CSE451 Spring 2008 Project #1
Out: April 3 2008
Due: April 17 2008
Updates: Amendment #1
Objectives
The projects in this class
involve building and modifying the Microsoft Windows Operating System.
This is the first of four expected projects. It is mainly a familiarization
exercise leading into the subsequent projects. The principal objectives
for this first project are:
Ancillary to all this is that you’ll learn some of the guiding principles used in the design of the Windows Operating System.
Getting Started
You will need to become familiar
with two main areas. They are the building the Windows kernel
and using Virtual PC for testing and debugging. All of the sources
and reference materials are located at o:\cse\courses\cse451\08sp and accessible from any machine in
the lab. There are currently four subdirectories in the 08sp directory
The first two projects are
individual efforts. The last two will be done in groups of three.
Workspace for your group will be on o:\unix\projects\instr\CurrentQt
- Building your own kernel
Here are the steps for making
a private copy of the Windows sources and building your private kernel.
From steps 3 and 4 you now
have two executables that you want transfer over to the virtual hard
disk containing your bootable windows system.
-
Booting and debugging:
On each lab machine in “\program files\Microsoft Virtual PC\images” is a readonly file called ws03esp1.vhd
containing a bootable Windows system. You will be creating what
is called a Differencing disks that will essentially be the ws03esp1.vhd
disk fronted by your private changes.
You now should have a running
system that you can login to and run the test program.
Your assignment:
Your assignment is to modify
the windows kernel and a test program to monitor a set of system calls
(nee APIs). Here is some background information you will need
to understand and complete this project. All user programs that
need to utilize an NT system service (e.g., opening or writing to a
file) enter into the kernel code through what are called “NT” calls.
There are hundreds of different NT calls into the system; all begin
with the two letter prefix “Nt”. The names of some of the
API’s are NtCreateFile, NtOpenFile, NtClose, NtQuerySystemInformation,
NtSetTimer, and so forth.
The “C” header files for
these system calls are all declared in the directory “public\sdk\inc”.
Here is a partial list of the files in the directory with a brief description
of its contents.
ntdef.h - basic definitions of common data types used by everyone
ntrtl.h - runtime library for use by everyone in the kernel
ntstatus.h - all the possible return status values for system calls
bugcodes.h - system bug check codes
ntexapi.h - executive routines
ntioapi.h - I/O routines
ntkeapi.h - kernel routines
ntlpcapi.h - local procedure calls routines
ntmmapi.h - memory management routines
ntobapi.h - object management routines
ntpsapi.h - process/thread handling routines
ntseapi.h - security routines
Your assignment is to modify
the system to monitor certain APIs. You are to report the number
of times certain classes of APIs are called and give a distribution
of their return values. The classes we want monitored are all
the Query, Set, Open, Create, Close, Get, Read, and Write calls.
For example, there are four Read APIs called NtReadFile, NtReadFileScatter,
NtReadRequestData, and NtReadVirtualMemory. You are to collect
statistics on how many times these four routines were called since boot
time and the distribution and frequency of their return values (see
ntstatus.h for return values). Report the statistics for this
API group, not individual APIs. For example, some of the test
program output might be:
API Called
Returned values
NtOpen 56 success 50, access denied 6
NtRead 123 success 100, unsuccessful 20, Access Violation 3
:
You are to report all eight
classes of APIs.
If you “grep” the sources
for CSE451 you will find three files were we started to expand upon
the already existing NtQuerySystemInformation API. This is skeletal
code that the user program in the test directory uses to both send and
retrieve information from the kernel. Your task is to understand
the CSE451 additions to the kernel and the test program. And then modify
both to report back the class API statistics.
How to test program formats
the report is up to you. However the report must be easy to read.
As the due date approaches we will provide you with a command script
that will run the test program and spawn various other programs that
exercise the API calls.
Turn-in:
Be prepared to turn in the
following
You'll be submitting the source code and executables to Catalyst. Please seperately submit test.exe, wrkx86.exe, and a zip of your entire source directory (After running 'nmake clean').
Grading Criteria:
Your project will be graded
based on the following criteria:
The original return status accounting portion is more difficult than it need be. Instead of itemizing each individual return value, you can track the return values in four buckets (Success, Information, Warning, and Error). You will find a set of macros in public\sdk\inc\ntdef.h that can help accomplish this.
// // Generic test for success on any status value (non-negative numbers // indicate success). // #define NT_SUCCESS(Status) ((NTSTATUS)(Status) >= 0) // // Generic test for information on any status value. // #define NT_INFORMATION(Status) ((ULONG)(Status) >> 30 == 1) // // Generic test for warning on any status value. // #define NT_WARNING(Status) ((ULONG)(Status) >> 30 == 2) // // Generic test for error on any status value. // #define NT_ERROR(Status) ((ULONG)(Status) >> 30 == 3) So your output can now be more uniform, and look something like. API Total Class Calls Success Information Warning Error ------ -------- -------- -------- -------- -------- NtOpen 56 50 2 3 1 NtRead 123 100 0 0 23