Block 1 Windows Flashcards
What is the Kernel?
Windows Components
heart of the OS providing basic low-level operations suck as schedulinng threads or routing hardware interrupts
Windows Components
Explain User mode for Processors
Windows Components
Private virtual address space in memory
unprivileged/restricted
Windows Components
Explain Kernel mode for Processors
Windows Components
Shares the same vitual address space in memory
Privileged/unrestricted
Windows Components
What Processor mode makes it possible to overwrite other programs and compromise the entire system?
Windows Components
Kernel Mode
Windows Components
What are drivers?
Windows Components
Software component that enables communication between hardware and the OS
Windows Components
What are the Driver Types?
Windows Components
User Mode and Kernel
Windows Components
Explain the Drivers User mode
Windows Components
Interfaces between a Win32 application and kernel-mode driver or other OS components
Windows Components
Explain the Drivers Kernel mode
Windows Components
Interface with I/O, Plug and play memory, process and thread management, security, etc…
Windows Components
Explain Lowest-level drivers
Windows Components
Control I/O bus in which the actual hardware device is connected
DOES NOT DEPEND ON LOWER LEVEL DRIVERS
Windows Components
Give an example of a Lowest-level driver
Windows Components
AGP/PCI hardware bus drivers
Windows Components
How are intermediate-level drivers divided?
Windows Components
Function, Filter and Software bus Drivers
Windows Components
What do intermediate-level drivers and highest-level drivers have in common
Windows Components
always depend on lower level drivers for support
Windows Components
What are some examples of highest-level drivers
Windows Components
NTFS, FAT, CDFS
Windows Components
What do filter drivers do?
Windows Components
communicates with other filter drivers or function drivers
(basically filters information)
Windows Components
What are the three driver categories?
Windows Components
Software, Bus, and Device
Windows Components
What mode do bus drivers always run in?
Windows Components
Kernel mode
Windows Components
What mode do software drivers always run in?
Windows Components
Kernel mode
Windows Components
What mode do Device drivers always run in?
Windows Components
Can run in both User and Kernel mode
Windows Components
What do software bus drivers do?
Windows Components
provides an interface for higher-level drivers to attah to a set of child devices
(the bus drives around children)
Windows Components
What do function drivers do?
Windows Components
Handles reads/writes to the device and manages device power policy
Windows Components
What are the three types of intermediate-level drivers?
Windows Components
Function, filter, and software bus
Windows Components
What do software bus drivers do?
Provides an interface for higher-level drivers to attach to a set of child services
What stage is the Master Boot Record read on?
Boot Process
The BIOS Phase
Boot Process
What is the the Boot Loader Phases’s purpose?
Boot Process
To load the Kernel into memory
Boot Process
What are the three phases of the Boot process?
Boot Process
Bios Phase, Boot Manager Phase, and the Kernel Phase
Boot Process
What is the Bios Phase’s reason for existing?
Boot Process
Hardware check on the system, then searches and run the “bootmgr” file
Boot Process
What are the two parts to the Boot Loader Phase?
Boot Process
Windows Boot Manager and Windows Boot Loader
Boot Process
What does the Windows Boot Manager do in the Boot Loader Phase?
Boot Process
Launches the Windows Boot Manager and reads in the BCD
Boot Process
What does the Windows Boot Loader do in the Boot Loader Phase?
Boot Process
Launches Windows Boot Loader then finds and starts the Winloader (WInload.exe)
Boot Process
What is the Kernel Phase’s (Windows NT OS Kernel) purpose for existing? (Name three)
Boot Process
Loads the registry and drivers marked as “Boot Start” ; Launches the Session Manager (smss.exe) ; User session processes launch ; Launches Services ; Winlogon.exe (logon screen) ; session is created for the user after logon
Boot Process
Explain a File System
File Systems
A file system is implemented by the OS designed to store and retrieve data when necessary
File Systems
Explain what a File Allocation Table (FAT) is
File Systems
File system initially developed for Windows systems starting from MS-DOS up to Windows ME
File Systems
What are the downsides to a FAT file system?
File Systems
Does not support file compression or security features
File Systems
What are the three advancements of FAT over it’s lifespan?
File Systems
FAT16, FAT32, and exFAT
File Systems
How much data can FAT16 format and what is it’s max file size?
