CEG 233: Linux and Windows 

Lab on Programs and Processes

   

Table of Contents

  1. Educational Objectives
  2. Programs
  3. Processes
  4. Lab Experiment
  5. Acknowledgements
  6. References

Educational Objectives

The objectives of this lab experiment are to make you :

  1. Understand the distinction between programs and processes
  2. Control processes as in stopping, resuming, changing priorities
  3. Observe the resources (such as CPU time, etc.) consumed

Programs

The word "program" is often used loosely.  In this course, we will be very careful in the use of this word.  A program is a static (i.e., unchanging/passive) entity.  It is a file whose content is rigidly formulated as needed by the operating system.  For each OS, there are several such rigid formats.  In Linux, ELF is the most common.  In Windows, the EXE format is the most common.  In response to an exec system call, an OS loads the program into main memory, constructs certain OS-internal data structures.  The resulting entity is called a process.  A process is a dynamic (i.e., changing/active) entity.

Creation of Programs

We write the source code of programs.  A program may have help files, documentation, and other such files. These are not essential in that their absence will not disable the launching of a program. The source code is a file of text that must abide by the syntax and semantics of some programming language.  Some well known programming languages are C++, Java, Perl, Python, and Assembly.  Source code files are processed by programs that are called compilers, interpreters, and assemblers.  For reasons of modularity and manageability, the source code is often split into multiple files.  After compilation of the source code, object code files are produced.  These are linked into an executable file that is then qualified to be called a program.  The tools (compilers, assemblers, interpreters, and linkers) that help create programs are not considered part of an OS.

Libraries and System Calls

A library is a collection of compiled methods.  These are well-debugged, and performance optimized over a long period.  Some libraries are considered "standard" and various tools know about them.  In both Windows, a library has the extension of .dll and in Linux the extension is .so.

Every OS contains a few hundred methods, known as system methods, intended for use by programs.  The methods are invoked by a special machine instruction called a syscall (trap, int for software-interrupt, or supervisor-call).  Certain machine registers are loaded with the arguments needed by the syscall, a specified register is loaded with the syscall number, and then syscall is executed.  These system calls/methods are executed in a CPU mode ("kernel" mode) that is at a higher privilege than the usual ("unpriviledged" or "user") mode.

Standard libraries often include simple wrappers around every system call.  Thus, fopen() is a library method whereas open() is a syscall.

Extensions

There are compilers that compile Java straight into the machine code of a specific CPU, instead of JVM .class files.

Table of extensions
Linux Windows  
  .exe Program file; Linux programs have no extension
  .com Program file; DOS legacy
.o .obj object code files
.class .class Java Virtual Machine (JVM) object code files; platform (i.e., CPU and OS) independent
.so .dll Dynamic link libraries
.a   static link libraries
.ko .sys Kernel module/driver

Install Directories

Programs are installed into specific directories.  On Linux, the standard directories are

/bin Programs essential for booting and simple operation of the computer system
/usr/bin Programs for general use
/sbin System programs essential for booting and simple operation
/usr/sbin System programs  for general use
/usr/local Programs and libraries installed by a local administrator
/lib Essential Libraries
/usr/lib General use libraries
/etc Configuration files

On Windows, the standard directories are (C: is used as an example only; do echo %SystemDrive% in cmd to see the actual drive name on the PC your are working on):

C:\Program Files Programs installed by the administrator
C:\Windows Windows OS files, includes programs, libraries, logs and even a temporary directory
C:\Windows\system32 Windos OS system programs and libraries

More on Programs

Often a program is not a single file.   Many programs consist of a main file and several code library files.  In Linux, these libraries have names ending with the extension .so and in Windows .dll.  These are essential in that the absence of any such file will cause the launch of a program to fail.  Often a program has other non-essential files; e.g., it may have help files, documentation, and other such files.  These are not essential in that their absence will not disable the launching of a program. When these files are asked for, you will only get a "missing file" error.

Utilities

The following are standard programs that you are expected to learn as part of this course in the context of programs.  For further details on the commands, look it up in the text book, man/help pages, and the web.

