Control Library
– Gives applications
pp access to some advanced controls
provided by the operating system. These include
things like status bars, progress
bars,, toolbars and tabs. The libraryy resides in aDLL file
called commctrl.dll on 16-bit Windows,
and comctl32.dll on 32-bit Windows. It is grouped
under the User Interface category of the API.
Syste
• Windows
Wi d Shell
Sh ll
– Component of the Windows API allows applications to
access the functionality provided by the operating
system shell, as well as change and enhance it. The
component resides inshell.dll on 16-bit Windows,
and shell32.dll on 32-bit
32 bit Windows. The Shell
ming
Lightweight Utility Functions are in shlwapi.dll. It is
grouped under the User Interface category of the API.

• Network Services
– Give access to the various networking capabilities of
the operating
p g system.
y Its sub-components
p
include NetBIOS, Winsock, NetDDE, RPC and many
others.

Syste
From Petzold book

#include <windows.h>
int WINAPI WinMain (HINSTANCE hInstance, HINSTANCE

hPrevInstance, PSTR szCmdLine, int iCmdShow)
ming
{
MessageBox (NULL
(NULL, TEXT ("Hello
( Hello, Windows 98!")
98! ), TEXT (("HelloMsg")
HelloMsg ),
0);
return 0 ;
}
Syste
• #i
#include
l d <windows.h>
i d h WINDOWS
WINDOWS.H H iis a master
t iinclude
l d
file that includes other Windows header files, some of
which also include other header files. The most
important and most basic of these header files are:
• WINDEF.H Basic type definitions.
ming
• WINNT.H Type definitions for Unicode support.
• WINBASE.H Kernel functions.

• WINUSER.H
WINUSER H User U iinterface
f ffunctions.
i
• WINGDI.H Graphics device interface functions.
• These
Th header
h d files fil define
d fi allll th
the Wi
Windows
d d
data
t ttypes,
function calls, data structures, and constant identifiers.
Theyy are an important
p p
part of Windows documentation
Syste
• JJustt as the
th entry
t point
i t to
t a C program is
i the
th function
f ti
main, the entry point to a Windows program is WinMain,
which always y appears
pp like this:
• int WINAPI WinMain (HINSTANCE hInstance, HINSTANCE
hPrevInstance, PSTR szCmdLine, int iCmdShow)
ming
• This entry point is documented in /Platform SDK/User
Interface Services/Windowing/Windows/Window
Reference/Window Functions
Functions.
• It is declared in WINBASE.H like so (line breaks and all):
• int WINAPI WinMain( HINSTANCE hInstance,
HINSTANCE hPrevInstance, LPSTR lpCmdLine, int
nShowCmd );

Syste
• Th
The fifirstt parameter
t tto WinMain
Wi M i is i something
thi called
ll d an
"instance handle." In Windows programming, a handle is
simplyp y a number that an application
pp uses to identifyy
something. In this case, the handle uniquely identifies
the program.
• It is
i requiredi d as an argumentt to
t some other
th Windows
Wi d
ming
function calls. In early versions of Windows, when you

ran
a the e sa
same epprogram
og a co
concurrently
cu e y moreo e than
a o once,
ce, you
created multiple instances of that program.
• All instances of the same application shared code and
read-only
d l memory ((usually ll resources such h as menu and d
dialog box templates).

Syste
• A program could determine if other instances of
itself were running by checking the
hPrevInstance parameter. It could then skip
certain chores and move some data from the
previous instance into its own data area.
ming
• In the 32-bit versions of Windows, this concept

has been abandoned. The second parameter to
WinMain is always NULL (defined as 0).

Syste
• The third parameter to WinMain is the command
line used to run the program. Some Windows
applications use this to load a file into memory
when the program is started.
ming
• The fourth parameter to WinMain indicates how
the program should be initially displayed—either

normally or maximized to fill the window, or
minimized to be displayed in the task list bar.

Syste
• U
Unicode
i d to t the
th Rescue
R
• The basic problem we have here is that the
world's
ld' written
itt llanguages simply
i l cannott b
be
represented by 256 8-bit codes. The previous
solutions involving code pages and DBCS have
ming
proven insufficient and awkward. What's the real

solution?
• As programmers, we have experience with
problems of this sort
sort. If there are too many
things to be represented by 8-bit values, we try
wider values,, perhaps
p p 16-bit values. ((Duh.))
Syste
• And that's the ridiculously simple concept behind
Unicode. Rather than the confusion of multiple
256-character code mappings or double-byte
character sets that have some 1-byte codes and
some 2-byte codes, Unicode is a uniform 16-bit
ming
system, thus allowing the representation of

65,536 characters. This is sufficient for all the
characters and ideographs in all the written
languages of the world, including a bunch of
math, symbol, and dingbat collections.
Syste
• U
Understanding
d t di th the diff
difference b
between
t U
Unicode
i d
and DBCS is essential. Unicode is said to use
(particularly in the context of the C programming
language) "wide characters." Each character in
Unicode is 16 bits wide rather than 8 bits wide.
Eight bit values have no meaning in Unicode
Eight-bit Unicode. In
ming
contrast, in a double-byte character set we're

still dealing with 8bit values. Some bytes define
characters by themselves, and some bytes
indicate that another byte is necessary to
completely define a character
character.
• .

Syste
• Wh
Whereas workingki with
ith DBCS strings
ti is
i quite
it
messy, working with Unicode text is much like
working with regular text
text.
• You'll probably be pleased to learn that the first
128 Unicode characters (16 (16-bit
bit codes 0x0000
ming
through 0x007F) are ASCII, while the second

128 Unicode characters (codex 0x0080 through
0x00FF) are the ISO 8859-1 extensions to
ASCII.
• Various blocks of characters within Unicode are
similarlyy based on existing g standards.
Syste
• This is to ease conversion. The Greek alphabet
uses codes 0x0370 through 0x03FF, Cyrillic
uses codes 0x0400 through 0x04FF, Armenian
uses codes 0x0530 through 0x058F, and
Hebrew uses codes 0x0590 through 0x05FF.
ming
• The ideographs of Chinese, Japanese, and

Korean (referred to collectively as CJK) occupy
codes 0x3000 through 0x9FFF.

