Windows xp an overview
1 / 38

Windows XP: An Overview - PowerPoint PPT Presentation

  • Updated On :

Windows XP: An Overview. Brett O’Neill CSE 8343 – Group A6. Overview. Programs, Processes, Jobs and Threads Registry and Memory File System Architecture and Management Inter-Process Communication Questions? References. Processes & Threads.

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about 'Windows XP: An Overview' - lise

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Windows xp an overview l.jpg

Windows XP: An Overview

Brett O’Neill

CSE 8343 – Group A6

Overview l.jpg

  • Programs, Processes, Jobs and Threads

  • Registry and Memory

  • File System Architecture and Management

  • Inter-Process Communication

  • Questions?

  • References

Processes threads l.jpg
Processes & Threads

  • Windows XP process architecture is the same as Windows 2000 process architecture

  • There are 4 units of work – Processes, Threads, Jobs and Programs. Simple definitions:

    • Program – A static set of instructions

    • Process – A container for a set of threads that execute an instance of a program

    • Job – A group of processes that can be manipulated as a single unit

    • Thread – A container for the set of instructions to be executed and the contents of machine registers that define processor state

Processes threads4 l.jpg
Processes & Threads

  • Each process includes a private virtual address space, an executable program, a list of open handles to various system resources, a security context, a unique identifier, and at least one thread.

Processes threads5 l.jpg
Processes & Threads

  • Fields in a Windows XP Executive Process (EPROCESS) Block:

Processes threads6 l.jpg
Processes & Threads

  • Each thread contains a set of instructions to execute, the contents of machine registers that define the processor state while the thread is running, and two stacks – one for User mode and one for Kernel mode.

Processes threads7 l.jpg
Processes & Threads

  • Fields in a Windows XP Executive Thread (ETHREAD) Block:

Thread scheduling l.jpg
Thread Scheduling

  • Priority-driven, preemptive scheduling is used.

  • Priorities levels are determined by both the process and the thread.

  • Processes have 4 priority levels:

    • Idle – Screen savers & other display updates

    • Normal – The default priority class

    • High – Receive most of the CPU’s time

    • Real Time – Kernel processes

Thread scheduling9 l.jpg
Thread Scheduling

  • The process’s priority class sets a range of priority values for its threads. For example, Real Time processes will always have a value from 16-31.

  • Process Priority Classes with Relative Thread Priorities:

Thread scheduling10 l.jpg
Thread Scheduling

  • Threads run for a length of time known as a quantum.

  • Quantum values vary from thread to thread.

  • Threads do not necessarily finish their quantum, because the system is preemptive. If another thread with a higher priority becomes ready, it will run.

  • However if all threads are the same priority, they will run in a round-robin fashion.

Thread scheduling11 l.jpg
Thread Scheduling

  • Thread scheduling code is distributed throughout the kernel. It is collectively known as the dispatcher.

  • The dispatcher can be triggered by:

    • A thread becoming ready to execute

    • A thread leaving the running state

    • A threads priority changing

  • Thread granularity: Processes are disregarded when scheduling threads – if Process A has 20 threads and Process B has 1 thread, each received 1/21st of CPU time.

Registry and memory l.jpg
Registry and Memory

  • Boot time improvements:

    • Simple Boot Flag (SBF) is a 3-bit flag in CMOS BIOS. The 3 bits indicate if the system is Plug and Play, if the last boot was successful, and if diagnostics need to run.

    • The boot loader uses parallel pre-fetching of drivers, boot code and Registry items.

    • Driver loading is prioritized during startup.

Registry and memory13 l.jpg
Registry and Memory

  • Boot time improvements (cont.):

    • The first time Windows XP boots, it monitors drivers, startup applications, Registry entries and shell code being loaded and saves the information.

    • On the 2nd boot, Windows XP pre-loads drivers and code asynchronously in parallel into memory in anticipation of their use. Therefore when the boot execution path attempts to load a driver, the driver is already in memory.

    • The previous 8 boots are analyzed heuristically to determine what drivers to pre-fetch. Drivers which aren’t being used drop off the pre-fetch list.

Registry and memory14 l.jpg
Registry and Memory

  • Physical memory can be page pooled or non-page pooled.

  • Non-Page Pooled: Time Critical memory, such as the Virtual Memory Manager

  • Page-Pooled: Memory mapped to disk

  • Pool memory is managed by descriptors called Page Table Entries (PTE’s) that hold memory page frame numbers that point to physical memory pages.

Registry and memory15 l.jpg
Registry and Memory

  • PTE’s also hold several bits to indicate the current status of the page: in use, dirty, clean, or unused.

  • Several algorithms are used to avoid interfering with actively used memory and to avoid excessive paging to disk.

  • 1.3 GB of memory can be mapped to PTE’s, so more memory can be actively tracked.

Registry and memory16 l.jpg
Registry and Memory

  • Previous versions of Windows allowed drivers to run “necessary” memory routines. Drivers demanded the O/S allocate memory, even if not enough memory was available.

  • Windows XP has eliminated these drivers. 3rd Party drivers are not “signed drivers” if they don’t eliminate this code.

  • I/O Throttling: When there is no memory left to allocate, Windows XP “throttles down” its processing of memory to a page at a time, using only the memory it can. This slows the system, but prevents a crash.

Registry and memory17 l.jpg
Registry and Memory

  • In previous versions of Windows, system performance suffered as the Registry grew. This was primarily due to Registry fragmentation – new Registry keys were placed in the first available Registry space. When applications needed to find these keys, an excessive number of memory pages were loaded from disk.