  Linux Windows Brief description/Limitations in the Learning Objective, if any
  file   Heuristically determine what kind of a file the given one is
  size   Display sizes of code, bss, and data of a program
  ldd tasklist /m Display the libraries needed to invoke a program
  env set Display the Environment of the invoking shell
  install   Install a program
  nm   Display the names of variables,  methods, etc defined in a program or object code file
  strip   Strip the above names etc.

Linux includes many utilities for extracting information about the contents of files. Two of the most important are file and size.

file FILENAME... will output the type of the given files, such as "ASCII text" or "MP3 file with ID3 version 2.3.0 tag". It does this by examining certain distinctive patterns of bytes within a file (called the type's magic number), and can often get quite detailed information.

size outputs information about object files or compiled executables, such as those produced by GCC. Specifically, it lists the sizes of the various sections of the object file. The "text" section is the code, "data" contains data which is initialized, and "bss" is the uninitialized part of the data segment. (Recall the difference between initializing a variable and merely declaring it from CS240.)

The environment is the set of string variables available to all processes. In Linux, env command displays the environment and the set command manipulates it.

Since all programs can access the environment string, it's frequently used as a way to supply options to commands without repeating them every time the command is invoked. (ls reads LS_OPTIONS, for example).

Other examples of values commonly stored in the environment are:

It is a Linux convention that all global environment variable names be upper-case.

In bash, environment variables may be manipulated just like any other shell variable, using $, =, and so forth. For example, PATH=$PATH:~/bin appends the user's own bin directory to the path.

Processes

To repeat: The word "program" is often used loosely.  In this course, we will be very careful in the use of this word.  E.g., programs do not run -- processes do.  A program is a static (i.e., unchanging/passive) entity.  It is a file whose content is rigidly formulated as needed by the operating system.  A successful invocation of a program results in a process.  The invocation is typically done either via a shell (cmd or bash) or a menu system (which is a "graphical" shell). More technically, in response to an exec system call, an OS loads the program into main memory, constructs certain OS-internal data structures.  The resulting entity is called a process.  A process is a dynamic (i.e., changing/active) entity.  Process management is a significant and integral subsystem of a modern OS.

Process States

Process states: Read-to-run, Running, Waiting for an event, swapped out.  State transitions occur as a result of process scheduling by the OS.  Preemption.  Priorities.

Resources Used by Processes

Every process consumes some resources.  The most obvious ones are CPU time, memory, open files, and devices.  These are granted to the process as requested/ needed/ available by the OS.

Every process begins with an Open File Table containing three entries in indices 0, 1 and 2.  The "stdout" and "stdin" are the normal text input and output of commands, i.e. what shows up in the terminal. C++ programmers can think of them as like "cout" and "cin". There is also a "stderr" for the output of error messages.  The shell usually refers to them by number: stdin == 0, stdout == 1, and stderr == 2.  The stdin is initially bound to the keyboard; the stdout and stderr are initially bound to the screen.  When additional files are opened these are inserted into the Open File Table; as files get closed, these are vacated.  So, at any given moment, the Open File Table may not be contiguously filled.  There is a limit on the size of this table imposed by the sys admin of the system; typically, it is around 30.

Standard Processes in Linux

The following list was generated by ps aux and then pruned to show only a few of the standard processes.  This list does vary from PC to PC depending on the hardware installed and the OS configuration.

USER       PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND
root         1  0.0  0.1   2952  1852 ?        Ss   Nov23   0:01 /sbin/init
daemon    4118  0.0  0.0   1812   552 ?        Ss   Nov23   0:00 /sbin/portmap
statd     4137  0.0  0.0   1876   716 ?        Ss   Nov23   0:00 /sbin/rpc.statd
root      4407  0.0  0.0   1696   520 tty1     Ss+  Nov23   0:00 /sbin/getty 38400 tty1
root      4914  0.6  6.6  77020 69344 tty7     SLs+ Nov23  45:50 /usr/bin/X
root      4931  0.0  0.0   5280   992 ?        Ss   Nov23   0:00 /usr/sbin/sshd
root      5506  0.0  1.2  31692 13132 ?        S    Nov27   0:00 kded [kdeinit]            
pmateti   5828  0.0  1.2  31868 13024 ?        S    Nov23   1:57 kwin [kdeinit]
pmateti   5830  0.0  1.7  35256 17660 ?        S    Nov23   0:44 kdesktop [kdeinit]                                          
pmateti   5832  0.0  1.8  37200 19476 ?        S    Nov23   1:06 kicker [kdeinit]                                            
pmateti   5863  0.0  0.1   4712  2044 pts/0    Ss   Nov23   0:00 /bin/bash

