Original URL: http://www.theregister.co.uk/2009/11/18/windows_7_heart/
Windows 7's dirty secrets revealed
Hidden work arounds and complex dependencies
PDC While chief technology officer Ray Ozzie was away in the clouds at Microsoft's Professional Developer Conference, technical fellow Mark Russinovich got down and dirty with the true heart of Windows - the kernel.
He presented a two-hour session on changes made to the kernel used by both Windows 7 and Server 2008 R2, shedding light on some confusing issues - like the Windows version number, which he said "means nothing at all". Windows 7 is version 6.1, not because it is a minor release, but for compatibility with applications that check the major number and would not run if it said 7.
Another of his themes was MinWin, a lightweight version of Windows whose purpose has sparked speculation. MinWin exists, he said, and contains the minimum necessary to boot and access the network: kernel, file system driver, device drivers, services and TCP/IP stack. It amounts to around 150 binaries, and requires 25MB disk space and 40MB RAM.
MinWin is handy for setup and system recovery, but its real purpose is to introduce what he calls "architectural layering" to Windows. Microsoft needs small footprint versions of Windows, both for embedded use and for the GUI-free Server Core edition. The problem is that the operating system is full of internal dependencies, and as Russinovich admitted: "We don't really understand those dependencies".
Engineers have added features to low-level APIs that assume the presence of dynamic link libraries (DLLs) that belong with higher level APIs, and when you try to extract just those low-level components, they break. MinWin is a first step in making Windows layered, maintainable and understandable.
A fresh DLL hell
In order to make MinWin, Microsoft had to split existing DLLs that had these unwanted dependencies, such as Kernel32.dll. The team created KernelBase.dll, which has only the base functions MinWin requires. Applications expect to find these functions in Kernel32, but they are simply forwarded to KernelBase. Kernel32 itself is outside MinWin.
A related problem is that Microsoft has been in the habit of combining unrelated APIs into the same DLL for performance reasons. Its solution is to create virtual DLLs, which are the API sets programmers call, but which are implemented in logical DLLs that might combine several virtual ones. A schema file that is mapped into every process tells Windows where the real API resides.
Russinovich went on to explain why Windows 7 is faster. Memory footprint was reduced by up to 30 per cent by reviewing excessive memory allocations, and by refactoring the Desktop Window Manager (DWM) to avoid a second copy of every Window being held in memory. The registry is no longer accessed as a memory-mapped file, reverting a change made for Windows XP. Processes that consume large amounts of memory are more aggressively pruned. Microsoft also picked out 300 common user actions, such as clicking the Start menu or opening Control Panel, and gave them intensive optimisation to improve perceived performance.
How about reliability? This was fascinating. Microsoft observed that 15 per cent of all user-mode crashes and 30 per cent of shutdown crashes were caused by heap corruption: applications that try to access freed memory, or memory beyond what is allocated. Its solution was a feature called the Fault Tolerant Heap (FTH).
If an application crashes a few times, Windows will automatically apply a shim that intercepts its memory operations. FTH will over-allocate memory, and keep a copy of freed memory so that attempts to re-read it will succeed. The user gets better reliability at the expense of performance, which suffers by up to 15 per cent or so, while buggy applications work better than you would expect.
Developers expressed some concern. Were their mistakes being disguised so that they would remain unfixed? It is a risk, though if Windows detects a debugger the feature turns itself off. You can also disable FTH, though not on a per-process basis.
UAC won't protect you from malware
Russinovich also spoke about the contentious User Account Control (UAC), which prompts the user to approve actions that should require administrative rights. "UAC is not an anti-malware solution," he said. "If you think you are safe from malware because you are in one of those prompting modes, you're wrong. If malware gets on your box, and you are admin, you must assume that malware will gain admin rights."
Proving the point, he showed how a genuine, signed Microsoft executable might load a malicious process, invisible to the user. So what is the point of UAC? "It is about one thing, which is about getting you guys to write your code so that it runs well as standard user."
There was more: how the .VHD virtual hard drive format might become a standard container to replace ZIP, and the advantages of booting from a VHD. Also, how Windows 7 attempts to reduce power consumption with tricks like putting idle processor cores to sleep in a smarter fashion than earlier versions of Windows. Did you know that running powercfg /energy from an administrative command prompt generates an energy efficiency report for your PC?
Russinovich was full of such surprises. Positively, his talk shows the effort Microsoft is putting into rescuing Windows from its muddled legacy and buggy applications; negatively, he reveals just how many odd workarounds exist under the surface. ®