Q1.

Describe the following

a. Bootstrapping: A bootstrap is the program that the operating system (OS) during startup.
There is a hardwired bootstrap program, or smaller program that executed a larger program
such as the OS.
b. Stuxnet: Stuxnet is computer malware ( 2010) that mainly targeted Windows PCs and
other industrial software and equipment. The worm exploited a zero-day vulnerability in
Windows. It is believed that Stuxnet spread through infected USB flash drives.The Stuxnet
software is designed to attack only designated targets and was thus considered a technical
blockbuster in malware. Stuxnet caused little (or no) harm to the computers and networks
that did not meet the specific requirements. The worm would make itself inert in systems
where the Siemens software was not found and would restrict the infected computer from
spreading the worm to no more than three others. Stuxnet was designed to erase itself on
June 24, 2012.
c. Sector, Track and Cylinder : In computer disk storage, a sector is a subdivision of a track
on a magnetic disk or optical disc. Each sector stores a fixed amount of user-accessible data,
d. traditionally 512 bytes for hard disk drives .
A cylinder is any set of all of tracks of equal diameter in a hard disk drive (HDD).

d. Double fault and Triple Fault : On the x86 architecture, a double fault exception
occurs if the processor encounters a problem while trying to service a pending interrupt or
exception. An example situation when a double fault would occur is when an interrupt is
triggered but the segment in which the interrupt handler resides is invalid. On the x86
computer architecture, a triple fault is a special kind of exception generated by the CPU
when an exception occurs while the CPU is trying to invoke the double fault exception
handler, which itself handles exceptions occurring while trying to invoke a regular
exception handler.
e. Core Dump: The default action of certain signals is to cause a process to terminate and
produce a core dump file, a disk file containing an image of the process's memory at the time of
termination. This image can be used in a debugger (e.g., gdb(1)) to inspect the state of the
program at the time that it terminated.

f. Hotfix: A hotfix or quick-fix engineering update (QFE update) is a single, cumulative

package that includes information (often in the form of one or more files) that is used to address
a problem in a software product (i.e., a software bug). Typically, hotfixes are made to address a
specific customer situation.

g. Segmentation Fault: A segmentation fault (aka segfault) is a common condition that causes
programs to crash; they are often associated with a file named core . Segfaults are caused by a
program trying to read or write an illegal memory location.

h. EEPROM: EEPROMs are organized as arrays of floating-gate transistors. EEPROMs can be

programmed and erased in-circuit, by applying special programming signals. Originally,
EEPROMs were limited to single byte operations which made them slower, but modern
EEPROMs allow multi-byte page operations. It also has a limited life for erasing and
reprogramming, now reaching a million operations in modern EEPROMs. In an EEPROM that is
frequently reprogrammed while the computer is in use, the life of the EEPROM is an important
design consideration.

g. CMOS: Complementary metaloxidesemiconductor, abbreviated as CMOs , is a technology

for constructing integrated circuits. CMOS technology is used in microprocessors,
microcontrollers, static RAM, and other digital logic circuits. CMOS technology is also used for
several analog circuits such as image sensors (CMOS sensor), data converters, and highly
integrated transceivers for many types of communication. In 1963, while working for Fairchild
Semiconductor, Frank Wanlass patented CMOS (US patent 3,356,858).

CMOS is also sometimes referred to as complementary-symmetry metaloxidesemiconductor

(or COS-MOS).The words "complementary-symmetry" refer to the fact that the typical design
style with CMOS uses complementary and symmetrical pairs of p-type and n-type metal oxide
semiconductor field effect transistors (MOSFETs) for logic functions.

h. Spyware : Spyware is software that aims to gather information about a person or organization
without their knowledge, that may send such information to another entity without the
consumer's consent, or that asserts control over a device without the consumer's knowledge.
Q2. Describe the steps of booting of Operating system (Linux Based/Unix), specifying
and explaining the key terms in detail.

