Windows Internals. Chapter 2 Foundation concepts and terms about Windows
2. Foundation concepts and terms
1. Windows API
2. Services , functions , and routines
3. Process
4. Threads
5. Jobs
6. Virtual memory
Virtual memory provides a logical view of of memory that might not correspond to its physical layout.
7. Kernel mode vs. user mode
Kernel mode(supervisor mode ): Execution in a processor that grants access to system memory and all CPU instructions;
User mode(application mode):
Windows uses ring 0 for kernel mode and ring 3 for user mode (only two levels).
Windows marks pages containing data as non-Executable by enable Data Execution Prevention(DEP)
Windows doesn’t provide any protection for private read/write system memory being used by components running in kernel mode.(once in kernel mode OS and device-driver code has complete access to system-space memory and can bypass Windows security to access objects).need to remain vigilant when loading a third-party device driver.
A transition from kernel mode and user mode(and back) does not affect thread scheduling per se.A mode transition is not a context switch.
8. Hypervisor
9. firmware
10. Terminal service and multiple sessions
Terminal service : the support in Windows for multiple interactive user sessions on a single system.
11. Objects and handles
In Windows , a process is an instance of the process object type , a file in an instance of the file object type , and so on ;
handle is the index of object (handle references to instances of an object).
12. Security
Core security capabilities of Windows:
Discretionary and mandatory protection for all shareable system objects ;
Security auditing for accountability of subjects, for users, and the actions they initiate ;
User authentication at logon ;
The prevention of one user from accessing uninitialized resources, such as free memory or disk space , that another user has deallocated;
3 forms of access control in Windows :
discretionary access control
privileged access control
mandatory access control
13. Registry
registry :system database contains the information required to boot and configure the system, system-wide software settings that control the operation of Windows.(Important system database)