windows under the hood. the registry stores information on everything windows found in...
TRANSCRIPT
Windows Under the Hood
The Registry
• Stores information on everything Windows• Found in Windows\System32\config if you
want to know• Rarely do we go straight to the Registry; use
Device Manager, Control Panel• Regedit or Regedt32 will get you to same
place; Start | Run• Be careful, you can break Windows easily
Registry Root Keys• HKEY_CLASSES_ROOT; class objects, file
associations, type of icon, program to open it• HKEY_CURRENT_USER; current user
preferences, desktop color and pattern• HKEY_USERS; All users for the computer• HKEY_LOCAL_MACHINE (HKLM); system’s
non-user-specific configurations• HKEY_CURRENT_CONFIG; hardware currently
being used
Registry Edits
• Use either program: REGEDIT or REGEDT32• Make a backup before you change anything
(File | Export) – use .REG extension• Be careful of value types if adding key(s)• Saves are automatic; no recovery from deletes
Types of Data in Registry
• String value: any form of data• Binary value: Ones and zeros• Dword value: Binary but limited to 32-bits• Qword value: Binary but limited to 64-bits
XP Boot Process
• System files start the boot process• NTLDR, boot.ini, and ntdetect.com
(ntbootdd.sys); on system partition• Edit boot.ini from System | Advanced |Startup
and Recovery• Later files: ntoskrnl.exe, hal.dll, Registry,
device drivers and winlogon.exe found in boot partition (Windows)
System Partition Files
• NTLDR – MBR starts it; reads Boot.ini to find Windows installations
• Boot.ini uses Advanced RISC Computing (ARC) naming system to identify partitions; edit from System applet in Control Panel
• Ntldr starts protected mode and then calls on ntdetect.com to find hardware
Vista/7 Boot• 32-bit BIOS scans for master boot record; loads
boot sector; bootmgr• 64-bit UEFI loads bootmgr directly• Bootmgr asks which OS to load using Boot
Configuration Data (BCD) file. Edit with bcdedit.exe; then loads winload.exe; then the OS kernel
• Vista/7 boot files and the system files must all reside on the same partition
Processes, Services and Threads
• Applications are processes loaded into RAM; have a window and end when you close the window
• Processes without need for a window are called Services
Task Manager
• One-stop place for Applications, Processes and Services
• CTRL-SHIFT-ESC, CTRL-ALT-DELETE, Start|Run | taskmgr
• Click View | Select Columns for Process Identifier (PID)
• Can log off a user from Users tab if they did not
Task Manager, 2• Applications tab; shows all running applications;
go here to force application to stop• Processes tab; everything is a process; can end
processes but for some, Windows won’t allow you to end them
• Performance tab; quick check of what is going on – CPU use and memory use
• Networking and Users tabs; not really exciting; can see how busy network is
Services Applet
• Control Panel |Administrative Tools | Services• Click on Services button in Services pane of
Task Manager• Run services.msc• Can start, or stop, a service from here;
Windows will not let you stop critical services• This has services in alphabetic order where
Task Manager does not
Performance Console
• Object is a system component that is given a set of characteristics and is a single entity
• Counters track specific information about objects
• Lots of counters; not many books on the Console, read over Michael’s section
Performance – Vista and 7
• Reliability and Performance Monitor in Vista• Performance Monitor in 7• Start with Performance Information and Tools
in Control Panel• Wander with it to get a sense of what it can
tell you – we will do that in lab sessions
Honorable Mention
• Component Services: Allows sharing of objects between programs
• Data Sources: Open DataBase Connectivity (ODBC); sharing of databases among programs