24CY901-WINDOWS ^L0LINUX LAB RECORD

R.M.K. COLLEGE OF ENGINEERING AND TECHNOLOGY (An Autonomous Institution) (Sponsored by LAKSHMIKANNTHAMMAL EDUCATION TRUST) Approved by All India Council for Technical Education, New Delhi and Affiliated to Anna University, Chennai All the Eligible Programs Accredited by NBA – NAAC with “A” Grade & ISO 9001 : 2005 Certified R.S.M. Nagar, Puduvoyal - 601 206. Gummidipoondi Tk., Thiruvallur Dist. Tamilnadu, India. Department : COMPUTER SCIENCE AND ENGINEERING (CYBER SECURITY) Laboratory : 24CY901 – WINDOWS AND LINUX INTERNALS (Lab Integrated) Semester : IV Certified that this is a bonafide record work done by ....................................... with Roll / Reg. Number..................................................................................He / She is a student of..............................................................................................................................................in the R.M.K. COLLEGE OF ENGINEERING AND TECHNOLOGY, Puduvoyal. Internal Examiner Date: External Examine r Facult y -in-Char g e Head of the De p artment INDEX Ex. No. Date Name of the exercise Page No. Marks obtained Signature of the faculty 1 Using Windows API to Perform Basic System Operations 2 Using Sysinternals Tools for System Monitoring and Troubleshootin g 3 Using Process Explorer to Analyze Running Processes 4 Using WinDbg or Process Explorer to Inspect Ntdll.dll and Explore Its Functions 5 Installing and Configuring a Sample Device Driver. 6 Using Device Manager to Inspect Driver Details and Troubleshoot a Device Driver Issue 7 Use the Registry Editor to create, modify, and delete registry keys and values 8 Automating Backup and Restoration of Specific Registry Keys using PowerShell 9 Analyzing Boot Logs (dmesg) 10 R ecompiling the Linux Kernel with Custom C onfiguration and Observing Boot Changes 11 Using Tools (top, htop, ps) to Monitor and Manage Running Processes 12 Dynamic Memory Allocation and Analysis using Valgrind 13 Exploring /proc/meminfo and /proc/pid/maps 14 File System Traversal and Manipulation Page | 3 Ex. No: 1 Using Windows API to Perform Basic System Operations DATE: Aim: To use Windows API and system calls to retrieve and display system information such as the current user, system time, and OS version. REQUIREMENTS: • Windows OS (Windows 10/11) • Windows PowerShell or Command Prompt • IDE (Visual Studio) or PowerShell for scripting • Admin privileges PROCEDURE: Step 1: Open PowerShell or Visual Studio • Press Win + R → Type powershell → Ctrl + Shift + Enter → Click Yes for UAC prompt. • OR open Visual Studio and create a new C++ project. Step 2: Create and Run the Script PowerShell Script: 1. Open Notepad and add the following PowerShell script: powershell # Display Current User Write-Host "Current User: $env:USERNAME" # Display System Time $date = Get-Date Write-Host "Current System Time: $date" # Display OS Version $os = Get-CimInstance -ClassName Win32_OperatingSystem Write-Host "OS Version: $($os.Caption) $($os.Version)" 2. Save it as SystemInfo.ps1 3. Run the script: powershell .\SystemInfo.ps1 Page | 4 C++ Program with Windows API: 1. Open Visual Studio → Create a new C++ Console App 2. Add the following code: cpp #include <iostream> #include <windows.h> #include <sysinfoapi.h> using namespace std; int main() { // Get Current User char username[256]; DWORD size = sizeof(username); GetUserName(username, &size); cout << "Current User: " << username << endl; // Get System Time SYSTEMTIME time; GetSystemTime(&time); cout << "Current Time: " << time.wHour << ":" << time.wMinute << endl; // Get OS Version OSVERSIONINFO versionInfo = { sizeof(OSVERSIONINFO) }; GetVersionEx(&versionInfo); cout << "OS Version: " << versionInfo.dwMajorVersion << "." << versionInfo.dwMinorVersion << endl; return 0; } 3. Compile and run