Syste
• Th
The best
b t thing
thi about
b tUUnicode
i d iis ththatt th
there's
' only
l
one character set. There's simply no ambiguity.
Unicode came about through the cooperation of
virtually every important company in the
personal computer industry and is code-for-code
code for code
ming
identical with the ISO 10646-1 standard. The
essential reference for Unicode is The Unicode

Standard, Version 2.0 (Addison-Wesley, 1996),
an extraordinary book that reveals the richness
and diversity of the world's written languages in
a way that few other documents have.
Syste
• In addition, the book provides the rationale and
details behind the development of Unicode.
• Are there any drawbacks to Unicode? Sure.
Unicode character strings
g occupy y twice as much
ming
memory as ASCII strings. (File compression
helps a lot to reduce the disk space differential,

however.) But perhaps the worst drawback is
that Unicode remains relatively unused just yet.
As programmers, we have our work cut out for
us.
Syste
• #include <windows.h> LRESULT
CALLBACK WndProc ((HWND,, UINT,,
WPARAM, LPARAM) ; int WINAPI
WinMain (HINSTANCE hInstance
hInstance,
ming
HINSTANCE hPrevInstance, PSTR

szCmdLine int iCmdShow)
szCmdLine,

Syste
• static
t ti TCHAR szAppName[]
A N [] = TEXT ("HelloWin")
("H ll Wi ") ;
HWND hwnd ; MSG msg ; WNDCLASS wndclass ;
wndclass.style
y = CS_HREDRAW | CS_VREDRAW ;
wndclass.lpfnWndProc = WndProc ;
wndclass.cbClsExtra = 0 ; wndclass.cbWndExtra = 0 ;
wndclass hInstance = hInstance ; wndclass
wndclass.hInstance wndclass.hIcon
hIcon =
ming
LoadIcon (NULL, IDI_APPLICATION) ;

wndclass.hCursor = LoadCursor (NULL, IDC_ARROW) ;
wndclass.hbrBackground = (HBRUSH) GetStockObject
(WHITE_BRUSH) ; wndclass.lpszMenuName = NULL ;
wndclass lpszClassName = szAppName ;
wndclass.lpszClassName

Syste
• if (!RegisterClass (&wndclass)) {
g
MessageBox (NULL,
( , TEXT (("This program
p g
requires Windows NT!"), szAppName,
MB ICONERROR) ; return 0 ; }
MB_ICONERROR)
ming

Syste
• hwnd = CreateWindow (szAppName, // window
class name TEXT ("The Hello Program"), //
window caption WS_OVERLAPPEDWINDOW, //
window style CW_USEDEFAULT, // initial x
position CW_USEDEFAULT, // initial y position
ming
CW_USEDEFAULT, // initial x size

CW_USEDEFAULT, // initial y size NULL, //
parent window handle NULL, // window menu
handle hInstance, // program instance handle
NULL) ; // creation parameters
Syste
• ShowWindow (hwnd, iCmdShow) ;
p
UpdateWindow ((hwnd)) ; while
(GetMessage (&msg, NULL, 0, 0)) {
TranslateMessage (&msg) ;
ming
DispatchMessage (&msg) ; } return

msg wParam ; }
msg.wParam

Syste
• LRESULT CALLBACK WndProc (HWND
hwnd,, UINT message,
g , WPARAM wParam,,
LPARAM lParam) { HDC hdc ;
PAINTSTRUCT ps ; RECT rect ;
ming

Syste
• switch (message) { case WM_CREATE:
y
PlaySound ((TEXT (("hellowin.wav"),
), NULL,,
SND_FILENAME | SND_ASYNC) ; return
0 ; case WM
WM_PAINT:
PAINT: hdc = BeginPaint
ming
(hwnd, &ps) ; GetClientRect (hwnd, &rect)

; DrawText (hdc
(hdc, TEXT ("Hello
("Hello, Windows
98!"), -1, &rect, DT_SINGLELINE |
DT_CENTER | DT_VCENTER) ;

Syste
• EndPaint (hwnd, &ps) ; return 0 ; case
WM_DESTROY: PostQuitMessage g ((0)) ;
return 0 ; } return DefWindowProc (hwnd,
message wParam
message, wParam, lParam) ; }
ming

Syste
• HELLOWIN makes k callsll tto no ffewer th
than 18 Windows
Wi d
functions. In the order they occur, these functions (with a
brief description)
p ) are:
• LoadIcon Loads an icon for use by a program.
• LoadCursor Loads a mouse cursor for use byy a program. p g
ming
• GetStockObject Obtains a graphic object, in this case a
brush used for painting the window's background.

• RegisterClass
R i Cl R i
Registers a window
i d class
l ffor the
h
program's window.
• MessageBox Displays a message box box.

Syste
• C
CreateWindow
t Wi d C t a window
Creates i d b
basedd on a
window class.
• ShowWindow
Sh Wi d Sh
Shows the
th window
i d on the
th screen.
• UpdateWindow Directs the window to paint itself.
ming
• GetMessage Obtains a message from the
message queue.
• TranslateMessage Translates some keyboard
messages.
• DispatchMessage Sends a message to a
window procedure.
Syste
• PlaySound Plays a sound filefile.
• BeginPaint Initiates the beginning of window painting.
• GetClientRect Obtains the dimensions of the window's
window s
client area.
• DrawText Displays a text string.
• EndPaint
E dP i t Ends
E d window
i d painting.
i ti
ming
• PostQuitMessage Inserts a "quit" message into the

