Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science

Getting started with WRK

advertisement 
Getting Started with the Windows Research Kernel (WRK)
Version 1.23 – Thursday April 23, 2009
Marty Humphrey, Associate Professor, Department of Computer Science, University of Virginia
Brian Burns, Program Manager, Microsoft
Serge Lidin, Software Design Engineer, Microsoft
The purpose of this document is to illustrate how to compile, modify, and use the Windows Research
Kernel (WRK). The basic idea is that you will edit and recompile the WRK on a Windows computer, and
then run it on a virtual machine running Windows Server 2003. The virtual machine will run in the
Virtual PC 2007 environment, which in turn runs under the host Windows OS. The host OS may be
Windows Server 2003 or later, or Windows XP or later. This document contains the steps you can take to
install everything you need to edit, compile, and run the WRK. The final section of this document
describes how to modify the WRK source code, recompile your kernel, and confirm that your changes are
executed by attaching a kernel debugger to the virtual machine. Throughout this document, there are nine
self-study questions.
The intended audience of this document are new users to the WRK with limited knowledge of the
Windows operating system. No special knowledge of operating system design and/or implementation is
necessary to perform the steps in this document. Editing the WRK can be accomplished by any text editor,
and compilation of the WRK utilizes the nmake utility that is installed with the WRK sources.
General Information
1. You will need to work rather extensively with the console (Windows Command Prompt)
windows. To start a fresh console window, use selections (Start  All Programs  Accessories
 Command Prompt) OR (Start  Run), then type “cmd” and click OK or press Enter.
2. To execute a command in the console window, type this command and press Enter.
3. There are four components you need to have installed on your machine: Windows Debugger,
Virtual PC 2007, virtual machine image of Windows Server 2003 SP1 (with virtual hard drive
image), and the WRK itself including source code, tools and binaries. Installation of virtual
machine with its hard drive image and of WRK boils down to simple copying them to specified
directories.
4. You can install all the components separately from respective entries on the DVD or you can
install everything using file WRKCompleteInstall.bat residing in the root of the DVD.
Working with WRKCompleteInstall.bat
The WRKCompleteInstall.bat takes four parameters specifying destination directories of the
components being installed:
/i <virtual_machine_directory>
/w <WRK_directory>
/d <debugger_directory>
/v <Virtual_PC_directory>
1
The default destination directories are as follows:
WRK:
C:\WRK-v1.2\
Virtual machine:
C:\WRK-v1.2\Win2k3SP1 Image\
Debugger:
C:\Program Files\Debugging Tools for Windows\
Virtual PC:
C:\Program Files\Microsoft Virtual PC\
If you don’t mind the components to be installed to their default destinations, invoke
WRKCompleteInstall.bat without parameters by opening Windows Explorer (double-click on
“Computer” icon on your desktop), selecting the DVD drive, and double-clicking on
WRKCompleteInstall.bat entry.
Alternatively, you can run WRKCompleteInstall.bat from a console window, with or without
parameters:
1. Open Windows Explorer and find out what is the letter of your DVD drive (let it be, say, F).
2. Open console window, type F: and press Enter; you have switched to your DVD drive.
3. Now type WRKCompleteInstall and press Enter to install the components to default
destinations
4. OR specify the destinations, for example:
WRKCompleteInstall /i C:\WRK_VM /w C:\WRK /d C:\WinDbg /v C:\VPC
If the full name (path) of a destination directory contains space symbol, the whole path should be
enclosed in double quotes, for example: /d “C:\Program Files\WinDbg”
The destination directories should not yet exist on your drive. If the batch file detects that a destination
directory already exists, it skips installation of respective component.
This is done to enable the batch file to perform partial installations. For example, if you already have
Virtual PC 2007 installed on your computer, specify its installation directory in /v parameter, and
installation of Virtual PC 2007 will be skipped.
Copying WRK Separately
To copy the WRK (presuming you have the other three components already installed) to your machine,
follow these steps:
- open a console window;
- switch to DVD drive;
- execute command cd \Resources\Windows_Research_Kernel\Get_WRK
- execute command WRKCopy /w <destination_directory>
(if you run WRKCopy.bat without parameters, WRK will be copied to C:\WRK-v1.2\);
ALTERNATIVELY
- open Windows Explorer;
- create the destination directory on your hard drive;
- switch to DVD drive;
- navigate to \Resources\Windows_Research_Kernel\Get_WRK\WRK-v1.2\;
- select all files and subdirectories, drag and drop them to the destination directory.
2
Exercise #1: Building the WRK
Windows Research Kernel can be built from Visual Studio 2008 environment or from a console window.
To build WRK from command line:
- open console window;
- switch to the directory WRK was copied to (for example, cd \WRK-v1.2);
- execute Build <arch> (or Rebuild <arch> or Clean <arch>), see note about <arch>
below;
OR
- open console window;
- switch to the directory WRK was copied to;
- execute WRKEnv <arch>, see note about <arch> below;
- execute cd base\ntos
- execute nmake %wrkarch%=
To build WRK in VS2008 environment:
- start VS2008;
- open solution <WRK_DIR>\WRK.sln, where <WRK_DIR> is the directory WRK was copied to;
- make sure the Configuration is amd64/Win32 or x86/Win32, as is appropriate;
- select Build/Build Solution (or Rebuild Solution, or Clean Solution).