the program. OUTPUT: pgsql Current User: Admin Current System Time: 15:45:30 OS Version: Windows 10 Pro 10.0.19044 RESULT: The experiment successfully retrieved and displayed the current user , system time , and OS version using Windows API and system calls. Page | 5 Ex. No: 2 Using Sysinternals Tools for System Monitoring and Troubleshooting DATE: Aim: To use Sysinternals Tools for system monitoring and troubleshooting. REQUIREMENTS: • Windows OS (Windows 10/11) • Sysinternals Suite (Download from Microsoft) • Admin privileges PROCEDURE: Step 1: Download Sysinternals Tools 1. Go to Sysinternals Suite. 2. Download and extract the ZIP file. Step 2: Run Process Explorer 1. Navigate to the Sysinternals folder 2. Run procexp64.exe or procexp.exe with Admin privileges. 3. Monitor Processes: o Observe CPU, memory, and I/O usage. o Check process tree hierarchy. 4. End Suspicious Processes: o Right- click on a process → Kill Process Step 3: Use Autoruns 1. Run autoruns.exe with Admin privileges. 2. View Startup Programs: o Check programs that run at startup. 3. Disable Unnecessary Startup Programs: o Uncheck unwanted entries. OUTPUT: • Process Explorer: Displays real-time process details, including CPU, memory, and handle usage. Autoruns: Lists all startup programs and services with options to disable them. RESULT: The experiment successfully used Sysinternals Tools to monitor and troubleshoot the system. Page | 6 Ex. No: 03 Using Process Explorer to Analyze Running Processes DATE: Aim: To use Process Explorer to analyze running processes, their CPU usage, memory consumption, and dependencies REQUIREMENTS: • Windows OS • Sysinternals Suite • Admin privileges PROCEDURE: Step 1: Run Process Explorer 1. Open the Sysinternals folder 2. Launch procexp64.exe as Administrator. Step 2: Analyze Running Processes 1. Sort by CPU Usage: o Click on the CPU column to sort by usage. 2. Check Memory Consumption: o Click the Working Set column. 3. View Process Properties: o Double-click on any process. o View threads, handles, and DLLs. OUTPUT: • Process CPU Usage: Displays the top processes consuming CPU resources. • Memory Usage: Shows memory consumption in real time. Page | 7 RESULT: The experiment successfully analyzed running processes , their CPU and memory usage, and dependencies using Process Explorer Page | 8 Ex. No: 04 Using WinDbg or Process Explorer to Inspect Ntdll.dll and Explore Its Functions DATE: Aim: To use WinDbg or Process Explorer to inspect the ntdll.dll file and explore its functions. REQUIREMENTS: • Windows OS (Windows 10/11) • WinDbg (Windows Debugger) or Process Explorer (Sysinternals) • Admin privileges PROCEDURE: Step 1: Install WinDbg or Process Explorer • WinDbg: 1. Go to Microsoft Store → Search for WinDbg Preview → Install. 2. Alternatively, download from the Windows SDK (WinDbg Download). • Process Explorer: 1. Download from Sysinternals. 2. Extract and run procexp64.exe with Admin privileges. Step 2: Inspect ntdll.dll with WinDbg 1. Open WinDbg Preview 2. Go to File → Open Executable 3. Select C:\Windows\System32\notepad.exe (or any Windows executable). 4. Start debugging by clicking Go or pressing F5 5. Open the Modules window: 6. .reload /f 7. lm m ntdll 8. List the functions exported by ntdll.dll : 9. x ntdll!* 10. Explore key functions: o NtCreateFile → Creates or opens a file. o NtReadFile → Reads data from a file. o NtAllocateVirtualMemory → Allocates memory in a process. o NtTerminateProcess → Terminates a process. Page | 9 Step 3: Inspect ntdll.dll with Process Explorer 1. Run procexp64.exe with Admin privileges. 2. Find a running process (e.g., explorer.exe ). 