Slashdot Mirror
Inside the Windows Vista Kernel
Reader trparky recommends an article on Technet (which, be warned, is rather chaotically formatted). Mark Russinovich, whose company Winternals Software was recently bought by Microsoft, has published the first of a series of articles on what's new in the Vista kernel. Russinovich writes: "In this issue, I'll look at changes in the areas of processes and threads, and in I/O. Future installments will cover memory management, startup and shutdown, reliability and recovery, and security. The scope of this article comprises changes to the Windows Vista kernel only, specifically Ntoskrnl.exe and its closely associated components. Please remember that there are many other significant changes in Windows Vista that fall outside the kernel proper and therefore won't be covered."
From the article: "...the symbolic file link (or as it's called in UNIX, the soft link) finally arrives in Windows Vista." - anybody heard "soft link"? Me (after 10 years of using Linux) never...
Yet another (promised?) feature they could not deliver.
??? This is in Vista
thought for a second that they required admin access to activate MMCSS; but upon a second reading, it looks like they've merely reimplemented nice with some kind of setuid root service.
"nice" as you call it has been in NT since its conception.
He's talking about multimedia specific scheduling related to I/O operations here, you might want to read this whole document a 3rd time, he's not talking about "regular" kernel scheduling of threads/processes, he's talking about scheduling based on I/O needs which is a whole different beast.
Everytime I read anything about Vista's new features, I hear myself saying "fucking finally" like half a dozen times. Symlinks? Cancelling I/O? These are things other, better operating systems have had for over a decade. Anyone wanna start a pool for when they'll roll out a patent for symlinks?
Isnt this like entering the belly of the beast? I will save you some time in reading the article.
:-)
Proper care for your Vista "Beast"
1) Feed it plenty of CPU cycles. Preferrably multiple cores.
2) Give it obsene amounts of memory. 2.5G preferable.
3) This one seems to really enjoy Video Ram as wll, probably it tastes better. 256M advised.
4) Keep feeding it a constant supply of disk space. Interestingly enough, this version seems to consume HD space simply with doing nothing.
Thats the basics folks. Give your Vista beast what it needs and you should have a kind of good experience. At least for at least 6 months or so... Then you must slay the beast and re-install..
They actually have a screenshot of what it looks like inside the Vista kernel.
"Destroy science and religion. Science would re-emerge exactly the same; but not religion." - Penn Jillette, paraphrased
Classic: multimedia apps take precedence over anti-virus.
Yes, as it should. If the AV activity is a scheduled full system scan, then it can indeed wait those few tenths of seconds extra, as if you're already infected, they won't make any difference. If it's a real time scan on a file you're accessing, then it can definitely wait, as the file won't be opened/executed until the scan has completed anyway.
So what exactly is the problem with giving a multimedia app a higher priority on the processor than your AV software? We're not talking about killing the AV soft, just lowering the priority; it's still running.
they've merely reimplemented nice
You've been able to set process priority through the Task Manager since at least NT4 (the earliest I remember it being available; it may have been in earlier versions too, I just don't remember seeing it personally).
It's official. Most of you are morons.
I think we've finally seen the very first actually interesting Slashdot story about Vista. About fucking time.
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
Much of this new stuff sounds like features of QNX. QNX has a "sporadic scheduler", for when you need things like 10ms of CPU every 100ms. QNX has had I/O cancellation for years. In QNX, you can set a timeout on any system call that blocks. If you set a 35ms timeout on a write, after 36 milliseconds, you'll have control back. Very useful in real-time systems where you're doing something less important, like logging, that should never take very long but, in some trouble condition, might. QNX has had prioritized I/O for years, too.
It all works, too. I've done compiles on QNX while running a real time program on the same machine, without the real time program missing a deadline.
Of course, in Vista, it's all more complicated.
Black box OS kernels like Windows can really never be disclosed. All you can really do is make some guesses or have an insider reveal some limited details.
For this reason, OS classes in school will be based on Linux,BSD,Minux,or even ReactOS. With all of these, if want to really know how it works, there is the code.
The secret-software-business is quite different that the shared discoveries of the scientific method that works well in education and science.
Historically, the open ones will be the only ones that survive. In 50 years: You want to know how DOS worked in the 1980s? Well, no source is available. But freedos provides a good example of how it worked. You want to know how some random UNIX worked. Well the source to that specific one is not available, but BSD and Linux are a good examples of how it worked. You want to know how Windows-2000 worked? Well, no source code is available, but ReactOS provides a close approximation of how it worked.
The subject line made me think instantly of the old Adventure game,
"you are in a maze of twisty passages all alike"
sent a shiver up the spine.
That's complete nonsense.
There are basically two options here:
1. Antivirus hooks into the OS, and scans every program BEFORE it gets executed. In that case, the scanner's priority doesn't matter, it gets run before the program starts anyway.