NOTE: don’t start the build before looking at question #Q-1, below!
The built kernel is located in c:\WRK-v1.2\base\ntos\BUILD\EXE as wrkx86.exe .
NOTE ABOUT <arch>
Batch files Build.bat, Rebuild.bat, Clean.bat, WRKEnv.bat and WRKDebug.bat take one
parameter – target architecture, which is x86 or amd64.
For the first use of either of these batch files, default target architecture is x86.
Once the target architecture was defined (explicitly or by default), it cannot be changed for current
console window, and <arch> parameter of the batch files is ignored.
The title of the window where the WRK environment has been set to some target architecture changes to
“WRK x86” or “WRK amd64”.
To work with different target architecture, open another console window.
Questions for this exercise:
Q-1. How long did it take to compile your kernel the first time? If you run the same command a
second time (step #5, above), how long does it take? (It is sufficient in this case to “eye-ball” it –
‘seconds’ resolution is fine).
3
Exercise #2: Running Windows Server 2003 inside Virtual PC 2007
1. A fully configured Virtual PC 2007 virtual machine has been provided on this DVD for you to run the
WRK. If the default installation options were used, it is located in the directory
C:\WRK-v1.2\Win2k3SP1 Image\
2. Start Virtual PC 2007 (Start  All Programs  Microsoft Virtual PC). This will start the “New
Virtual Machine Wizard”:
a. “Add an existing virtual machine”
b. Browse to c:\WRK-v1.2\Win2k3SP1 Image\ (or whatever directory you chose with
WRKCompleteInstall.bat) and choose the file “Win2k3 SP1 WRK.vmc”
c. Click Next  Finish, making sure the “When I click Finish, open Settings” box is checked.
3. The settings windows for “Win2k3 SP1 WRK” should now be open. Please note the following:
a. “Undo Disks” is disabled. Any changes you make to the virtual machine will be written to the
hard disk. If you want the option of throwing out any changes you make when you turn off
the virtual machine, enable this option.
b. The named pipe \\.\pipe\debug is configured on COM1. This allows WinDbg to connect to
the WRK within the Virtual PC 2007 environment.
c. “Virtual Machine Additions” are installed, enabling “pointer integration”. “Virtual Machine
Additions” allow a tighter connection between the host machine and the Virtual Machine (for
example, the performance of the virtual machine will be better, you can resize the Virtual
Machine window, and you will be able to drag-and-drop from the physical machine to the
virtual machine).
i. Note: upon rebooting the Virtual Machine, the way to get “Ctrl-Alt-Delete” to the
Virtual Machine is via the Virtual Machine’s “Action” menu.
d. The “Shared Folder” c:\  z:\ is enabled. This option maps the c:\ root directory on the host
machine to the z:\ drive on the virtual machine for easy file sharing between the systems.
4. Start the “Win2k3 SP1 WRK” virtual machine from within the Virtual PC Console window.
5. At the boot prompt, select “Windows Server 2003, Standard”. This option boots the original
Windows Server 2003 SP1 kernel. The other options boot the WRK with and without debugging
enabled.
a. Note: To help people keep track of kernel versions being run, the virtual machine desktop
wallpaper has been preconfigured to show the kernel build number.
6. The virtual machine has been preconfigured to automatically login to the administrator account
without user interaction. If you prefer to use another account or require user login, please use the
information provided in SetAutoAdministratorLogon.zip on the virtual machine desktop to modify
this behavior.
7. Give your physical machine a name unique to you to prevent any domain naming conflicts.
a. Right click on My Computer  Properties Computer Name Change
b. You can also add the virtual machine to a domain if you wish. It is preconfigured to be part of
the generic workgroup “WORKGROUP”
8. Note: Windows update is turned “off” to prevent SP2 from being installed in the virtual machine. SP2
is not compatible with the WRK at this time and installing SP2 into the virtual machine can only be
reversed if the “Undo Disks” setting is enabled.
Questions for this exercise:
Q-2. How big is the physical file that contains your virtual disk? (Right click on the .vhd file and get
“Properties” – not the .vmc file)
4
Exercise #3: Monitor the invocation of “QuerySystemInformation”
In this portion of the lab you will modify the WRK kernel to print out some debugging information to
keep track of the number of times “QuerySystemInformation” is invoked (sometimes a developer may
wish the kernel is “instrumented” this way for performance purposes – for example, if we find that this
function is invoked A LOT, then this function is a reasonable candidate for performance optimization,
right?)