Standard Processes in Windows

The following list was generated by tasklist and then pruned to show only a few of the standard processes.  This list does vary from PC to PC depending on the hardware installed and the OS configuration.


Image Name                   PID Session Name     Session#    Mem Usage
========================= ====== ================ ======== ============
System Idle Process            0 Console                 0         28 K
System                         4 Console                 0        236 K
smss.exe                     812 Console                 0        380 K
csrss.exe                    876 Console                 0      3,460 K
winlogon.exe                 904 Console                 0      6,452 K
services.exe                 948 Console                 0      5,908 K
lsass.exe                    960 Console                 0      1,632 K
ati2evxx.exe                1120 Console                 0      3,344 K
svchost.exe                 1152 Console                 0      5,252 K
spoolsv.exe                 2012 Console                 0      5,356 K
avgamsvr.exe                 312 Console                 0        332 K
MDM.EXE                      436 Console                 0      2,852 K
explorer.exe                1312 Console                 0     29,260 K
alg.exe                     1332 Console                 0      3,552 K
wmiprvse.exe                6488 Console                 0      5,632 K

Utilities

The following are standard programs that you are expected to learn as part of this course in the context of processes.  For further details on the commands, look it up in the text book, man/help pages, and the web.

  Linux Windows Brief description/Limitations in the Learning Objective, if any
  ksysguard taskmgr Continuously updated GUI view of processes
  ps tasklist Display processes currently alive
  top   Continuously updated text view of processes
  nice   Invoke the rest of the command at a lower priority
  time   Invoke the rest of the command and time it
  kill taskkill /pid Kill a process whose number is given.
  killall taskkill /im Kill a process whose name is given.
  bg   Place the last suspended process in the background
  fg   Place the last suspended process in the foreground
    sc Service Controller
  ltrace   Show library calls being made
  strace   Show system calls being made

Kill Command

Syntax: kill -[SIGNAL] PID...

Despite its name, ending processes is only one function of the kill command. More generally, it sends signals to processes (i.e., it raises exceptions). Programs can either catch these signals and handle them gracefully, or allow the operating system default to handle them.

The default signal sent by kill is SIGTERM. A different signal can be given before the PIDs, either by number (kill -1) or by name (with or without the "SIG", kill -HUP and kill -SIGHUP both work).

Signals are sent for other events besides the user running kill. Many of the most common signals are never sent directly by users except when testing. Bugs in a program may cause it to terminate with SIGSEGV, and pressing control-c usually sends SIGINT, for example.

Unfortunately, signal numbers vary between Unix flavors. The most common signals usually stay the same, but it's a good idea to check kill -l for supported signals. Further, although many systems provide convenience utilities for common tasks, they sometimes have different effects when moving between systems. For example, the command that kills all processes matching a certain name on Linux will end all running processes on Solaris!

Common Signals:

Number Name Meaning
1 SIGHUP "Hang up", causes programs to quit or reload their configuration.
2 SIGINT "Interrupt", like control-c in Bash
4 SIGILL "Illegal instruction", meaning bad assembly code.
9 SIGKILL Cannot be caught and thus causes any process to terminate immediately.
11 SIGSEGV "Segmentation fault", a memory or pointer error.
15 SIGTERM Terminate the process, with whatever graceful shutdown it provides (the default).
13 SIGPIPE Pipe redirection failure.
(Varies) SIGSTOP Suspends the process, like control-z in Bash. (18 on Linux, 23 on Solaris)
(Varies) SIGCONT Continues a suspended process, like fg in Bash. (18 on Linux, 25 on Solaris)

Lab Experiment

All work is expected to be carried out in the Operating Systems and Internet Security (OSIS) Lab, 429 Russ.   But, you are welcome to work wherever.  Note that use of both Linux and Windows and other software, that may not always be installed in other facilities, may be needed.

