Windows 7's dirty secrets revealed

Hidden work arounds and complex dependencies


PDC While chief technology officer Ray Ozzie was away in the clouds at Microsoft's Professional Developer Conference, technical fellow Mark Russinovich got down and dirty with the true heart of Windows - the kernel.

He presented a two-hour session on changes made to the kernel used by both Windows 7 and Server 2008 R2, shedding light on some confusing issues - like the Windows version number, which he said "means nothing at all". Windows 7 is version 6.1, not because it is a minor release, but for compatibility with applications that check the major number and would not run if it said 7.

Another of his themes was MinWin, a lightweight version of Windows whose purpose has sparked speculation. MinWin exists, he said, and contains the minimum necessary to boot and access the network: kernel, file system driver, device drivers, services and TCP/IP stack. It amounts to around 150 binaries, and requires 25MB disk space and 40MB RAM.

MinWin is handy for setup and system recovery, but its real purpose is to introduce what he calls "architectural layering" to Windows. Microsoft needs small footprint versions of Windows, both for embedded use and for the GUI-free Server Core edition. The problem is that the operating system is full of internal dependencies, and as Russinovich admitted: "We don't really understand those dependencies".

Engineers have added features to low-level APIs that assume the presence of dynamic link libraries (DLLs) that belong with higher level APIs, and when you try to extract just those low-level components, they break. MinWin is a first step in making Windows layered, maintainable and understandable.

A fresh DLL hell

In order to make MinWin, Microsoft had to split existing DLLs that had these unwanted dependencies, such as Kernel32.dll. The team created KernelBase.dll, which has only the base functions MinWin requires. Applications expect to find these functions in Kernel32, but they are simply forwarded to KernelBase. Kernel32 itself is outside MinWin.

A related problem is that Microsoft has been in the habit of combining unrelated APIs into the same DLL for performance reasons. Its solution is to create virtual DLLs, which are the API sets programmers call, but which are implemented in logical DLLs that might combine several virtual ones. A schema file that is mapped into every process tells Windows where the real API resides.

Russinovich went on to explain why Windows 7 is faster. Memory footprint was reduced by up to 30 per cent by reviewing excessive memory allocations, and by refactoring the Desktop Window Manager (DWM) to avoid a second copy of every Window being held in memory. The registry is no longer accessed as a memory-mapped file, reverting a change made for Windows XP. Processes that consume large amounts of memory are more aggressively pruned. Microsoft also picked out 300 common user actions, such as clicking the Start menu or opening Control Panel, and gave them intensive optimisation to improve perceived performance.

Next page: Reliability?

Other stories you might like

  • Start using Modern Auth now for Exchange Online
    Before Microsoft shutters basic logins in a few months

    The US government is pushing federal agencies and private corporations to adopt the Modern Authentication method in Exchange Online before Microsoft starts shutting down Basic Authentication from the first day of October.

    In an advisory [PDF] this week, Uncle Sam's Cybersecurity and Infrastructure Security Agency (CISA) noted that while federal executive civilian branch (FCEB) agencies – which includes such organizations as the Federal Communications Commission, Federal Trade Commission, and such departments as Homeland Security, Justice, Treasury, and State – are required to make the change, all organizations should make the switch from Basic Authentication.

    "Federal agencies should determine their use of Basic Auth and migrate users and applications to Modern Auth," CISA wrote. "After completing the migration to Modern Auth, agencies should block Basic Auth."

    Continue reading
  • Wi-Fi hotspots and Windows on Arm broken by Microsoft's latest patches
    Only way to resolve is a rollback – but update included security fixes

    Updated Microsoft's latest set of Windows patches are causing problems for users.

    Windows 10 and 11 are affected, with both experiencing similar issues (although the latter seems to be suffering a little more).

    KB5014697, released on June 14 for Windows 11, addresses a number of issues, but the known issues list has also been growing. Some .NET Framework 3.5 apps might fail to open (if using Windows Communication Foundation or Windows Workflow component) and the Wi-Fi hotspot features appears broken.

    Continue reading
  • FabricScape: Microsoft warns of vuln in Service Fabric
    Not trying to spin this as a Linux security hole, surely?

    Microsoft is flagging up a security hole in its Service Fabric technology when using containerized Linux workloads, and urged customers to upgrade their clusters to the most recent release.

    The flaw is tracked as CVE-2022-30137, an elevation-of-privilege vulnerability in Microsoft's Service Fabric. An attacker would need read/write access to the cluster as well as the ability to execute code within a Linux container granted access to the Service Fabric runtime in order to wreak havoc.

    Through a compromised container, for instance, a miscreant could gain control of the resource's host Service Fabric node and potentially the entire cluster.

    Continue reading

Biting the hand that feeds IT © 1998–2022