Orders Orders Backward Forward
Comments Comments
© 1997 The McGraw-Hill Companies, Inc. All rights reserved.
Any use of this Beta Book is subject to the rules stated in the Terms of Use.

Chapter 2

The Registry and Hardware Configuration

In this chapter, we will discuss more in detail, how the Registry manages hardware configuration. We will look more at NTDETECT.COM and how it uses its detection functions to construct volatile registry keys.

Operating System Components

Windows NT's Operating System architecture can be easily examined in two parts - those that can be found running in User Mode and those that can found running under kernel mode. While kernel mode is commonly used to describe those processes being manipulated and controlled at Ring 0

Executive Services (Kernel Mode)

The Executive Services, or as it is called in most documentation, the "Executive" contain all of these privileged-level services.

I/O Manager:

The I/O Manager is actually divided up into subsections designed to handle a specific I/O function:

Cache Manager: Handles Disk Caching for all file systems. This service works with the Virtual Memory Manager to maintain performance. It also works with the file system drivers to keep file integrity.

Network Drivers: Actually a sub-architecture in and of itself

Device Drivers: Mini-drivers that are 32-bit and multi-processor compatible.

File Systems: All disks I/O is handled by a file system.

Object Manager:

This manager maintains the following object models:

Security Reference Monitor

This compares the access parameters of a user (Access Tokens) with the Access Control List (ACL) of an object. If the particular process has sufficient rights after reconciliation, it is granted access. If a user spawns a process, the process is running in the user's security context.

Process Manager

This tracks primarily two kernel-dispatched objects: Processes and Threads.

Virtual Memory Manager

This keeps track of the addressable space in NT. This will be discussed further in this section.

Local Procedure Call Manager

This controls application communications with server processes such as the Win32 subsystem. This makes the application think that DLL calls are handled directly.

Kernel

All processes in NT are threads coordinated and scheduled by the Kernel. The Executive Services use the Kernel to communicate with each other concerning the processes that they share. The Kernel runs in privileged mode (Ring 0) along with the HAL and the Executive Services. It cannot be paged to disk. A misbehaved Kernel process can stall the operating system.

The Hardware Abstraction Layer

This controls ultimately all direct access to hardware. This is the only module completed mostly in low-level hardware-dependent code. Its goal is to as well isolate any hardware dependent code in order to prevent direct access to hardware. It is the HAL that helps to make Windows NT scaleable across multiple processors and portable across multiple platforms.

Secondary Storage

In most cases, it is RARE that you will ever need to manipulate information in the HKEY_LOCAL_MACHINE\HARDWARE subtree. Why? Well, for the obvious reason that it is indeed volatile. Most of the time, hardware parameters changes via the registry are actually performed under HKEY_LOCAL_MACHINE\SYSTEM as values that override detected hardware parameters. The majority of these situations involve secondary storage.

CD-ROMs

There have been situations where NT Server will be installed on a machine with one CD-ROM with the built-in Disk Administrator displaying two CD-ROMs. To troubleshoot this problem, you would not go to the HKEY_LOCAL_MACHINE\Hardware subtree, but to the following:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services
\Cdrom
HKEY_LOCAL_MACHINE\System\DISK

Look for multiple ENUM instances to isolate the problem. Just BE CAREFUL. Especially if you find the problem and delete the wrong pointer.

Disk Configuration

A stripe set, a mirror set, and a stripe set with parity are each composed of identically sized areas on multiple disks. Like volume sets, Windows NT must use the HKEY_LOCAL_MACHINE\SYSTEM\DISK Registry subkey to know how to access the disks. You use Disk Administrator to create these types of volumes. When you start up the Disk Administrator, the first things it does is to search for this key. If this key does not exist, then it will update the Hardware key with this information.

The Disk Administrator may also prompt you to write a signature on the disk. The disk signature is a unique number at offset 0x1B8 that Windows NT uses as an index to store and retrieve information about the disk in the Registry subkey HKEY_LOCAL_MACHINE\SYSTEM\DISK. The first time that you open Disk Administrator after formatting a hard disk, it displays a dialog box that informs the user that no disk signature was found on the disk. You should select Yes, or Windows NT will not be able to access the disk.

Many destructive viruses can damage the Master Boot Record and make it impossible to start the computer from the hard disk. Because the code in the Master Boot Record executes before any operating system is started, no operating system can detect or recover from corruption of the Master Boot Record.

When you create a volume set, stripe set, mirror set, or stripe set with parity, Disk Administrator sets the high bit of the System ID field for each primary partition or logical drive that is a member of the volume. For example, a FAT primary partition or logical drive that is a member of one of these volumes has a System ID value of 0x86. An NTFS primary partition or logical drive has a System ID value of 0x87. This bit indicates that Windows NT needs to use the HKEY_LOCAL_MACHINE\SYSTEM\DISK Registry subkey to determine how the members of the volume relate to each other. Windows NT can only access volumes that have the high bit set. This bit is called the fault-tolerant (FT) bit.