Registry and memory18 l.jpg
Registry and Memory

  • In Windows XP, when a Registry key needs to be stored, the kernel searches for a space large enough to contain all related data. Registry keys are physically adjacent, so fewer page faults result:

Registry and memory19 l.jpg
Registry and Memory

  • Programmers often use Registry keys as flags. Therefore there are many empty Registry key trees that applications need to search through at run time. This slows performance noticeably. Windows XP caches both empty and non-empty Registry keys to solve this problem.

File system architecture and management l.jpg
File System Architecture and Management

  • Windows XP supports FAT16, FAT32 and NTFS file systems.

File system architecture and management22 l.jpg
File System Architecture and Management

  • FAT16 – Compatible with most operating systems, including Linux, UNIX, and OS/2.

  • Disadvantages:

    • Fixed number of clusters per partition

    • File names limited to 8 characters

    • Lack of support for compression, security and encryption

File system architecture and management23 l.jpg
File System Architecture and Management

  • FAT32 – File names can be longer, greater number of clusters per partition.

  • Disadvantages:

    • Clusters are still too large

    • Not compatible with many operating systems

    • Lack of support for compression, security and encryption

File system architecture and management24 l.jpg
File System Architecture and Management

  • NTFS

    • Capability for security, compression, file names of 255 characters, large volume sizes

  • Architecture:

    • The first block of information on an NTFS volume is the Volume Boot Sector. It holds 2 primary structures:

      • BIOS Parameter Block – Contains fundamental information about the volume.

      • Volume Boot Code – A small block of code that tells the system how to load the operating system. This code has often been the target of virus writers. Windows XP retains tight control over disk access routines to prevent boot code viruses from spreading.

File system architecture and management25 l.jpg
File System Architecture and Management

  • Architecture (cont.):

    • Metadata files contain internal data about the files stored on a volume. They are automatically created when the volume is formatted, placed at the beginning of the volume, and hidden from users.

    • The most important metadata file is the Master File Table (MFT). It works like a relational database, storing information about every file and directory stored on a volume.

File system architecture and management26 l.jpg
File System Architecture and Management

  • Master File Table Resident Attributes:

File system architecture and management27 l.jpg
File System Architecture and Management

  • Architecture (cont.):

    • Windows XP initially reserves 12.5% of a volume’s space for the MFT. It is crucial to keep the MFT in contiguous physical space – known as the “MFT Zone”.

    • If the MFT Zone becomes full, more space is reserved elsewhere on the volume.

File system architecture and management28 l.jpg
File System Architecture and Management

  • Architecture (cont.):

    • NTFS partitions can be very large – 264 or 18 billion gigabytes per volume.

    • Individual 512-byte sectors are not managed individually – Instead they are grouped into clusters

    • NTFS allows very small clusters, increasing performance

Inter process communication l.jpg
Inter-Process Communication

  • Inter-Process Communication (IPC) is a set of programming interfaces that allow programmers to create and manage individual processes that can run concurrently at the same time.

  • Windows XP supports several IPC interfaces.

Inter process communication30 l.jpg
Inter-Process Communication

DDE – Dynamic Data Exchange

  • Windows XP uses a message-based architecture. Therefore message-passing is a good way for applications to exchange data.

  • DDE defines how to pass large piece of data by means of global atoms. A global atom is a reference to a character string. It identifies the applications exchanging information, the nature of the data, and the data itself.

  • DDE is most appropriate for data exchanges that do not require ongoing user interaction. Generally a link is established between 2 applications, then continues with no input from the user.

Inter process communication31 l.jpg
Inter-Process Communication

OLE – Object Linking and Embedding

  • Windows XP supports OLE 1.0 and OLE 2.0.

  • OLE is used to enhance the creation and management of compound documents. Embedded or linked objects can be placed inside a document, retaining formatting information.

  • The core of OLE is Component Object Model (COM). COM provides an architecture for any 3rd party vendor to deliver a component at any time and have the component become instantly available to applications on the system.

Inter process communication32 l.jpg
Inter-Process Communication


  • Network Basic Input/Output System is an interface that allows applications on different computers to communicate over a LAN.

  • NetBIOS frees applications from needing to know the details of the network on which they are located.

  • NetBIOS provides session and transport services, but does not provide standard frames or data format for submission. To use a standard frame format, NetBIOS Extended User Interface is needed (NetBEUI).

Inter process communication33 l.jpg
Inter-Process Communication

Named Pipes

  • A pipe is a section of shared memory where different applications leave messages for each other. It is typical to a post office slot.

  • The first process writes to the pipe, the second process reads from the other end.

  • Pipes do not have formal standards to govern how data is passed. This makes pipes easier and more flexible than other IPC’s, but limits them to programs that recognize each other and know how to parse the information they exchange.

Inter process communication34 l.jpg
Inter-Process Communication

Windows Sockets

  • WinSock is a network programming interface based on Berkeley’s Sockets API. It is the standard for accessing datagram and session services over TCP/IP, NWLink, IPX/SPX, NetBIOS, and AppleTalk.

Inter process communication35 l.jpg
Inter-Process Communication


  • A mailslot is similar to a pipe, but allows only one-way communication. It is most commonly used for broadcasting messages across a network.

  • Mailslots do not need to conform to any particular specification and take less than 64K of memory.

Inter process communication36 l.jpg
Inter-Process Communication

RPC - Remote Procedure Calls

  • Provides the opportunity to invoke functions residing on remote machines.

References l.jpg

  • Most of the information in this report came directly from Microsoft Developer Network (MSDN) documentation. Additionally, the following papers were used:

  • Kozierok, Charles M., “New Technology File System”, The PC Guide, 4/17/01.

  • Munro, Jay, “Windows XP Kernel Enhancements”, Extreme Tech, 6/8/01.

  • Open Systems Resources, Inc.