File Systems
Formats up to 16GBs; handles max file size of 2GB
File Systems
How much data can FAT32 format and what is it’s max file size?
File Systems
Formats up to 16TBs; handles max file size of 4GB
File Systems
How much data can exFAT format and what is it’s max file size?
File Systems
Formats up to 512TiBs-64ZiB; handles max file size of approximately 128 PiB
File Systems
Define a Registry
Registry
a central hierarchical database that stores necessary configuration information for the system to run
Registry
What are the 2 Root Keys in the registry structure?
Registry
HKEY_LOCAL_MACHINE and HKEY_USERS
Registry
What are the 3 Linked Keys in the registry structure?
Registry
HKEY_CLASSES_ROOT, HKEY_CURRENT_USER, and HKEY_CURRENT_CONFIG
Registry
What is the HKEY_CLASSES ROOT a shortcut to?
Registry
HKLM\SOFTWARE\Classes
Registry
What is the HKEY_CURRENT_USER a shortcut to?
Registry
HKU\SID
Registry
What is the HKEY_CURRENT_CONFIG a shortcut to?
Registry
HKLM\SYSTEM\CurrentControl\HarwareProfiles\Current
Registry
What is the structure of the Registry?
Registry
Keys which are comparable to folders of a file system and Values which are comparable to the files in a file system
Registry
What are the 6 different types similar to file extensions in the file system?
Registry
REG_BINARY. REG_SZ, REG_MULTI_SZ, REG_EXPAND_SZ, REG_DWORD, and REG_QWORD
Registry
What does REG_BINARY represent in a registry?
Registry
Binary data in the values
Registry
What does REG_SZ represent in a registry?
Registry
Null-terminated strings in the values (String registry value)
Registry
What does REG_MULTI_SZ represent in a registry?
Registry
A sequence of Null-terminated strings in the values (Multi-string registry value)
Registry
What does REG_EXPAND_SZ represent in the registry?
Registry
That the registry values can use environmental variables (Expandable string registry value)
Registry
What does the REG_DWORD represent in the registry?
Registry
A 32 bit number inside the registry values (Double word registry value)
Registry
What does the REG_QWORD represent in the registry?
Registry
A 64 bit number inside the registry values (Quadruple word registry value)
Registry
What are the registry common items?
Registry
SIDs, GUIDs, and Hexs
Registry
What is a SID?
Registry
A unique value of variable length that is used to identify a security principal
Registry
What are SIDs that identify generic users or groups and whose values are static?
Registry
Well known SIDs
Registry
What is a GUID?
Registry
A 128 bit number used to identify information in computer systems
Registry
What is commonly used to identify hardware and software versions?
Registry
GUIDs
Registry
What is a Hex value?
Registry
Uses 16 characters (0-9,A-F)
Registry
What registry Run Software is used when a user logs in?
Registry
Either HKLM\Software\Microsoft\Windows\CurrentVersion\Run or HKU\Software\Microsoft\Windows\CurrentVersion\Run
Registry
What are commonly used pieces of persistent malware used on the registry?
Registry
Using the Autorun utility from Sysinternals to find software that is set to start from this location
Registry
What are some of the ways that you can make the Windows Command Interpreter autorun a command when you start cmd.exe? (Name one of the three)
Registry
To set up the autorun when you launch cmd.ex: Create the REG_SZ value AutoRun with the data “wmic qfe list” (When you launch cmd.exe - you’ll be presented with a list of installed hotfixes) — To create a DoS either create theREG_SZ value AutoRun with the data exit (When you launch the cmd.exe - it will immediately close) — Or Create the REG_SZ value AutoRun with the data start cmd.exe (When you launch cmd.exe - it will launch cmd.exe, which will launch cmd.exe, which will launch more instance of cmd.exe until it crashes)
Registry
What is the value and data for the path HKLM\Software\Microsoft\Command Processor ?
Registry
Value = AutoRun : Data = command (that exists in the PATH variable) or filepath to a program
Registry
What does the cmd.exe executable launch?
Registry
Windows Command Interpreter
Registry
What Sysinternals tools are used to simplify the registry’s ability to delete a file that can’t be removed while the system is running, to delete system files on reboot to brick your system, and to allows malware to reboot a system and remove itself to cover your tracks?
Registry
movefile and pendmoves
Registry
What is the path HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths used for?