message
essage queue
queue.
• DefWindowProc Performs default processing of
messages.
• These
Th functions
f ti are described
d ib d iin th
the Pl
Platform
tf SDK
documentation, and they are declared in various header
files, mostly in WINUSER.H.
The Windows Programming
Syste
Hurdles
• D
Don't 't Call
C ll Me,
M I'll Call
C ll You
Y
• Programmers are well acquainted with the idea
off calling
lli on ththe operating
ti systemt tto d
do
something. For example, C programmers use
the fopen function to open a file
file. The fopen
ming
function is implemented with a call to the

operating system to open a filefile. No problem
problem.
• But Windows is different. Although Windows has
a couple thousand function calls
calls, Windows also
makes calls to your program, specifically to the
window p procedure we have called WndProc.
Syste
• Th
The window
i d procedure
d iis associated
i t d with
ith
a window class that the program registers
by calling RegisterClass.
• A window that is created based on this
ming
window class uses this window procedure
o p
for processing
ocess g a all messages
essages to tthee
window.
• Windows sends a message to the window
by calling the window procedure.
Syste
• Windows calls WndProc when a window is
first created. Windows calls WndProc
when the window is eventually destroyed.
• Windows calls WndProc when the window
ming
has been resized or moved or minimized.

Windows calls WndProc when a user
clicks on the window with the mouse.
•

Syste
• Windows calls WndProc when characters
yp from the keyboard.
are typed y Windows
calls WndProc when an item has been
selected from a menu
menu.
ming
• Windows calls WndProc when a scroll bar

is manipulated or clicked with the mouse.
Windows calls WndProc to tell it when it
must repaint its client area.

Syste
• All these calls to WndProc are in the form
g
of messages. In most Windows pprograms,
g ,
the bulk of the program is dedicated to
handling these messages.
messages The messages
ming
that Windows can send to a program are

generally identified with names that begin
with the letters WM and are defined in the
WINUSER.H header file.

Syste
• Actually, the idea of a routine within a
program
p g that is called from outside the
program is not unheard of in character-
mode programming
programming. The signal function in
ming
C can trap a Ctrl-C break or other

interrupts from the operating system.
system Old
programs written for MS-DOS often
trapped hardware interrupts.

Syste
• B
Butt iin Wi
Windows
d thi
this conceptt iis extended
t d d
to cover everything. Everything that
happens to a window is relayed to the
window procedure in the form of a
message.
ming
• Thee window
do pprocedure
ocedu e tthen
e responds
espo ds to
this message in some way or passes the
message to DefWindowProc for default
processing.

Syste
• The wParam and lParam parameters to
the window p
procedure are not used in
HELLOWIN except as parameters to
DefWindowProc.
DefWindowProc
ming
• These parameters give the window

procedure additional information
f about the
g The meaning
message. g of the p
parameters
is message-dependent.

Syste
• Let's look at an example. Whenever the
g in size,,
client area of a window changes
Windows calls that window's window
procedure.
procedure
ming
• The hwnd parameter to the window

procedure is the handle off the window
g g in size.
changing

Syste
• (Remember that one window procedure
g messages
could be handling g for multiple
p
windows that were created based on the
same window class
class. The hwnd parameter
ming
lets the window procedure know which

window is receiving the message
message.))

Syste
• The message parameter is WM_SIZE. The
wParam parameter for a WM_SIZE message is
the value SIZE_RESTORED, SIZE_MINIMIZED,
SIZE_MAXIMIZED, SIZE_MAXSHOW, or
SIZE_MAXHIDE (defined in the WINUSER.H
ming
header file as the numbers 0 through 4). That is,

the wParam parameter indicates whether the
window is being changed to a nonminimized or
nonmaximized size, being minimized, being
maximized, or being hidden.
Syste
• The lParam parameter contains the new
size of the window. The new width ((a 16-
bit value) and the new height (a 16-bit
value) are stuck together in the 32-bit
32 bit
ming
lParam. The WINDEF.H header file

defines some handy macros that help you
extract these two values from lParam.
We'll do this in the next chapter.

Syste
• S
Sometimes
ti messages generate t other
th messages
as a result of DefWindowProc processing. For
example suppose you run HELLOWIN and you
example,
eventually click the Close button, or suppose
you select Close from the system menu using
ming
either the keyboard or the mouse.
DefWindowProc p processes this keyboard

y or
mouse input. When it detects that you have
selected the Close option, it sends a
WM_SYSCOMMAND message to the window
procedure.
Syste
• W
WndProc
dP passes this
thi message tto DefWindowProc.
D fWi d P
DefWindowProc responds by sending a WM_CLOSE
message g to the window p
procedure. WndProc again
g
passes this message to DefWindowProc.
DefWindowProc responds to the WM_CLOSE message
by calling DestroyWindow.
DestroyWindow DestroyWindow causes
ming
Windows to send a WM_DESTROY message to the

window procedure. WndProc finally responds to this
message by calling PostQuitMessage to put a
WM_QUIT message in the message queue. This
message causes the message loop in WinMain to
terminate and the program to end.

Syste
• Q
Queued d and d Nonqueued
N d Messages
M
• I've talked about Windows sending messages to a
window which means that Windows calls the window
window,
procedure. But a Windows program also has a message
loop that retrieves messages from a message queue by
calling
lli GetMessage
G tM andd di
dispatches
t h th these messages tto
ming
the window procedure by calling DispatchMessage.

• So,
So does a Windows program poll for messages (much
like a character-mode program polling for keyboard
input) and then route these messages to some location?
O does
Or d it receive
i messages di directly
tl ffrom outside
t id th
the
program? Well, both.

Syste
• M
Messages can b be either
ith ""queued"d" or ""nonqueued."
d " Th
The
queued messages are those that are placed in a
program's
p g message g q queue by
y Windows. In the p program's
g
message loop, the messages are retrieved and
dispatched to the window procedure. The nonqueued
messages are the results of calls by Windows directly to
ming
the window procedure. It is said that queued messages

are "posted" to a message queue and that nonqueued
messages are "sent" to the window procedure. In any
case, the window procedure gets all the messages—
both queued and nonqueued
nonqueued—for for the window
window. The
window procedure is "message central" for the window.