1. In this first step, we’ll confirm that you can attach a debugger to the kernel (we won’t actually modify
the kernel until the next step). Follow the instructions at http://support.microsoft.com/kb/871171/ to
attach the kernel debugger to your Virtual Machine (Note that this works for Virtual PC 2007 as well
– follow the instructions for Virtual PC 2004). Here is some additional information:
a. Start your WRK Virtual Machine if it’s not already running and at the boot prompt, chose the
“Windows Server 2003 SP1, WRK [debugger enabled]” option.
b. Your virtual machine should sit idle while it waits for the Windows Debugger (WinDbg) to
connect.
c. Open a console window on the host machine and start the Windows Debugger:
- switch to the directory WRK was copied to;
- execute WRKDebug <arch> (see note about <arch> in Exercise #1);
OR
- switch to the directory WRK was copied to;
- execute WRKEnv <arch> (see note about <arch> in Exercise #1);
- execute WinDbg %windbgargs%
d. During the booting activity, you should see a few lines of text on your “WinDbg” window
(probably beginning with “Connected to Windows Server 2003 3790 x86 compatible target,
ptr64 FALSE”). If not, then re-try, making sure that you selected the debugging kernel to be
booted.
i. Note: In order to connect to the kernel from WinDbg, you may have to click Debug
 Break in the WinDbg window.
e. Once this works, go onto the next step without shutting down your Virtual Machine or your
windbdg.exe window. You’ll know it works if you see this info in the debugging window and
you’re able to log onto your WRK Virtual Machine.
2. Now we will modify the kernel, install it on the Virtual Machine, boot the modified kernel, and see
the output on the debugging window. We’ll start by modifying and recompiling our kernel on the
physical machine:
a. Open a text editor of your choice and edit C:/WRK-v1.2/base/ntos/ex/sysinfo.c
b. Get to line 1721 and insert the following line:
static int NumTimesCalled = 0;
c. Shortly after this (immediately before the line “Status = STATUS_SUCCESS”), add the
following line:
DbgPrint( “WRK %d: Entering NTQuerySystemInformation!!!\n”,++NumTimesCalled );
d. Save the file and recompile the kernel as above (Exercise #2) 1
3. Drag-and-drop your new kernel onto the Virtual Machine’s Administrator’s “My Documents” folder
(the new kernel will be on the physical machine in C:\WRK-v1.2\base\ntos\BUILD\EXE, with the
1
We recommend you make a backup copy of this file before saving the modified version.
5
name wrkx86.exe). Once you have moved it to the Virtual Machine, copy this file on the Virtual
Machine to C:\WINDOWS\system32\
a. The virtual machine has been preconfigured to boot the WRK and already contains the file
wrkx86.exe in C:\WINDOWS\System32. We recommend you back up this file before
copying over it with the modified kernel. When this file is copied over, the WRK boot
options in the virtual machine will both point to the new kernel.
4. Reboot the Virtual Machine via Start  Shutdown  Restart. Select the “Windows Server 2003 SP1,
WRK [debugger enabled]” boot option and watch the output on the debugging window.
a. Note: you’ll probably have to select the debugger window, which may be hidden, and select
“no” to the question “Save information for workspace?”)
5. If everything is working, you should start seeing something like:
WRK 82: Entering NTQuerySystemInformation!!!
WRK 83: Entering NTQuerySystemInformation!!!
WRK 84: Entering NTQuerySystemInformation!!!
If you’re not seeing this, then go back through the instructions to see if you’ve missed something.
Note: if your new kernel does not boot, then you can reboot into the “Windows Server 2003,
Standard” boot kernel.
Questions for this exercise:
Q-3. How many times is this function invoked up until right before the Windows login banner appears,
right after the WRK Virtual Machine has fully booted?
Q-4. Show a small section of the output of the invocation of your debugging statement. To do this, first
select the Debugging window and then hit Alt-PrtSc (“print screen”). This will put a copy of the
window into the edit buffer, which you can then get at (say in Microsoft Office) via Edit  paste.
Q-5. Once you’ve completed that, and closed your Virtual Machine and debugging window, how big is
the physical file that contains your virtual disk now? Why is this? (I.e., why is it the same, or why has
it changed?)
That’s it! You have successfully modified the Windows Research Kernel and observed your change in
action. By following this basic procedure, you are now able to explore all kinds of kernel modifications
and subsequently test the effect of such changes. Our general advice: Always keep a “safe” copy of a
kernel bootable via C:\boot.ini – this will allow you to easily revert to a known safe state. Have fun!
6
Related documents
课程内容
课程内容
Transfer Guide
Transfer Guide
Abstract
Abstract
Domain Invariant Transfer Kernel Learning Abstract: Domain
Domain Invariant Transfer Kernel Learning Abstract: Domain
Gas-Phase Amidation of Carboxylic Acids with Woodward`s Reagent
Gas-Phase Amidation of Carboxylic Acids with Woodward`s Reagent
Job Analysis
Job Analysis
Text S2 - Choosing a smoothing factor for kernel analysis
Text S2 - Choosing a smoothing factor for kernel analysis
Buried kernel Chat C: I don`t want to say much, er, just very fast. But I
Buried kernel Chat C: I don`t want to say much, er, just very fast. But I
Download
advertisement