3. Right- click → Properties → DLLs tab. 4. Locate ntdll.dll in the list of loaded DLLs. 5. View Functions: o Click on ntdll.dll → View function details. o Identify functions related to memory, I/O, and process management. OUTPUT: • WinDbg: Displays the list of functions exported by ntdll.dll • Process Explorer: Shows ntdll.dll loaded in memory and the associated functions. RESULT: The experiment successfully explored the ntdll.dll functions using WinDbg and Process Explorer Page | 10 Ex. No: 05 Installing and Configuring a Sample Device Driver DATE: Aim of the Experiment: To install and configure a sample device driver on Windows. REQUIREMENTS: • Windows OS (Windows 10/11) • Windows Driver Kit (WDK) • Admin privileges PROCEDURE: Step 1: Install Windows Driver Kit (WDK) 1. Go to Windows SDK. 2. Download and install the Windows Driver Kit 3. Restart the system after installation. Step 2: Install the Sample Driver 1. Open Command Prompt with Admin privileges. 2. Use the PNPUtil tool to install the driver: 3. pnputil /add-driver C:\Path\to\driver.inf /install 4. Verify driver installation: 5. pnputil /enum-drivers Step 3: Configure and Verify the Driver 1. Open Device Manager : o Win + R → devmgmt.msc → Enter. 2. Find the installed driver under the appropriate device category. 3. Right- click → Properties → Driver Tab : o View version, date, and provider details. OUTPUT: • The driver installed successfully and is visible in Device Manager • Verified driver details using pnputil RESULT: The experiment successfully installed and configured a sample device driver using WDK. Page | 11 Ex. No: 06 Using Device Manager to Inspect Driver Details and Troubleshoot a Device Driver Issue DATE: Aim: To use Device Manager to inspect driver details and troubleshoot a device driver issue. REQUIREMENTS: • Windows OS (Windows 10/11) • Admin privileges PROCEDURE: Step 1: Open Device Manager 1. Press Win + R → Type devmgmt.msc → Enter. 2. Locate the hardware device (e.g., Network Adapter or Display Adapter ). Step 2: Inspect Driver Details 1. Right- click → Properties → Driver Tab. 2. View Driver Information: o Driver Provider. o Driver Version. o Driver Date. Step 3: Troubleshoot a Driver Issue 1. Update Driver: o Right- click → Update Driver 2. Roll Back Driver: o Right- click → Properties → Roll Back Driver 3. Disable/Enable Driver: o Disable and re-enable the driver. 4. Uninstall and Reinstall Driver: o Uninstall the driver → Reboot → Reinstall. OUTPUT: • Displayed driver details, including version, provider, and date • Successfully updated, disabled, and re-enabled the driver. RESULT: The experiment successfully used Device Manager to inspect and troubleshoot a device driver Page | 12 Ex. No: 07 Use the Registry Editor to create, modify, and delete registry keys and v alues. DATE: Aim: To use the Registry Editor for creating, modifying, and deleting registry keys and values in Windows. REQUIREMENTS: • Windows OS (Windows 10/11 or Server) • Administrator privileges PROCEDURE: Step 1: Open Registry Editor 1. Press Win + R → The Run dialog box appears. 2. Type regedit → Press Enter 3. Click Yes in the User Account Control (UAC) prompt. The Registry Editor window opens. Step 2: Create a New Registry Key 1. Navigate to the following path: HKEY_LOCAL_MACHINE\SOFTWARE 2. Right-click on SOFTWARE → Select New → Key 3. Name the new key: Nginx MyApp 4. Press Enter Step 3: Create Registry Values 1. Right-click on the newly created key MyApp 2. Select New → String Value 3. Name it: Nginx Version Page | 13 4. Double-click the Version value. 5. In the Value data field, enter: 1.0.0 6. Click OK Step 4: Modify Registry Values 1. Double-click the Version value. 2. Change the value to: 2.0.0 3. Click OK Step 5: Delete Registry Values 1. Right-click on the Version value. 