Registry
It is the exclusion location for Windows Defender
Registry
What is the value and data for the path HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths ?
Registry
Value = Absolute Filepath to a folder : Data = REG_DWORD 0x0
Registry
How do you access the Windows Command Interpreter (RunAs Admin)?
Microsoft Command Interpreter
Go to c: \Windows\System32\cmd.exe : tab complete enabled
Microsoft Command Interpreter
What retains case sensitivity in Windows Command Interpreter?
Microsoft Command Interpreter
Objects (files, folders and registry items to name a few)
Microsoft Command Interpreter
What is an absolute path?
Microsoft Command Interpreter
The entire path, starting with the root partition letter (i.e c:\Windows\System32\cmd.exe)
Microsoft Command Interpreter
What is a relative path?
Microsoft Command Interpreter
The path relative to the current directory
Microsoft Command Interpreter
What is the definition of command arguments?
Microsoft Command Interpreter
A predefined value, specified during the command’s programming, which causes the command to work differently than it would without the specified argument
Microsoft Command Interpreter
What is the Help argument used for?
Microsoft Command Interpreter
To ask the system more about a specific command
Microsoft Command Interpreter
What is the Double Quote and Escape necessary for?
Microsoft Command Interpreter
To use metacharacters for their literal meanings
Microsoft Command Interpreter
What is the escape character?
Microsoft Command Interpreter
”^” = caret
Microsoft Command Interpreter
What does the WIldcard represent?
Microsoft Command Interpreter
It can mean any character that can be used in conjunction with whatever you type out (i.e. .exe = all files with an “exe” extension ; Win = all files with”Win” ; . = all files)
Microsoft Command Interpreter
What is the wildcard character?
Microsoft Command Interpreter
- = star
Microsoft Command Interpreter
What are the three defined handlers?
Microsoft Command Interpreter
Standard IN (STDIN) = 0, Standard OUT (STDOUT) = 1, and Standard ERROR (STDERR) = 2
Microsoft Command Interpreter
What is Standard IN?
Microsoft Command Interpreter
Input from the the Keyboard
Microsoft Command Interpreter
What is Standard OUT?
Microsoft Command Interpreter
The output from the Terminal
Microsoft Command Interpreter
What is Standard ERROR?
Microsoft Command Interpreter
Send an error to the Terminal
Microsoft Command Interpreter
How is Input Redirection done?
Microsoft Command Interpreter
< = less than bracket, crocodile/alligator opening its mouth to the right, bracket open on the right, (whatever you like to say)
Microsoft Command Interpreter
What is Input Redirection used for?
Microsoft Command Interpreter
To get info from a file instead of the keyboard
Microsoft Command Interpreter
How is Output Redirection done?
Microsoft Command Interpreter
> = greater than bracket, crocodile/alligator mouth open to the left, bracket open to the left, (like I said whatever you call it)
or»_space; = two of these thingies
Microsoft Command Interpreter
What are the two uses of Output redirection
Microsoft Command Interpreter
> is used to overwrite info in the destination and»_space; is used to append info in the destination
Microsoft Command Interpreter
What are Streams?
Microsoft Command Interpreter
Basic Input/Output that can be redirected if wanted
Microsoft Command Interpreter
What are Pipes?
Microsoft Command Interpreter
Redirects to the STDOUT to piped command
Microsoft Command Interpreter
What is the purpose of the echo command?
Microsoft Command Interpreter
Displays messages to the terminal
Microsoft Command Interpreter
Can you use Input Redirection operators to gather information about a file using echo?
Microsoft Command Interpreter
NO, you can use output redirection operators to create new files with the specified text
Microsoft Command Interpreter
What does the systeminfo command do?
Microsoft Command Interpreter
Shows OS configs, service pack, and hotfix information of local or remote systems
Microsoft Command Interpreter
What does the set command do?
Microsoft Command Interpreter
Without specifying any arguments, this command displays all environment variables that have been set
Microsoft Command Interpreter
What does the dir command do?
Microsoft Command Interpreter
Displays what is in a directory
Microsoft Command Interpreter
What will dir not show by default?
Microsoft Command Interpreter
Read only files/folders, hidden files/folders, and system files/folders
Microsoft Command Interpreter
What do the chdir or cd commands do?
