![]() ![]() |
![]() ![]() |
![]() ![]() | |
© 1997 The McGraw-Hill Companies, Inc. All rights reserved. Any use of this Beta Book is subject to the rules stated in the Terms of Use. |
Chapter 2
The Registry and Hardware Configuration
In this chapter, we will discuss more in detail,
how the Registry manages hardware configuration. We will look
more at NTDETECT.COM and how it uses its detection functions to
construct volatile registry keys.
Operating System Components
Windows NT's Operating System architecture can be
easily examined in two parts - those that can be found running
in User Mode and those that can found running under kernel mode.
While kernel mode is commonly used to describe those processes
being manipulated and controlled at Ring 0
Executive Services (Kernel Mode)
The Executive Services, or as it is called in most documentation, the "Executive" contain all of these privileged-level services.
I/O Manager:
The I/O Manager is actually divided up into subsections
designed to handle a specific I/O function:
Cache Manager: Handles Disk Caching for all file systems. This service works with the Virtual Memory Manager to maintain performance. It also works with the file system drivers to keep file integrity.
Network Drivers: Actually a sub-architecture in and of itself
Device Drivers: Mini-drivers that are 32-bit and multi-processor compatible.
File Systems:
All disks I/O is handled by a file system.
Object Manager:
This manager maintains the following object models:
Security Reference Monitor
This compares the access parameters of a user (Access
Tokens) with the Access Control List (ACL) of an object. If the
particular process has sufficient rights after reconciliation,
it is granted access. If a user spawns a process, the process
is running in the user's security context.
Process Manager
This tracks primarily two kernel-dispatched objects:
Processes and Threads.
Virtual Memory Manager
This keeps track of the addressable space in NT.
This will be discussed further in this section.
Local Procedure Call Manager
This controls application communications with server
processes such as the Win32 subsystem. This makes the application
think that DLL calls are handled directly.
Kernel
All processes in NT are threads coordinated and scheduled
by the Kernel. The Executive Services use the Kernel to communicate
with each other concerning the processes that they share. The
Kernel runs in privileged mode (Ring 0) along with the HAL and
the Executive Services. It cannot be paged to disk. A misbehaved
Kernel process can stall the operating system.
The Hardware Abstraction Layer
This controls ultimately all direct access to hardware.
This is the only module completed mostly in low-level hardware-dependent
code. Its goal is to as well isolate any hardware dependent code
in order to prevent direct access to hardware. It is the HAL that
helps to make Windows NT scaleable across multiple processors
and portable across multiple platforms.
Secondary Storage
In most cases, it is RARE that you will ever need to manipulate information in the HKEY_LOCAL_MACHINE\HARDWARE subtree. Why? Well, for the obvious reason that it is indeed volatile. Most of the time, hardware parameters changes via the registry are actually performed under HKEY_LOCAL_MACHINE\SYSTEM as values that override detected hardware parameters. The majority of these situations involve secondary storage.
CD-ROMs
There have been situations where NT Server will be
installed on a machine with one CD-ROM with the built-in Disk
Administrator displaying two CD-ROMs. To troubleshoot this problem,
you would not go to the HKEY_LOCAL_MACHINE\Hardware subtree, but
to the following:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services \Cdrom HKEY_LOCAL_MACHINE\System\DISK
Look for multiple ENUM instances to isolate the problem.
Just BE CAREFUL. Especially if you find the problem and delete
the wrong pointer.
Disk Configuration
A stripe set, a mirror set, and a stripe set with
parity are each composed of identically sized areas on multiple
disks. Like volume sets, Windows NT must use the HKEY_LOCAL_MACHINE\SYSTEM\DISK
Registry subkey to know how to access the disks. You use Disk
Administrator to create these types of volumes. When you start
up the Disk Administrator, the first things it does is to search
for this key. If this key does not exist, then it will update
the Hardware key with this information.
The Disk Administrator may also prompt you to write a signature on the disk. The disk signature is a unique number at offset 0x1B8 that Windows NT uses as an index to store and retrieve information about the disk in the Registry subkey HKEY_LOCAL_MACHINE\SYSTEM\DISK. The first time that you open Disk Administrator after formatting a hard disk, it displays a dialog box that informs the user that no disk signature was found on the disk. You should select Yes, or Windows NT will not be able to access the disk.
Many destructive viruses can damage the Master Boot
Record and make it impossible to start the computer from the hard
disk. Because the code in the Master Boot Record executes before
any operating system is started, no operating system can detect
or recover from corruption of the Master Boot Record.