2. Select Delete → Click Yes Page | 14 OUTPUT: • Key Creation: HKEY_LOCAL_MACHINE\SOFTWARE\MyApp created. • Value Creation: Version = 1.0.0 • Value Modification: Version = 2.0.0 • Value Deletion: Version removed successfully. RESULT: The experiment successfully demonstrated how to create, modify, and delete registry keys and values using the Registry Editor Page | 15 Ex. No: 08 A utomating Backup and Restoration of Specific Registry Keys using P owerShell DATE: Aim: To write a PowerShell script that automates the backup and restoration of specific registry keys in Windows. REQUIREMENTS: • Windows OS (Windows 10/11 or Server) • PowerShell (v5.1 or later) • Administrator privileges PROCEDURE: Step 1: Open PowerShell with Administrator Privileges 1. Press Win + R → The Run dialog box appears. 2. Type powershell in the text field. 3. Press Ctrl + Shift + Enter → This opens PowerShell with Administrator privileges 4. If prompted by User Account Control (UAC) , click Yes o This step is essential because modifying the registry requires administrative privileges. Step 2: Create the PowerShell Script 1. Open Notepad or any text editor. 2. Copy the script below into the Notepad editor. Step 3: Save the Script 1. Click on File → Save As 2. In the Save as type dropdown, select All Files 3. Name the file as: RegistryBackupRestore.ps1 4. Select a location to save the file (e.g., C:\Backup\ ). 5. Click Save Page | 16 Step 4: Create a Backup Folder 1. Open File Explorer 2. Go to C:\ drive. 3. Right- click → New → Folder 4. Name the folder: nginx Backup 5. This folder will store the exported registry backup file. Step 5: Execute the PowerShell Script 1. Open PowerShell with Administrator privileges again. 2. Navigate to the folder where the script is saved by using the cd command: bash cd C:\Backup 3. Run the script by typing the following command and pressing Enter: .\RegistryBackupRestore.ps1 PROGRAM: # Define registry key path and backup file $RegPath = "HKEY_LOCAL_MACHINE\SOFTWARE\MyApp" # Replace with your target registry path $BackupFile = "C:\Backup\MyApp_RegistryBackup.reg" # Create backup folder if it doesn't exist if (!(Test-Path "C:\Backup")) { New-Item -ItemType Directory -Path "C:\Backup" Write-Output "Backup folder created." } Page | 17 # Backup Registry Key Write-Output "Backing up registry key: $RegPath" reg export $RegPath $BackupFile /y if (Test-Path $BackupFile) { Write-Output "Backup successful: $BackupFile" } else { Write-Output "Backup failed!" Exit } # Simulate modification of the registry (for testing purposes) # This modifies the registry by adding a sample key New-Item -Path "HKLM:\SOFTWARE\MyApp" -Name "TestKey" -Force Write-Output "Added a test key." # Restore the Registry Key Write-Output "Restoring registry from backup..." reg import $BackupFile # Verify restoration if (Test-Path $BackupFile) { Write-Output "Registry successfully restored from backup." } else { Write-Output "Registry restore failed!" } Page | 18 OUTPUT: After running the script, you will see the following output: Backup Execution: Backup folder created. Backing up registry key: HKEY_LOCAL_MACHINE\SOFTWARE\MyApp Backup successful: C:\Backup\MyApp_RegistryBackup.reg • Registry Modification: Added a test key. • Restoration Execution: Restoring registry from backup... Registry successfully restored from backup. RESULT: The PowerShell script successfully automated the backup and restoration of a specific registry key. The process included exporting the registry to a .reg file, modifying the registry, and restoring it from the backup file Page | 19 Ex. No: 09 Analyzing Boot Logs (dmesg) DATE: Aim: To analyze Linux boot logs using the dmesg command and understand the boot process stages. Tools Required: • Linux OS • Terminal Procedure: 1. Open Terminal and Run the dmesg Command: dmesg | less Page | 20 2.Filter Boot Messages Only: 3.Identify Key Boot Stages o Kernel Loading o Hardware Initialization o Filesystem Mounting o User-space Processes Starting 2. Save Boot Logs for Analysis: 3. View the Saved Logs dmesg | grep -i "boot" dmesg | grep -i "boot" > boot_log.txt cat boot_log.txt