Microsoft Command Interpreter
Changes the user to a specified directory
Microsoft Command Interpreter
What do the mkdir or md commands do?
Microsoft Command Interpreter
Makes new directories
Microsoft Command Interpreter
How many directories can the mkdir/md commands make at once?
Microsoft Command Interpreter
As many as necessary for the project
Microsoft Command Interpreter
What do the rmdir or rd commands do?
Microsoft Command Interpreter
Removes the specified directory
Microsoft Command Interpreter
What can be considered a shortcoming for the rmdir/rm commands?
Microsoft Command Interpreter
It will not remove directories that are empty by default
Microsoft Command Interpreter
What does the more command do?
Microsoft Command Interpreter
Displays the output of a file and can be piped
Microsoft Command Interpreter
How can you manipulate the more command?
Microsoft Command Interpreter
Will print one screen at a time with “Space” ; will print one line at a time with “Enter”
Microsoft Command Interpreter
What does the copy command do?
Microsoft Command Interpreter
Copy files from one location to another
Microsoft Command Interpreter
How can xcopy be used to advance the function of the copy command?
Microsoft Command Interpreter
It has the ability to copy directories, file attributes and the ownership information of a given file
Microsoft Command Interpreter
What does the move command do?
Microsoft Command Interpreter
It moves a file from one location to another
Microsoft Command Interpreter
What do the Rename/Ren commands do?
Microsoft Command Interpreter
Renames a file. it’s pretty self explanatory
Microsoft Command Interpreter
What does the type command do?
Microsoft Command Interpreter
Displays the contents of text files to the terminal
Microsoft Command Interpreter
What does the find command do?
Microsoft Command Interpreter
Searches for strings in files or the output of a command, however it does not use regular expression syntax
Microsoft Command Interpreter
What does the del command do?
Microsoft Command Interpreter
Deletes a file
Microsoft Command Interpreter
What does the attrib command do?
Microsoft Command Interpreter
View and modify a files attributes
Microsoft Command Interpreter
What does the sort command do?
Microsoft Command Interpreter
Sorts from A-Z by default
Microsoft Command Interpreter
What does the icacls command do?
Microsoft Command Interpreter
Displays or modifies access control lists (ACLs) of files or folders, allows editing of inheritance of permissions, allows changing of ownership, and allows the saving of ACLs for later use
Microsoft Command Interpreter
What does the takeown command do?
Microsoft Command Interpreter
Forces ownership change on files/folders
Microsoft Command Interpreter
What does the tasklist command do?
Microsoft Command Interpreter
Allows you to view the processes that are running
Microsoft Command Interpreter
What does the taskkill command do?
Microsoft Command Interpreter
Terminates processes based on the PID or the IMAGENAME
Microsoft Command Interpreter
What does the schtasks command do?
Microsoft Command Interpreter
Create, delete, query, change, run and end scheduled tasks on a local or remote system
Microsoft Command Interpreter
What doe the sc query / queryex commands do?
Microsoft Command Interpreter
Lists all active services by default
Microsoft Command Interpreter
What does the sc qc command do?
Microsoft Command Interpreter
Queries the configuration of a service (must have service name to use)
Microsoft Command Interpreter
What does the sc config command do?
Microsoft Command Interpreter
Changes the configuration settings for services by using the service key name as an argument and it requires at least one other option to be specified
Microsoft Command Interpreter
What does sc getdisplayname do?
Microsoft Command Interpreter
Gets the display name of a service when you only know the service key name
Microsoft Command Interpreter
What is the counterpart to sc getdisplayname and gathers the need the service key name but you only know the display name?
Microsoft Command Interpreter
sc getkeyname
Microsoft Command Interpreter
What do sc start and sc stop do?
Microsoft Command Interpreter
Start and stop a service using the service name
Microsoft Command Interpreter
What does the net start command do?
Microsoft Command Interpreter
Net start = starts a specified service using either the display name or the key name (if no arguments are used it lists the names of all running services)
Microsoft Command Interpreter
What does net stop do?
Microsoft Command Interpreter
Stops running services
Microsoft Command Interpreter
What does net user do?
Microsoft Command Interpreter
Allows creating or modifying user accounts
Microsoft Command Interpreter
What does the net localgroup command do?
