1 / 44

Lecture 6 Management Mechanisms

Lecture 6 Management Mechanisms. xlanchen@03/25/2005. Contents. The Registry Services Windows Management Instrumentation. 1. The Registry. Registry. The repository for systemwide and per-user settings Used to configure and control 2K systems

stamos
Download Presentation

Lecture 6 Management Mechanisms

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Lecture 6 Management Mechanisms xlanchen@03/25/2005

  2. Contents • The Registry • Services • Windows Management Instrumentation Understanding the Inside of Windows2000

  3. 1. The Registry

  4. Registry • The repository for systemwide and per-user settings • Used to configure and control 2K systems • For a complete reference to the contents of the 2K registry, please refer “Technical Reference to the Windows 2000 Registry” help file. Understanding the Inside of Windows2000

  5. The focus • Registry structure • Data types • Key information in the registry • … Understanding the Inside of Windows2000

  6. Registry Data Types • Registry is a database(compare with the file system) • Key: value (directory: file) • Subkey (subdirectory) • Root key (Root directory) • Naming convention • Registry Editor utilities: • Regedit • Regedit32 (for example) Understanding the Inside of Windows2000

  7. Registry Data Types • 11 types Understanding the Inside of Windows2000

  8. Registry Logical Structure • Six root keys • HKEY_CURRENT_USER • HKEY_USERS • HKEY_CLASSES_ROOT • HKEY_LOCAL_MACHINE • HKEY_CURRENT_CONFIG • HKEY_PERFORMANCE_DATA Understanding the Inside of Windows2000

  9. Demo Understanding the Inside of Windows2000

  10. HKEY_CURRENT_USER • Contains data regarding the preferences and software configuration of the locally logged-on user • \Documents and Settings\<username>\Ntuser.dat • Link to a subkey of HKER_USER Understanding the Inside of Windows2000

  11. HKEY_USERS • contains a subkey for each loaded user profile and user class registration database on the system Understanding the Inside of Windows2000

  12. HKEY_CLASSES_ROOT • consists of two types of information: file extension associations and COM class registrations Understanding the Inside of Windows2000

  13. HKEY_LOCAL_MACHINE • contains all the systemwide configuration subkeys: HARDWARE, SAM, SECURITY, SOFTWARE, and SYSTEM Understanding the Inside of Windows2000

  14. HKEY_CURRENT_CONFIG • link to current hardware profile, stored under HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\Current. Understanding the Inside of Windows2000

  15. HKEY_PERFORMANCE_DATA • You can access the registry performance counter information directly by opening a special key named HKEY_PERFORMANCE_DATA and querying values beneath it Understanding the Inside of Windows2000

  16. EXPERIMENT • Watching Registry Activity • Regmon.exe Understanding the Inside of Windows2000

  17. Registry internals • Configuration manager • Manages the registry recoverably • The registry is a set of discrete files called hives • Registry tree Understanding the Inside of Windows2000

  18. Understanding the Inside of Windows2000

  19. EXPERIMENT • Looking at Hive Handles • Handleex.exe Understanding the Inside of Windows2000

  20. Understanding the Inside of Windows2000

  21. Hive Structure • Registry block (4KB) • Base block, includes global information about the hive • Signature: regf • Updated sequence numbers • Time stamp • Hive format version number • Checksum • Internal filename Understanding the Inside of Windows2000

  22. Cell • To organize the registry data • A cell can hold a key, a value, a security descriptor, a list of subkeys, or a list of key values. • Head of a cell: Size • Data of a cell • Data type • Key cell, value cell, subkey-list cell, value-list cell, security-descriptor cell Understanding the Inside of Windows2000

  23. Bin • To minimize some management chores • When a cell joins a hive and the hive must expand to contain the cell, the system creates an allocation unit called a bin • Bin head + bin offset + bin size Understanding the Inside of Windows2000

  24. Cell index • Cell indexes: the links that create the structure of a hive • A cell index is the offset of a cell into the hive file Understanding the Inside of Windows2000

  25. Internal structure of a registry hive Understanding the Inside of Windows2000

  26. Cell map • The hive is buffered in the kernel’s address space (paged pool) • When hive grows, the system must allocate paged pool memory to store the new bins • The paged pool that keeps the registry data in memory isn't necessarily contiguous • Cell map: similar to virtual memory  physical memory Understanding the Inside of Windows2000

  27. Structure of a cell index Understanding the Inside of Windows2000

  28. EXPERIMENT • Viewing Hive Paged Pool Usage Understanding the Inside of Windows2000

  29. The Registry Namespace • Registry : key object • \Registry • Name parsing • \Registry : configure manager • the rest of the name  configuration manager Understanding the Inside of Windows2000

  30. Key object and key control block APP APP Key obj Key obj Handle table Handle table Key control block Understanding the Inside of Windows2000

  31. Flow of control • App: open an existed key • Obj Manager: parse \Registry • Configure Manager: parse the rest of the name • If opened: reference +1 • Else: new key control block • Then: new key obj • Obj Manager: return handle • App: OK Understanding the Inside of Windows2000

  32. Services • Also called Win32 services • Similar to UNIX daemon processes • Win32 services consist of three components • a service application, • a service control program (SCP), • the service control manager (SCM). Understanding the Inside of Windows2000

  33. Service Applications • Consist of at least one executable • A user wanting to start, stop, or configure a service uses an SCP • Service applications are simply Win32 executables (GUI or console) with additional code • To receive commands from the SCM • To communicate the application's status back to the SCM. Understanding the Inside of Windows2000

  34. Service Applications (cont.) • When installing, setup program must register the service with the system (CreateService ) • Usually: auto-start service • The function StartService can be used to start the service • Service characteristics • the service's type • the location of the service's executable image file, • an optional display name, • an optional account name and password • a start type • an error code • And optional information Understanding the Inside of Windows2000

  35. Registry key for service • Characteristics: key value Understanding the Inside of Windows2000

  36. Inside a service process Understanding the Inside of Windows2000

  37. Service Accounts • The Local System Account • Alternate Accounts • Interactive Services Understanding the Inside of Windows2000

  38. The Service Control Manager • The SCM's executable file is \Winnt\System32\Services.exe • SvcCtrlMain • ScCreateServiceDB • This is the function that builds the SCM's internal service database Understanding the Inside of Windows2000

  39. Service Startup • ScAutoStartService for auto-start services • The services are started in a certain order • HKLM\SYSTEM\CurrentControlSet\Control\ServiceGroupOrder\List Understanding the Inside of Windows2000

  40. Startup Errors • If an error is reported, ErrorControl determines the reflection • If SERVICE_ERROR_IGNORE (0) or not specified • The error is ignored • If SERVICE_ERROR_NORMAL (1), an event is written to the system Event Log • “The <service name> service failed to start due to the following error:” Understanding the Inside of Windows2000

  41. example Understanding the Inside of Windows2000

  42. WMI • An implementation of Web-Based Enterprise Management (WBEM) • WBEM: a standard defined DMTF Understanding the Inside of Windows2000

  43. WMI Architecture Understanding the Inside of Windows2000

  44. The WMI Namespace • Hierarchical organization • Root (dir): subnamespaces • CIMV2 • Default • Security • WMI • WMI uses object properties that it defines as keys to identify the objects. Understanding the Inside of Windows2000

More Related