Syste
• The queued messages are primarily those that
result from user input in the form of keystrokes
(such as the WM_KEYDOWN and WM_KEYUP
messages), characters that result from
keystrokes (WM_CHAR), mouse movement
ming
(WM_MOUSEMOVE), and mouse-button clicks

(WM_LBUTTONDOWN). Queued messages
also include the timer message (WM_TIMER),
the repaint message (WM_PAINT), and the quit
message (WM_QUIT).
Syste
• Th
The nonqueued d messages are everything
thi else.
l
Nonqueued messages often result from calling
certain Windows functions. For example, when
WinMain calls CreateWindow, Windows creates
the window and in the process sends the
window procedure a WM
WM_CREATE
CREATE message.
message
ming
• When WinMain calls ShowWindow, Windows

sends the window procedure WM
WM_SIZE
SIZE and
WM_SHOWWINDOW messages. When
WinMain calls UpdateWindow, Windows sends
the window procedure a WM_PAINT message.
•
Syste
• Q
Queued d messages signaling
i li kkeyboard
b d or
mouse input can also result in nonqueued
messages.
• For example,
p , when you
y select a menu
ming
item with the keyboard or mouse, the
eyboa d o
keyboard or mouse
ouse message
essage is
s queued
but the eventual WM_COMMAND
message indicating that a menu item has
been selected is nonqueued.

Syste
• This process is obviously complex, but
y most of the complexity
fortunately p y is
Windows' problem rather than our
program's
program s. From the perspective of the
ming
window procedure, these messages come

through in an orderly and synchronized
manner. The window procedure can do
something with these messages or ignore
them.
Syste
• While processing one message in a window
procedure, the program will not be suddenly
interrupted by another message.
g Windows programs
• Although g can have multiple
ming
threads of execution, each thread's message
queue handles messages for only the windows

whose window procedures are executed in that
thread. In other words, the message loop and
the window procedure do not run concurrently.

Syste
• When a message loop retrieves a
messageg from its message
g q
queue and
calls DispatchMessage to send the
message off to the window procedure
procedure,
ming
DispatchMessage does not return until the

window procedure has returned control
back to Windows.

Syste
• H
However, ththe window
i d procedure
d could
ld callll
a function that sends the window
procedure another message, in which
case the window procedure must finish
processing the second message before
ming
the function call returns, at which time the

window procedure proceeds with the
g
original message.
g
•

Syste
• For example, when a window procedure
calls UpdateWindow,
p , Windows calls the
window procedure with a WM_PAINT
message.
message
ming
• When the window procedure finishes

processing the WM_PAINT message, the
p
UpdateWindow call will return controls
back to the window procedure.

Syste
• This means that window procedures must be
reentrant.
t t
• In most cases, this doesn't cause problems, but
you should
h ld b
be aware off it it. FFor example, l suppose
you set a static variable in the window procedure
while processing a message and then you call a
ming
Windows function.
• Upon return from that function function, can you be
assured that the variable is still the same? Not
necessarily—not
necessarily not if the particular Windows
function you call generated another message
and the window p procedure changes g the variable
while processing
11/12/2010
that second message.
Mukesh Patel School of Technology Management & Engineering 186
Syste
• This is one of the reasons why certain
p
forms of compiler optimization
p must be
turned off when compiling Windows
programs.
programs
ming

Syste
• In many cases, the window procedure must
retain information it obtains in one message and
use it while processing another message. This
information must be saved in variables defined
as static in the window procedure, or saved in
ming
global variables.
• Of course, you'll get a much better feel for all of
this in later chapters as the window procedures
are expanded to process more messages.

Syste
Get In and Out Fast

• Windows 98 and Windows NT are preemptive
multitasking
l i ki environments.
i Thi
This means that
h as one
program is doing a lengthy job, Windows can allow the
user to switch control to another program.
• This is a good thing, and it is one advantage of the
current versions of Windows over the older 16-bit
versions.
ming
• However, because of the way that Windows is structured,

this preemptive multitasking does not always work the
way you might like.
• For example,
p , suppose
pp yyour p
program
g spends
p a minute or
two processing a particular message. Yes, the user can
switch to another program. But the user cannot do
anything with your program.
program
Syste
• Th
The user cannott move your program's ' window,
i d
resize it, minimize it, close it, nothing. That's
because your window procedure is busy doing a
lengthy job.
• Oh,
Oh it may not seem like the window procedure
ming
performs its own moving and sizing operations,

but it does
does.
• That's part of the job of DefWindowProc, which
must be considered as part of your window
procedure.

Syste
• If your program needs to perform lengthy jobs
while processing particular messages, there are
ways to do so politely .
• Even with preemptive multitasking, g it's not a
ming
good idea to leave your window sitting inert on
the screen.
• It annoys users. It annoys users just as much as
bugs, nonstandard behavior, and incomplete
help files. Give the user a break, and return
quickly from all messages.
Syste
Network File System (NFS)
ming

Syste
Introduction

• S
Sun MiMicrosystems,
t IInc. defined
d fi d a remote t
file access mechanism that has become
widely accepted throughout the computer
industry, known as NFS.
ming
• The mechanism allows a computer to run
a se
server
e tthat
at makes
a es so
some eo
or a
all o
of its
ts files
es
available for remote access, and allow
applications on other computers to access
those files.

Syste
Remote File Access Vs Transfer

• When an application accesses a file that resides
on a remote machine, the program’s operating
system invokes client software that contacts a
file server on the remote machine and performs
the requested operations on the file.
ming
• Unlike a file transfer, the application’s system

does not retrieve or store an entire file at once;
instead, it requests transfer of one small block of
data at a time.

File Access Among Heterogeneous
Syste
Computers

• In addition to the basic mechanisms for reading g file
protections, and translate information among the
presentations used on various computers.
• Because a remote file access service connects two
machines, it must handle differences in the way the
client
li t andd server systems
t name filfiles, d
denote
t paths
th
ming
through directories, and store information about files.

