windows kernel
DESCRIPTION
Windows kernel. Windows Driver Model Nisec liangge. Agenda. The limits about today’s presentation What differences between ring0 and ring3 How OS Startup How driver works. Limits. Win2000/ xp /2003, no Vista X86, no details WDM, no WDF Basic, no complex 32-bit, no 64-bit. - PowerPoint PPT PresentationTRANSCRIPT
Windows kernel-Windows Driver Model
- Nisec liangge
Agenda• The limits about to-day’s presentation
• What differences be-tween ring0 and ring3
• How OS Startup• How driver works
Limits• Win2000/xp/2003, no Vista
• X86, no details• WDM, no WDF• Basic, no complex• 32-bit, no 64-bit
What differences-ring0 and ring3• Advantage
• The whole instructions• The whole memory• The details about OS• A lot of routines• More things can do
What differences-ring0 & ring3• Disadvantage:
•More time to work on•More dangerous for machine
•More challenge
What differences – Win & UNIX• Advantage
•Microsoft•Strong man•Market
What differences – Win & UNIX• Disadvantage:
•Little source code•excellent documenta-tion
•Microsoft
How OS startup• Setup system
• MBR• Boot sector
• Kernel• Ntldr-load boot driver• NtOskrnl.exe
Ntoskrnl• Phase0
•No interrupt•Initialize
• Phase1•Allow interrupt•IoManager initialize
IoManager• boot driver, system start driver, service auto driver, service demand start
• Enumeration• Recursion• Devnode• From top to root
How driver works• See WORD
Further Reading• Mark E. Russinovich and David A. Solomon, Microsoft Windows internals, 4th Edition, MS press
• Walter OneyMicrosoft Windows driver model, 2th edition, MS press
• DDK document, source code
Useful website• http://msdn.microsoft.com• http://www.osronline.com• http://www.msdnaa.net/cur-riculum/pfv.aspx?ID=6191
• http://www.driverdevelop.-com
End
•Thanks!•QA