Windows PsTools

In this Lab, the tools needed for the Linux part are readily present in a typical Linux distribution, but the tools needed for Windows (namely the PsTools)  need to be downloaded from the following URL: http://www. microsoft.com/technet/sysinternals/utilities/pstools.mspx. None of the tools requires "installation." Download them to your thumb drive.The tools included in the PsTools suite are:

  1. PsExec - execute processes remotely
  2. PsFile - shows files opened remotely
  3. PsGetSid - display the SID of a computer or a user
  4. PsInfo - list information about a system
  5. PsKill - kill processes by name or process ID
  6. PsList - list detailed information about processes
  7. PsLoggedOn - see who's logged on locally and via resource sharing
  8. PsLogList - dump event log records
  9. PsPasswd - changes account passwords
  10. PsService - view and control services
  11. PsShutdown - shuts down and optionally reboots a computer
  12. PsSuspend - suspends processes

The author of the above alerts us that some anti-virus scanners may report that one or more of the tools are infected with a "remote admin" virus.  None of the PsTools contain viruses, but they have been used by viruses, which is why they trigger virus notifications.

Explain/Discover/Record below means writing in your own words and/or copying appropriate lines into a plain text file named myLabJournal.txt.

In Windows

  1. Open the Task Manager (TM), and keep this window visible for the rest of this experiment.  View the Processes tab.  Make sure that PID, CPU usage, CPU Time, Page Faults, User Name, Virtual Memory Size columns are being displayed.  If you wish, choose any other columns.
  2. Invoke a web browser, and surf to a site of your choice that has a lot of text.
  3. Invoke MS Word via the menu system.  Discover (Hint: examine TM ) and record the exact program name  and PID of Word and the above web browser.
  4. Record the data shown in TM for Word (i) before and (ii) after the following action: Copy and paste a paragraph (of about 10000 characters) from some web site into Word, and save it on the Desktop as a file named junk.doc.  Explain the changes you see in the TM data for this process.
  5. Invoke cmd.  In this window, invoke the pssuspend tool you downloaded to suspend the Word process.  Record and explain if any changes have occurred in the TM with respect to Word.
  6. Copy and paste a paragraph (the same as above or any other) from some web site into Word.  Record and explain what the response is from Word.
  7. Invoke the pssuspend tool to resume the Word process.  Redo the above step.  Record and explain if any changes have occurred in the TM with respect to Word.
  8. Observe the TM for about 60 seconds and answer the following: What are the names of the processes with the highest numbers in the columns chosen in Step 1?
  9. Invoke pslist with no arguments.  Select and explain the details shown of any two processes.

In Linux

In this part of the experiment, the overall goal is to repeat the above in Linux.

  1. List what the Linux "equivalents" are for: TM, MS Word, cmd, pssuspend,  pslist .
  2. Using these equivalents, perform the steps listed in the Windows part of this lab.  Before performing each step describe the details as in the Windows section of the step that you are about to do.

Turnin

  1. Note the number <n> of this Lab from the course home page and use L<n> as the first argument to turnin.  Turn in the file called myLabJournal.txt, and the usual ReadMe.txt as explained in Expectations.

Link to Grading Sheet

Acknowledgements

References

  1. Mark G. Sobell, "A Practical Guide to Linux(R) Commands, Editors, and Shell Programming", Prentice Hall, ISBN-10: 0131478230, ISBN-13: 978-0131478237, 2005.  Chapters 5 and 8.  In particular, bg, fg, kill, etc.  Required Reading.
  2. Wes Miller, Introduction to the PsTools. http://www.microsoft.com/ technet/ technetmag/ issues/ 2007/03/ DesktopFiles/default.aspx "Miller gives a high-level overview of the Sysinternals PsTools in the March column of his TechNet Magazine column. "  Required Reading.
   
Copyright © 2009 pmateti@wright.edu June 2009