• The
Th files
fil access software
ft mustt accommodate d t
differences and writing files, a file access service must
provide ways to create and destroy filesfiles, peruse
directories, authenticates requests, honor in the
semantics interpretation of file operations
operations.
Syste
Stateless Servers

• Th
The NFS d design
i stores
t state
t t information
i f ti att the
th client
li t
site, allowing servers to remain stateless.
• Because the server is stateless,
stateless disruption in service will
not affect client operation.
• A client will be able to continue file access after a
ming
stateless server crashes and reboots; the application
program, which runs on the client system, can remain

unaware of the server reboot
reboot.
• Because a stateless server does not need to allocate
resources for each client, a stateless design
g can scale to
handle more clients than a stateful design.

Syste
NFS and UNIX File Semantics

• Th
The NFS designers
d i adopted
d t d UNIX file
fil system
t
semantics when defining the meaning of
individual operations.
• Understanding the UNIX file system is essential
to understandingg NFS because NFS uses the
UNIX file systems terminologies and semantics.
ming
• It honors the same open-read-write-close

paradigm as UNIX
UNIX, and offers most of the same
services.
• Like UNIX
UNIX, NFS assumes a hierarchical naming
system. It considers the file hierarchy to be
composed of directories and files.
Syste
NFS File Types

• enum ftype
ft {
NFNON = 0, /*specified name is not a file */
NFREG = 1 1, /* regular file */
NFDIR = 2, /* directory */
NFBLK = 3 3, /*
/ block-oriented device *//
ming
NFCHR = 4, /* character-oriented device */

NFLNK = 5 /* / symbolic link *//
};
• NFS has adoptedp UNIX’s terminology gy that divides I/O
devices into block-oriented (a disk device) and
character-oriented (a terminal device) devices.

Syste
NFS File Modes

• NFS assumes th thatt fil
file or di
directory
t h
has a
mode that specifies its type and access
protection.
• The definitions and meaning g of bits in the
ming
NFS mode integer is very similar to that of
U
UNIX.
• Although NFS defines file types for devices,
it does not permit remote device access
(e.g., a client may not read or write a remote
device)
Syste
NFS Client and Server

• A
An NFS fil file server runs on a machine
hi ((which
hi h h
has llarge
disks) that has a local file system.
• An NFS client runs on an arbitrary machine and access
the files on machines that run NFS servers.
• When an application
pp p
program
g calls open
p to obtain
ming
access to a file, the OS uses the syntax of the path
name to choose between local and remote file access

procedures.
procedures
• If the path refers to a local file, the system uses the
computer’s
p standard file system
y software to access the
file; If the path refers to a remote file, the system uses
NFS client software to access the remote file.

Syste
NFS Client and UNIX

• In UNIX, the mount mechanism construct a single,
unified
ifi d naming
i hihierarchyh ffrom iindividual
di id l fil
file systems
t
on multiple disks.
• UNIX implementation of NFS client code use an
extended version of the mount mechanism to
ming
integrate remote file systems into the naming
hierarchy along with local file systems.

• The chief advantage of using the mount mechanism
is consistency:
y all file names have the same form.
• An application program cannot tell whether a file is
local or remote from the name syntax alonealone.
• When an application opens a remote file, it
Syste
receive an integer descriptor for the file exactly

as it would for a local file.
• Internal information associated with the
descriptor specifies that the file is a remote file
accessible through NFS.
• Whenever an application performs an
ming
operation on a file descriptor, the system
checks to see whether the descriptor refers to

a local or a remote file. If local, the OS handles
the operation as usual, usual else, else the OS calls NFS
client translates the operation into an
equivalent NFS operation and places a RPC
call to the server.
Syste
NFS Client Operation

• The path name syntax used by the remote file system
may differ from that of the client machine; e.g. NFS client
code on Windows 95 (uses blackslash (\) as a separator
character),
h t ) while
hil NFS server code d on UNIX ((uses slash
l h (/)
as a separator character).
• To keep p applications
pp on client machines independent
p of
ming
file locations and server computer systems, NFS requires
that only clients interpret full path names.

• A client traces a path through the server’s
server s hierarchy by
sending the server one component at a time and receiving
information about the file or directory it names.
• For
F example, l llook
k up path th name //a/b/c
/b/ on a server, it
begins by obtaining information about the server’s root
directory, then look up name a in that directory, then look
up name b iin ththatt di
directory
t a, th
then llook
k up name c iin bb.
Syste
File Handle

• In order to isolate clients from the server’s path name
syntax and to allow heterogeneous machines to
access hierarchical files, NFS requires that the client
perform all path name interpretation.
q
• As a consequence, , a client can not use a full p path
ming
name to specify a file when requesting an operation
on that file.
• Instead, the client must obtain a handle that it can use
to reference the file file.
• Having the server provide handles for directories as
well as files permits a client to trace a path through the
server’s
11/12/2010
hierarchy.
Mukesh Patel School of Technology Management & Engineering 204
Syste
An NFS Client in UNIX

• When managers install NFS client code in UNIX,
theyy use the file system
y mount facilityy to
integrate remote directories into UNIX’s
hierarchical directory system.
ming
• The manager creates an empty directory in the
existing system, and then mounts an NFS

remote file system on it. Whenever an
application program calls open, the system
parses the
th pathth name one componentt att a time.
ti
• It looks up each component in a directory and
finds the next
ne t directory
director to search
search.
• If the path specified in a call to open includes
Syste
an NFS NFS-mounted
mounted directory,
directory the system will

eventually encounter the remote mount point
and pass control to the NFS client code code.
• The NFS client finishes opening g the file by y
continuing to parse and look up components of
the path.
ming
• Because the remaining directories in the path

reside id on a remote t machine, hi the
th NFS client li t
code look up each component by contacting the
appropriate NFS server and obtain handle for
tthe e remote
e ote file
e foro subseque
subsequentt read ead a and d writete
operations.
Syste
File Positioning with A Stateless Server