Microsoft Command Interpreter
Allows managing of local group accounts
Microsoft Command Interpreter
What does the net group command do?
Microsoft Command Interpreter
Allows managing of domain group accounts
Microsoft Command Interpreter
What does the net share command do?
Microsoft Command Interpreter
Manages the local resources to share with other users
Microsoft Command Interpreter
What does the net use command do?
Microsoft Command Interpreter
Connects a computer to a shared resource or disconnects a computer from a shared resource (when used without options, will list the computer’s connections)
Microsoft Command Interpreter
What does ipconfig do?
Microsoft Command Interpreter
Displays the network adapter information (IP, Subnet and Default Gateway)
Microsoft Command Interpreter
What does the ping command do?
Microsoft Command Interpreter
Sends for ICMP requests and waits for a response to see if the specified system is up
Microsoft Command Interpreter
What does the tracert command do?
Microsoft Command Interpreter
Traces each hop (next route interface) between the source and destination IPs
Microsoft Command Interpreter
What does the netstat command do?
Microsoft Command Interpreter
Displays the protocol and ethernet statistics and the current TCP/IP connections
Microsoft Command Interpreter
What is the Alternate Data Stream identifier?
Microsoft Command Interpreter
$Data
Microsoft Command Interpreter
What is the recursive argument’s most common switch?
Microsoft Command Interpreter
\s
Microsoft Command Interpreter
What are the uses for scripting?
Batch Scripting
To automate tasks that are repetitive, need to be run on several computers, or may take a while
Batch Scripting
What is the @ symbol used for in regards to scripting?
Batch Scripting
It is used so that the output of the script is the only thing printed to the terminal
Batch Scripting
What are the use cases for REM?
Batch Scripting
For comments in your script
Batch Scripting
To make a batch script, you should save a text file as ____ ?
Batch Scripting
A .bat file
Batch Scripting
How do you execute a batch script?
Batch Scripting
Enter in the absolute or relative path to it
Batch Scripting
What are batch parameters?
Batch Scripting
Arguments specified at the command-line
Batch Scripting
What are the variables available for use and what are their use cases?
Batch Scripting
%0-%9 ; %0 is the name of the script and each sequential variable is the repective argument (i.e. %1 = the first argument, %2 = the second argument, etc…)
Batch Scripting
What are variables and how are they assigned?
Batch Scripting
They are used to store values and are assigned using the = character
Batch Scripting
How are variables accessed?
Batch Scripting
Using the % character
Batch Scripting
What are setlocal and endlocal used for in scripting?
Batch Scripting
They make all variables local to the script
Batch Scripting
Where are setlocal and endlocal placed?
Batch Scripting
Setlocal is placed at the beginning od a script, just after @echo. Endlocal is placed at the end of a script
Batch Scripting
What is a good programming practice to abide by when refering to endlocal?
Batch Scripting
To specify endlocal even though it is implied by default
Batch Scripting
What is necessary when using variables within loops or nested statments when refering to scripting?
Batch Scripting
ENABLEDELAYEDEXPANSION
Batch Scripting
What is the difference between Assignment and Comparison Operators?
Batch Scripting
Assignment is used to place value into a vaiable whilst comparison evaluates to see if two things are the same
Batch Scripting
Name the assignment operators and what they are used for (at least three)
Batch Scripting
= (puts the value on the right and the variable on the left) ;
+ (increase the variable on the left by the amount indicated on the right) ;
- (Decrease the variable on the left by the amount indicated on the right) ;
* (multiply the variable on the left by the amount indicated on the right) ;
\ (divide the variable on the left by the amount indicated on the right)
Batch Scripting
How does the comparison operator functions?
Batch Scripting
It performs an operation dependig on the operators definition (Returns T/F)
Batch Scripting
How would you use the comparison operator to compare two strings?
Batch Scripting
==
Batch Scripting
What are the integer comparison operators?
Batch Scripting
EQU (are the two equal)
NEQ (are the two different)
LSS (is x less than y)
LEQ (is x less than or equal to y)
GTR (is x greater than y)
GEQ (is x greater than or equal to y)
Batch Scripting
How do if statements function?
Batch Scripting
If statement is true, performs a given set of actions and vice versa
Batch Scripting
How do sequential if statements function?
Batch Scripting
Same as if statements however mutiple possible outcomes may be defined
Batch Scripting
