Scribd
Upload
9 views

Windows Q&a

The document contains 9 questions and answers about various technical topics related to Windows operating systems: 1. Win32k.sys provides kernel-mode GDI support and communicates directly with graphics drivers to output graphical content. 2. In a batch operating system, multiple users can share the system and idle time is low as large work can be repeated easily. 3. After the MBR, bootmgr takes over the boot process and loads Windows using Winload.exe and Winresume.exe in accordance with the boot parameters. 4. Phase 0 initializes basic kernel services while Phase 1 enables interrupts and notes the boot time.

Uploaded by

Ridhi Tiwari
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
9 views

Windows Q&a

The document contains 9 questions and answers about various technical topics related to Windows operating systems: 1. Win32k.sys provides kernel-mode GDI support and communicates directly with graphics drivers to output graphical content. 2. In a batch operating system, multiple users can share the system and idle time is low as large work can be repeated easily. 3. After the MBR, bootmgr takes over the boot process and loads Windows using Winload.exe and Winresume.exe in accordance with the boot parameters. 4. Phase 0 initializes basic kernel services while Phase 1 enables interrupts and notes the boot time.

Uploaded by

Ridhi Tiwari
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 5

Team 3 Questions

1. What is the function of win32k.sys?

Answer:

The Graphics Device Interface Provides functionality for


outputting graphical content to monitors, printers and other output
devices. It resides in gdi.exe on 16-bit Windows, and gdi32.dll on
32-bit Windows in user-mode. Kernel-mode GDI support is provided
by win32k.sys which communicates directly with the graphics driver.

2. Explain the Feature of Batch OS?


Answer:
● Multiple users can share the batch systems

● The idle time for batch system is very less

● It is easy to manage large work repeatedly in batch systems

3. Explain what is happening in bootmgr after MBR?


Answer: The previous Windows NT boot loader, ntdlr, is
replaced by three components.
Windows boot manager(bootmgr.exe), Winload.exe,
Winresume.exe. The boot loader resides in the root
directory of each Windows partition. Once selected, boot
loaders take over the boot process and load the OS in
accordance with the selected boot parameters. The
Widows loader binary loads essential system drivers that
are required to read data from the disk and initializes the
system to the point where the Windows kernel can begin
execution.

4. Difference between Phase 0 and 1?


Answer:
Phase 0 initializes just enough of the kernel and Executive
subsystems so that basic services required for the completion of
initialization become operational in phase 1. Windows keeps
interrupts disabled during phase 0 and enables them before
phase 1. It initializes hal.dll and bootvid.dll, and starts the
debugger.
Phase 1 starts when Phase 1 initialization calls the HAL to
prepare the system to accept interrupts from devices and to
enable interrupts. Stop the debugger. Phase 1 initialization notes
the time and stores it as the time the system booted.

5. What do Services.exe and Lass.exe do ?


Answer:
services.exe is a part of the Microsoft Windows Operating
System and manages the operation of starting and stopping services.
This process also deals with the automatic starting of services during
the computers boot-up and the stopping of services during shut-down.

lsass.exe is the Local Security Authentication Server. It verifies


the validity of user logons to your PC or server. Lsass generates the
process responsible for authenticating users for the Winlogon service.
If authentication is successful, Lsass generates the user's access token,
which is used to launch the initial shell. Other processes that the user
initiates then inherit this token.

6. What does MFT contain?


Answer:
1. Master File Table: Each record is exactly 1 KB in size. The first 42
bytes in the header have a fixed structure, while the rest of the
record is used to store attributes such as the file name or system
attributes. The number of attributes as well as the size of each
attribute can vary.
2. Master File Table(Copy)
3. NTFS Metadata: Contains the metadata about the data that is
stored in the above tables.
4. User Files Directory:UFD's are essential for preserving any file
links in a directory. Furthermore, on the incremental backups, one
cannot tell what files were on the original file system but were
not included on that incremental without decoding this
information

7.What does the HKEY_CLASSES_ROOT , HKEY_LOCAL_USER


saves?
Answer:

HKEY_CLASSES_ROOT: It describes the file type, file name


extension and OLE(Object linking and embedding) information.
HKEY_USERS : contains information about all the users who log on to
the computer, including both generic and user-specific information.

8. What is the use of HAL?


Answer:
HAL or the Hardware Abstraction Layer is a translatory layer that
translates the signals and impulses sent by the Hardware Devices and
helps the kernel fathom the sent data and responses that in turn is
processed by the kernel and the OS

9. Tell me something about SCM?


Answer:
Service Control Manager (SCM) is a special process under the
Windows NT family of operating systems that starts and stops
Windows processes, including device drivers and startup programs. Its
main function is to start all the required services at system startup. It is
launched by the Winint process on system boot.

You might also like