• Because NFS uses a stateless server design, the
client stores all file position information and each
request sent to the server must specify the file position
to use.
• In UNIX implementation, NFS uses the local file table
to store the position for a remote file just as UNIX uses
it to store position in a local file.
ming
• If the client calls lseek, the system records the new file
position in the table without sending a message to the
server.
• Any subsequent access operation extracts the file
position from the table and sends it to the server along
with
ith th
the access request. t
Syste
Reading a Directory Statelessly

• Because directories can be arbitrarily large and
communication networks impose a fixed limit on
the size of a single g message, g , reading g the
contents of a directory may require multiple
requests.
requests
ming
• Because NFS servers are stateless, the server

cannot keep a record of each client’s position in
the directory. y
• To overcome this limitation, NFS server returns
a position identifier when it answers a request
for an entryMukesh
11/12/2010
from a directory.
Patel School of Technology Management & Engineering 208
• The client use the position identifier in the next
Syste
request to specify which entries it has already

received and which it still needs, i.e. it steps
through the directory by making repeated that
each specify the position identifier returned in
the previous request.
• NFS calls its directory position identifier a magic
ming
cookie, implying that the client does not

interpret the identifier,
identifier nor can it fabricate an
identifier itself.
• Only a server can create a magic cookie and a
cclient
e t ca can o
only y use a magic ag c coo cookie e tthat at has as
been
11/12/2010 supplied
Mukeshby a server.
Patel School of Technology Management & Engineering 209
Syste
The Mount Protocol

• The mount p protocol p
provides four basic services
that clients need before they can use NFS:
– It allows the client to obtain a list of the directory
hierarchies (i
(i.e.
e the file systems) that the client can
access through NFS.
– It accepts full path names That allow the client to identify
a particular
ti l didirectory
t hi
hierarchy.
h
ming
– It authenticates each client’s request and validates the

client’s
client s permission to access the requested hierarchy.
– It returns a file handle for the root directory of the
hierarchy a client specifies.
• Th
The client
li t uses th
the roott handle
h dl obtained
bt i d ffrom th
the
mount protocol when making NFS calls.

Syste
Summary

• To allow many y clients to access a server and to
keep the servers isolated from client crashes,
NFS uses stateless servers
servers.
• To accommodate heterogeneity, NFS requires
th client
the li t tto parse path th names and d llook
k up
ming
each component individually and the server

returns a 32-bytes handle.
• NFS adopted the open open-read-write-close
read write close
paradigm used in UNIX, along with basic file
t
types and
d fil
file protection
t ti modes.d
Syste
File system
ming
Unix commands

Syste
mount

• All files accessible in a Unix system are arranged in one big tree
tree, the file hierarchy
hierarchy,
rooted at /. These files can be spread out over several devices. The mount command
serves to attach the file system found on some device to the big file tree. The
standard form of the mount command, is
–
mount -t type device dir
• This tells the kernel to attach the file system found on device (which is of type type) at
the directory dir. The previous contents (if any) and owner and mode of dir become
invisible, and as longg as this file system
y remains mounted, the p
pathname dir refers to
the root of the file system on device.Three forms of invocation do not actually mount
ming
anything:
–
mount -h
• prints
i t ah
help
l message;
–
mount -V
• prints a version string; and just
– mountt [[-l]
l] [-t
[ t type]
t ]
• lists all mounted file systems (of type type). The option -l adds the (ext2, ext3 and
XFS) labels in this listing.

Syste
umount

• The umount command detaches the file system(s) mentioned from the file hierarchy
hierarchy. A file system is specified by giving the directory
where it has been mounted. Giving the special device on which the file system lives may also work, but is obsolete, mainly because it will
fail in case this device was mounted on more than one directory.Note that a file system cannot be unmounted when it is `busy' - for
example, when there are open files on it, or when some process has its working directory there, or when a swap file on it is in use. The
offending process could even be umount itself - it opens libc, and libc in its turn may open for example locale files. A lazy unmount avoids
this problem.
• Options for the umount command:
• -V
V
– Print version and exit.
• -h
– Print help message and exit.
• -v
– Verbose mode.
•
ming
-n
– Unmount without writing in /etc/mtab.

• -r
– In case unmounting fails, try to remount read-only.
• -d
– In case the unmounted device was a loop device, also free this loop device.
• -a
– All of the file systems described in /etc/mtab are unmounted. (With umount version 2.7 and later: the proc filesystem is not unmounted.)
• -t vfstype
– Indicate that the actions should only be taken on file systems of the specified type. More than one type may be specified in a comma separated
list. The list of file system types can be prefixed with no to specify the file system types on which no action should be taken.
• -O options
– I di t that
Indicate th t th
the actions
ti should
h ld only
l be
b taken
t k on file
fil systems
t with
ith the
th specified
ifi d options
ti iin /etc/fstab.
/ t /f t b More
M th
than one option
ti type
t may be
b specified
ifi d
in a comma separated list. Each option can be prefixed with no to specify options for which no action should be taken.
• -f
– Force unmount (in case of an unreachable NFS system). (Requires kernel 2.1.116 or later.)
• -l
– Lazy unmount. Detach the filesystem from the filesystem hierarchy now, and cleanup all references to the filesystem as soon as it is not busy
anymore (Requires kernel 2
anymore. 2.4.11
4 11 or later
later.))

Syste
TCP/IP Administration
F G
ming
Networking commands in Windows

Syste
NETSTAT.exe

• NETSTAT.exe
NETSTAT exe
• TCP/IP Network Statistics Displays protocol statistics and current
TCP/IP network connections.
• NETSTAT [[-a] a] [-e]
[ e] [-n]
[ n] [[-s]
s] [-p
[ p proto] [[-r]
r] [interval]
• -a Displays all connections and listening ports.
• -e Displays Ethernet statistics. This may be combined with the -s
option.
ming
• -n Displays addresses and port numbers in numerical form.
• -p proto Shows connections for the protocol specified by proto; proto

may be TCP or UDP. If used with the -s option to display per-protocol
statistics proto may be TCP
statistics, TCP, UDP
UDP, or IP IP.
• -r Displays the routing table.
• -s Displays per-protocol statistics. By default, statistics are shown for
TCP, UDP and IP; the -p p option
p mayy be used to specify
p y a subset of the
default. interval Redisplays selected statistics, pausing interval
seconds between each display. Press CTRL+C to stop redisplaying
statistics. If omitted, netstat will print the current configuration
information once.