2. You run the antivirus scanning every file on disk, as a normal process. This would be what the priority adjustments affect, but doing things this way you can't really detect a new virus in real time. You can just find it during the scan, and the priority only determines how fast it will proceed when something else wants CPU time.
cfq/ionice is for reads only. "Due to the complex path writes take to get to the io scheduler there is no ionice support for writes yes so they are all treated equally." It'll happen...
Tired of free ipod spam sigs? Opt ou
hey dumass, its because windows nt used to be distributed on fat16 (not vfat) floppy disks and you could use dos to copy their contents over to a hard drive for installation. it had to be 8.3 then, and there's no need to change it now. you can rename ntoskrnl.exe to anything you want and boot off it with the /kernel= boot.ini option.
Unfortunately many programmers seem to misunderstand this. Usually you can give user-interface processes very high priority, even if they are far less important than some of the background processes. Very often user-interface processes consume only limited amounts of processor cycles. When this happens, no matter how high their priority, they will leave plenty of cycles for the other processes.
It doesn't matter if a virus-scanning process gets delayed a few additional seconds, because there's no person waiting for it and getting impatient. It does matter if a web browser or text editor gets delayed, because there is a human waiting for them.
Terrorists can't threaten a country's freedom and democracy. Only lawmakers and voters can do that.
Perhaps you need to learn how AV software works. I said "If it's a real time scan on a file you're accessing, then it can definitely wait, as the file won't be opened/executed until the scan has completed anyway" because any anti-virus software worth using scans every single file you attempt to access before that access takes place. As such, it doesn't matter what the virus claims to be, the AV software will have scanned it before it tells the OS.
The general sequence of events is:
1 user double-clicks a file
2 the AV soft's real-time scanner is invoked to scan it
3a the file is clean, access is granted
3b the file is dirty, access is denied
It doesn't matter how long step 2 takes, or what other apps get to use cycles while it's suspended - it will complete before either of steps 3a or 3b.
It's official. Most of you are morons.
The article doesn't mention that process startup is now quite different from the other versions of Windows NT.
.exe file mapped into memory. No stack is allocated, and no threads are created. In normal process creation, the parent process actually uses the debugger API calls to allocate memory for the stack into the new process's address space, copies the command line and environment into the new memory, and creates the initial thread pointing at kernel32!BaseProcessStartupThunk. It resumes the thread and off it goes. (NT has no concept of environment or command line at the kernel level.)
In previous versions of NT, process creation was quite different from systems such as UNIX. The system call NtCreateProcess creates a "blank" process with nothing in it but ntdll.dll and the new
This changed in Vista for one reason: DRM. Microsoft made it so that certain processes, namely wmplayer.exe and halo2.exe, cannot be a target of the debugger API calls for obvious reasons. It ignores privilege level in blocking the API. If the old method of starting processes were used, then the parent process could start wmplayer.exe with patches to steal the DRM keys or dump decrypted data to disk. Vista's kernel now does the entire initialization for these processes to close this hole.
By the way, Microsoft needs to change that web page so that it doesn't select Spanish over English if you have Spanish listed as an acceptable language in your browser, even if English is higher in the list. This happens for both IE7 and FF2.
Melissa
"Screw Sun, cross-platform will never work. Let's move on and steal the Java language." - Visual J++ Product Manager
Having symlinks in the Vista kernel is nice and all, but Vista doesn't seem to offer a way to create these in Explorer. Who wants to break open a command line just to create a symlink?
Correct me if I'm wrong, but don't people criticize Linux all the time of a lack of GUI utilities in comparison to Windows? Yet when I drag a file somewhere in KDE, I can just click on "Link Here" and poof, I've got a symlink. Why have I not heard a single complaint about the lack of a user-friendly way to do this in Vista?
Furthermore, you need to have Administrator access (or use Administrator to give yourself the priviledge) to create a symlink, "because not all applications may handle symbolic links correctly". Doesn't this seem broken to anyone? Or at the very least, worrysome?
Err... Not quite. Not all of the SysInternals tools were migrated, and NONE of the source code was. Microsoft's hiding behind some pretty lame excuses (e.g. "They're using undocumented APIs!" or "Hackers are using it to make spyware!") for not distributing the source code.
The Winternals Administrator's Pak is also ">being discontinued, and have its functionality available only to those with Software Assurance agreements.
Is it true that every line in the source contains comments like this?
; Hah! Take that user!
; Oh nice try but we thought of that!
; Clearly they are trying to steal this.
; Thief! Thief!
; MP3s have no DRM. Refuse to play.
; Block association away from Windows Media Player
; SONY rootkit plugs in here
; Powered up. Now lets get today's authorization.
Click here. He talks about a lot of things, including these "protected processes", and even says that the purpose is for DRM.
Melissa
"Screw Sun, cross-platform will never work. Let's move on and steal the Java language." - Visual J++ Product Manager