When you create a volume set, stripe set, mirror
set, or stripe set with parity, Disk Administrator sets the high
bit of the System ID field for each primary partition or logical
drive that is a member of the volume. For example, a FAT primary
partition or logical drive that is a member of one of these volumes
has a System ID value of 0x86. An NTFS primary partition or logical
drive has a System ID value of 0x87. This bit indicates that Windows
NT needs to use the HKEY_LOCAL_MACHINE\SYSTEM\DISK Registry subkey
to determine how the members of the volume relate to each other.
Windows NT can only access volumes that have the high bit set.
This bit is called the fault-tolerant (FT) bit.
More on NTDETECT.COM
Ntdetect.com is the hardware recognizer for x86-based computers. It collects a list of currently installed components and returns this information to NTLDR. Ntdetect.com executes after you select a Windows NT operating system on the boot loader screen (or the timer times out). When Ntdetect.com begins to execute, you see the following line on the screen:
NTDETECT V1.0 Checking Hardware . . .
Once again, NTDETECT.COM detects the following components:
The Registry contains information about your disk
configuration in the subkeys
HKEY_LOCAL_MACHINE\HARDWARE\DeviceMap\AtDisk
and
HKEY_LOCAL_MACHINE\HARDWARE\DeviceMap\Scsi.
The type of information that the registry will keep
include:
Parallel Ports
In Windows NT, parallel ports do not use any hardware interrupt request
lines (IRQs). The Windows NT parallel port driver is thread-based, and the port is polled at background priority. This eliminates a number of potential hardware conflicts with other devices that might want to use IRQ 7 or 5, which used to be the parallel port interrupts.
If you have applications that run very slow due to large print jobs, you can reduce the thread priority of the port print function by adding the following registry entry:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print
Add the key PortThreadPriority with the data type
REG_SZ. Give it the value "Thread_Priority_Below_normal."
Keep in mind that if you boot OS/2 or MS-DOS, you still need to
check for IRQ conflicts; the Windows NT port driver will not be
used.
Multiple Processor Configurations
Most of the time, NT DETECT.COM will detect the proper
amount of CPU's install on your motherboard. However, NT will
override these based on the Hardware Abstraction Layer, and Kernel.
If you have more processors than NT will recognize, try editing:
HKEY_LOCAL_MACHINE/System/CurrentControlSet/Control/Session Manager/Environment/NUMBER_OF_PROCESSORS
And
HKEY_LOCAL_MACHINE/System/CurrentControlSet/Control/SessionManager/Environment/LicensedProcessors
Now, when you do an update install (re-install into
the same directory), NT will recognize those extra processors.
As with any system modification requiring use of the NT CDROM,
re-apply your latest SP. Don't forget to generate a current ERD
(RDISK.EXE /S).
Of course, I am in know way authorizing you to break
a law. Be sure that you are not violating any license agreements
if you do this. You will require a custom HAL if your motherboard
has more than 4 processors.
Table 2-1: Common Hardware Registry Keys that
are Volatile
HARDWARE\DESCRIPTION\System:
\System\CentralProcessor
\System\FloatingPointProcessor
\System\MultifunctionAdapter
\System\MultifunctionAdapter\#\DiskController
\System\MultifunctionAdapter\#\DiskController\#\DiskPeripheral
\System\MultifunctionAdapter\#\DiskController\#\FloppyDiskPeripheral
\System\MultifunctionAdapter\#\KeyboardController
\System\MultifunctionAdapter\#\KeyboardController\#\KeyboardPeripheral
\System\MultifunctionAdapter\#\ParallelController
\System\MultifunctionAdapter\#\PointerController
\System\MultifunctionAdapter\#\PointerController\#\PointerPeripheral\
\System\MultifunctionAdapter\#\SerialController
\System\PCMCIA PCCARDs
HARDWARE\DEVICEMAP
\DEVICEMAP\AtDisk
\DEVICEMAP\AtDisk\Controller #
\DEVICEMAP\AtDisk\Controller #\Disk #
\DEVICEMAP\KeyboardClass
\DEVICEMAP\KeyboardPort
\DEVICEMAP\PARALLEL PORTS
\DEVICEMAP\PointerClass
\DEVICEMAP\PointerPort
\DEVICEMAP\SERIALCOMM
\DEVICEMAP\VIDEO
HARDWARE\RESOURCEMAP
\RESOURCEMAP\Hardware Abstraction Layer
\RESOURCEMAP\KeyboardPort/PointerPort
\RESOURCEMAP\LOADED PARALLEL DRIVER RESOURCES
\RESOURCEMAP\LOADED SERIAL DRIVER RESOURCES
\RESOURCEMAP\OtherDrivers
\RESOURCEMAP\System Resources
\RESOURCEMAP\VIDEO
![]() ![]() |
![]() ![]() |
![]() ![]() |
COMPUTING MCGRAW-HILL | Beta Books | Contact Us | Order Information | Online Catalog
Computing McGraw-Hill is an imprint of the McGraw-Hill Professional Book Group.