Syste
PING

• PING
PING.exe Usage:
U ping
i [-t]
[ t] [-a]
[ ] [[-n count]
t] [-l
[ l size]
i ] [-f]
[ f] [-i
[i
TTL] [-v TOS] [-r count] [-s count] [[-j host-list] | [-k
host-list]]
]] [[-w timeout]] destination-list Options:
p -t
Ping the specifed host until interrupted. -a Resolve
addresses to hostnames. -n count Number of echo
requests to sendsend. -ll size Send buffer size.
size -ff Set
ming
"Don't Fragment" flag in packet. -i TTL Time To Live.

-v TOS Type Of Service. -r count Record route for
count hops. -s count Timestamp for count hops. -j
host-list Loose source route along host-list. -k host-
list Strict source route along host-list
host list. -w
w timeout
Timeout in milliseconds to wait for each reply.

Syste
TRACERT exe
TRACERT.exe

• TRACERT.exe Trace Route Usage:
tracert [[-d]] [-h
[ maximum_hops]p ] [-j
[ j host-
list] [-w timeout] target_name Options: -
d Do not resolve addresses to
ming
hostnames. -h maximum_hops
Maximum number of hops to search for
target. -j host-list Loose source route
along host-list. -w timeout Wait timeout
py
milliseconds for each reply.
Syste
NBTSTAT exe
NBTSTAT.exe

• NBTSTAT.exe
NBTSTAT exe Net Bios Stats Displays protocol statistics and
current TCP/IP connections using NBT (NetBIOS over TCP/IP).
NBTSTAT [-a RemoteName] [-A IP address] [-c] [-n] [-r] [-R] [-s]
[[S]] [[interval]] -a ((adapter
p status)) Lists the remote machine's
name table given its name. -A (Adapter status) Lists the remote
machine's name table given its IP address. -c (cache) Lists the
remote name cache including the IP addresses. -n (names)
Lists local NetBIOS names.names -rr (resolved) Lists names resolved
ming
by broadcast and via WINS -R (Reload) Purges and reloads the

remote cache name table -S (Sessions) Lists sessions table
with the destination IP addresses. -s ((sessions)) Lists sessions
table converting destination IP addresses to host names via the
hosts file. RemoteName Remote host machine name. IP
address Dotted decimal representation of the IP address.
interval Redisplays selected statistics
statistics, pausing interval
seconds between each display. Press Ctrl+C to stop
redisplaying statistics.

Syste
ROUTE exe
ROUTE.exe

• ROUTE.exe
ROUTE exe Manipulates network routing tables.
tables ROUTE [-f]
[ f]
[command [destination] [MASK netmask] [gateway]] -f Clears
the routing tables of all gateway entries. If this is used in
j
conjunction with one of the commands,, the tables are cleared
prior to running the command. command Specifies one of four
commands PRINT Prints a route ADD Adds a route DELETE
Deletes a route CHANGE Modifies an existing route destination
Specifies the host to send command
command. MASK If the MASK
ming
keyword is present, the next parameter is interpreted as the

netmask parameter. netmask If provided, specifies a sub-net
mask value to be associated with this route entry. y If not
specified, if defaults to 255.255.255.255. gateway Specifies
gateway. All symbolic names used for destination or gateway
are looked up in the network and host name database files
NETWORKS and HOSTS,HOSTS respectively.
respectively If the command is print
or delete, wildcards may be used for the destination and
gateway, or the gateway argument may be omitted.

Syste
ARP exe
ARP.exe

• ARP.exe
ARP exe Address Resolution Protocol ARP -s s inet
inet_addr
addr
eth_addr [if_addr] ARP -d inet_addr [if_addr] ARP -a [inet_addr]
[-N if_addr] -a Displays current ARP entries by interrogating the
current pprotocol data. If inet_addr is specified,
p , the IP and
Physical addresses for only the specified computer are
displayed. If more than one network interface uses ARP, entries
for each ARP table are displayed. -g (Same as -a) inet_addr
Specifies an internet address
address. -NN if
if_addr
addr Displays the ARP
ming
entries for the network interface specified by if_addr. -d Deletes

the host specified by inet_addr. -s Adds the host and
associates the Internet address inet_addr with the Physical
y
address eth_addr. The Physical address is given as 6
hexadecimal bytes separated by hyphens. The entry is
permanent. eth_addr Specifies a physical address. if_addr If
present this specifies the Internet address of the interface
present,
whose address translation table should be modified. If not
present, the first applicable interface will be used.

Syste
TCP/IP Administration
F G
ming
Networking commands in Unix

Syste
ping

• ping <remote machine> Sends an IP
q
echo request to the <remote machine>
• % ping burro.baylor.edu
burro baylor edu
ming
burro.baylor.edu is alive

Syste
nslookup

• nslookup
l k <machine hi name> Query
Q name server to t map
names (e.g. burro.baylor.edu) to IP address and IP
addresses to names ((the reverse).) Optionally,
p y, yyou can
specify the name server you want to use. Under UNIX,
the default name server for a machine can be found in
the /etc/resolv.conf
/etc/resolv conf file.
file Under other OSs
OSs, it is in more
ming
obvious places such as the networking control panel.
• % nslookup burro.baylor.edu
Server: ccis03.baylor.edu <= Name of queried
name server
Address: 129.62.16.4 <= IP address of
queried name server
Syste
ifconfig