More on NTDETECT.COM

Ntdetect.com is the hardware recognizer for x86-based computers. It collects a list of currently installed components and returns this information to NTLDR. Ntdetect.com executes after you select a Windows NT operating system on the boot loader screen (or the timer times out). When Ntdetect.com begins to execute, you see the following line on the screen:

NTDETECT V1.0 Checking Hardware . . .

Once again, NTDETECT.COM detects the following components:

The Registry contains information about your disk configuration in the subkeys

HKEY_LOCAL_MACHINE\HARDWARE\DeviceMap\AtDisk

and

HKEY_LOCAL_MACHINE\HARDWARE\DeviceMap\Scsi.

The type of information that the registry will keep include:

Parallel Ports

In Windows NT, parallel ports do not use any hardware interrupt request

lines (IRQs). The Windows NT parallel port driver is thread-based, and the port is polled at background priority. This eliminates a number of potential hardware conflicts with other devices that might want to use IRQ 7 or 5, which used to be the parallel port interrupts.

If you have applications that run very slow due to large print jobs, you can reduce the thread priority of the port print function by adding the following registry entry:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print

Add the key PortThreadPriority with the data type REG_SZ. Give it the value "Thread_Priority_Below_normal." Keep in mind that if you boot OS/2 or MS-DOS, you still need to check for IRQ conflicts; the Windows NT port driver will not be used.

Multiple Processor Configurations

Most of the time, NT DETECT.COM will detect the proper amount of CPU's install on your motherboard. However, NT will override these based on the Hardware Abstraction Layer, and Kernel. If you have more processors than NT will recognize, try editing:

HKEY_LOCAL_MACHINE/System/CurrentControlSet/Control/Session Manager/Environment/NUMBER_OF_PROCESSORS

And

HKEY_LOCAL_MACHINE/System/CurrentControlSet/Control/SessionManager/Environment/LicensedProcessors

Now, when you do an update install (re-install into the same directory), NT will recognize those extra processors. As with any system modification requiring use of the NT CDROM, re-apply your latest SP. Don't forget to generate a current ERD (RDISK.EXE /S).

Of course, I am in know way authorizing you to break a law. Be sure that you are not violating any license agreements if you do this. You will require a custom HAL if your motherboard has more than 4 processors.

Table 2-1: Common Hardware Registry Keys that are Volatile

HARDWARE\DESCRIPTION\System:

\System\CentralProcessor

\System\FloatingPointProcessor

\System\MultifunctionAdapter

\System\MultifunctionAdapter\#\DiskController

\System\MultifunctionAdapter\#\DiskController\#\DiskPeripheral

\System\MultifunctionAdapter\#\DiskController\#\FloppyDiskPeripheral

\System\MultifunctionAdapter\#\KeyboardController

\System\MultifunctionAdapter\#\KeyboardController\#\KeyboardPeripheral

\System\MultifunctionAdapter\#\ParallelController

\System\MultifunctionAdapter\#\PointerController

\System\MultifunctionAdapter\#\PointerController\#\PointerPeripheral\

\System\MultifunctionAdapter\#\SerialController

\System\PCMCIA PCCARDs

HARDWARE\DEVICEMAP

\DEVICEMAP\AtDisk

\DEVICEMAP\AtDisk\Controller #

\DEVICEMAP\AtDisk\Controller #\Disk #

\DEVICEMAP\KeyboardClass

\DEVICEMAP\KeyboardPort

\DEVICEMAP\PARALLEL PORTS

\DEVICEMAP\PointerClass

\DEVICEMAP\PointerPort

\DEVICEMAP\SERIALCOMM

\DEVICEMAP\VIDEO

HARDWARE\RESOURCEMAP

\RESOURCEMAP\Hardware Abstraction Layer

\RESOURCEMAP\KeyboardPort/PointerPort

\RESOURCEMAP\LOADED PARALLEL DRIVER RESOURCES

\RESOURCEMAP\LOADED SERIAL DRIVER RESOURCES

\RESOURCEMAP\OtherDrivers

\RESOURCEMAP\System Resources

\RESOURCEMAP\VIDEO

Orders Orders Backward Forward
Comments Comments


 COMPUTING MCGRAW-HILL | Beta Books | Contact Us | Order Information | Online Catalog

Computing McGraw-Hill is an imprint of the McGraw-Hill Professional Book Group.


A Division of the McGraw-Hill Companies
Copyright © 1997 The McGraw-Hill Companies. All rights reserved. Any use is subject to the Terms of Use; the corporation also has a comprehensive Privacy Policy governing information we may collect from our customers.