• ifconfig Configure and display interface configuration
% ifconfig -a
lo Link encap:Local Loopback
inet addr:127.0.0.1 Bcast:127.255.255.255 Mask:255.0.0.0
UP BROADCAST LOOPBACK RUNNING MTU:3584 MTU 3584 Metric:1
Metric 1
RX packets:10714 errors:0 dropped:0 overruns:0 frame:0
TX packets:10714 errors:0 dropped:0 overruns:0 carrier:0 coll:0
• eth0 Link encap:Ethernet
p HWaddr 00:60:8C:EA:03:C8
ming
inet addr:129.62.149.74 Bcast:129.62.149.255 Mask:255.255.254.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1

RX packets:18935311 errors:12566 dropped:12566 overruns:0
frame:12566
TX packets:10342456 errors:30 dropped:0 overruns:0 carrier:249
coll:30864
Interrupt:10 Base address:0x300

Syste
traceroute

• traceroute - Print the route packets take
to network host
• % traceroute www.yahoo.com
www yahoo com
ming

Syste
telnet

• telnet - Connect (TCP) to a specific
p
machine/port. You can use it to p play
y with
services other than telnet (Look in
/etc/services for list of services):
ming
– Echo
E h (P
(Portt 7)
7)- Echo
E h bback
k what
h t you ttype
•

Syste
arp

• arp - Display and change ARP (Address
Resolution Protocol)) cache
• molar:/etc% arp -a
a
ming

Syste
netstat

• netstat - Display network connections,
g tables,, and interface statistics
routing
– Network connections
ming
% netstat -a | more

Syste
route

• route - Show / manipulate the IP routing
table
– Showing routing table
ming
% route

Syste
traceroute

• traceroute
• Traceroute displays the routers that are
passed through to reach the destination.
• traceroute
t t "IP address
dd or domain
d i name""
ming

Syste
DIP

• It would be much better to have a simple command that performs all the steps
necessary to open the serial device, cause the modem to dial the provider, log in,
enable the SLIP line discipline, and configure the network interface. This is what
the dip command is for.
• dip means Dialup IP. It was written by Fred van Kempen and has been patched very
heavily by a number of people.
• dip provides an interpreter for a simple scripting language that can handle the
modem for you,
you convert the line to SLIP mode
mode, and configure the interfaces
interfaces. The
ming
script language is powerful enough to suit most configurations.
• To be able to configure the SLIP interface, dip requires root privilege. It would now
be tempting to make dip setuid to root so that all users can dial up some SLIP server
without having to give them root access
access. This is very dangerous
dangerous, though
though, because
setting up bogus interfaces and default routes with dip may disrupt routing on your
network. Even worse, this action would give your users power to connect toany SLIP
server and launch dangerous attacks on your network. If you want to allow your users
to fire up
p a SLIP connection, write small wrapper
pp p programs
g for each pprospective
p SLIP
server and have these wrappers invoke dip with the specific script that establishes
the connection. Carefully written wrapper programs can then safely be made setuid
to root. An alternative, more flexible approach is to give trusted users root access
to dip using a program..

Syste
End

• Thanks for your attention.
• Feedback
– samantsir@yahoo.com
ming

SAP Notes

Загружено:

Сведения о документе

Исходное описание:

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

SAP Notes

Загружено:

Авторское право:

Доступные форматы

Syste

em Architecture & Programm

11/12/2010 Mukesh Patel School of Technology Management & Engineering 1

11/12/2010 Mukesh Patel School of Technology Management & Engineering 2

em Architecture & Programm

at $10,000 barely able to recoup $200 a mere three

11/12/2010 Mukesh Patel School of Technology Management & Engineering 3

em Architecture & Programm

to encompass very large server and data center environments.

11/12/2010 Mukesh Patel School of Technology Management & Engineering 4

em Architecture & Programm

11/12/2010 Mukesh Patel School of Technology Management & Engineering 5

em Architecture & Programm

11/12/2010 Mukesh Patel School of Technology Management & Engineering 6

em Architecture & Programm

• Acquire an operating system at little or no

11/12/2010 Mukesh Patel School of Technology Management & Engineering 7

em Architecture & Programm

11/12/2010 Mukesh Patel School of Technology Management & Engineering 8

em Architecture & Programm

11/12/2010 Mukesh Patel School of Technology Management & Engineering 9

em Architecture & Programm

11/12/2010 Mukesh Patel School of Technology Management & Engineering 10

em Architecture & Programm

Prof. Rahul M. Samant

11/12/2010 Mukesh Patel School of Technology Management & Engineering 12

em Architecture & Programm

soon in Microsoft Windows Server 2003.

11/12/2010 Mukesh Patel School of Technology Management & Engineering 13

em Architecture & Programm

11/12/2010 Mukesh Patel School of Technology Management & Engineering 14

em Architecture & Programm

11/12/2010 Mukesh Patel School of Technology Management & Engineering 15

em Architecture & Programm

protected because each one is a separate process with

11/12/2010 Mukesh Patel School of Technology Management & Engineering 16

em Architecture & Programm

set of international standards for

em Architecture & Programm

The POSIX subsystem implements these

em Architecture & Programm

• Kernel mode is also known as supervisor mode,

11/12/2010 Mukesh Patel School of Technology Management & Engineering 19

em Architecture & Programm

and makes it possible to extend the features of an

em Architecture & Programm

and administrators (the default user interface is

em Architecture & Programm

UNIX to be written in a higher-level language.

11/12/2010 Mukesh Patel School of Technology Management & Engineering 22

• AIX from IBM

11/12/2010 Mukesh Patel School of Technology Management & Engineering 23

em Architecture & Programm

11/12/2010 Mukesh Patel School of Technology Management & Engineering 24

em Architecture & Programm

11/12/2010 Mukesh Patel School of Technology Management & Engineering 25

em Architecture & Programm

• Large number of simple tools

11/12/2010 Mukesh Patel School of Technology Management & Engineering 26

11/12/2010 Mukesh Patel School of Technology Management & Engineering 27

em Architecture & Programm

em Architecture & Programm

em Architecture & Programm