1.BIOS:
i.When we power on BIOS performs a Power-On Self-Test (POST) for all of the
different hardware components in the system to make sure everything is working properly
ii.Also it checks for whether the computer is being started from an off position (cold boot) or
from a restart (warm boot) is
stored at this location.
iii.Retrieves information from CMOS (Complementary Metal-Oxide Semiconductor) a
battery operated memory chip on the motherboard that stores time, date, and critical system
information.
iv.Once BIOS sees everything is fine it will begin searching for an operating system
Boot Sector on a valid master boot sector
on all available drives like hard disks,CD-ROM drive etc.
v.Once BIOS finds a valid MBR it will give the instructions to boot and executes the
first 512-byte boot sector that is the first
sector (Sector 0) of a partitioned data storage device such as hard disk or CD-ROM etc .
2.MBR
i. Normally we use multi-level boot loader.Here MBR means I am referencing to DOS MBR.
ii.Afer BIOS executes a valid DOS MBR,the DOS MBR will search for a valid primary
partition marked as bootable on the hard disk.
iii.If MBR finds a valid bootable primary partition then it executes the first 512-bytes of that
partition which is second level MBR.
iv. In linux we have two types of the above mentioned second level MBR known as LILO and
GRUB
3.LILO
i.LILO is a linux boot loader which is too big to fit into single sector of 512-
bytes. ii.So it is divided into two parts :an installer and a runtime module.
iii.The installer module places the runtime module on MBR.The runtime module has the info
about all operating systems installed.
iv.When the runtime module is executed it selects the operating system to load and
transfers the control to kernel.
v.LILO does not understand filesystems and boot images to be loaded and treats them as
raw disk offsets
GRUB
i.GRUB MBR consists of 446 bytes of primary bootloader code and 64 bytes of the partition
table.
ii.GRUB locates all the operating systems installed and gives a GUI to select the operating
system need to be loaded.
iii.Once user selects the operating system GRUB will pass control to the karnel of
that operating system.
4.Kernel
i.Once GRUB or LILO transfers the control to Kernel,the Kernels does the following tasks
Intitialises devices and loads initrd module
mounts root filesystem
5.Init
i.The kernel, once it is loaded, finds init in sbin(/sbin/init) and executes it.
ii.Hence the first process which is started in linux is init process.
iii.This init process reads /etc/inittab file and sets the path, starts swapping, checks the
file systems, and so on.
iv.It runs all the boot scripts(/etc/rc.d/*,/etc/rc.boot/*)
v.starts the system on specified run level in the file /etc/inittab

6.Runlevel
i.There are 7 run levels in which the linux OS runs and different run levels serves for
different purpose.The descriptions are
given below.

0 halt
1 Single user mode
2 Multiuser, without NFS (The same as 3, if you dont have networking)
3 Full multiuser mode
4 unused
5 X11
6 Reboot
ii.We can set in which runlevel we want to run our operating system by defining it on
/etc/ inittab file.

Now as per our setting in /etc/inittab the Operating System the operating system boots up and
finishes the bootup process.
Q3 Describe the following

a. fork(): System call fork() is used to create processes. It takes no arguments and returns a
process ID. The purpose of fork() is to create a new process, which becomes the child process of
the caller. After a new child process is created, both processes will execute the next instruction
following the fork() system call. Therefore, we have to distinguish the parent from the child.
This can be done by testing the returned value of fork():

If fork() returns a negative value, the creation of a child process was unsuccessful.

fork() returns a zero to the newly created child process.

fork() returns a positive value, the process ID of the child process, to the parent. The
returned process ID is of type pid_t defined in sys/types.h. Normally, the process ID is
an integer. Moreover, a process can use function getpid() to retrieve the process ID
assigned to this process.

b. vfork : The vfork() function has the same effect as fork(2), except that the behavior is
undefined if the process created by vfork() either modifies any data other than a variable of type
pid_t used to store the return value from vfork(), or returns from the function in which vfork()
was called, or calls any other function before successfully calling _exit(2) or one of the exec(3)
family of functions.
c. Clone: Unlike fork(2), clone() allows the child process to share parts of
its execution context with the calling process, such as the memory space,
the table of file descriptors, and the table of signal handlers.
d. spawn : Spawn in computing refers to a function that loads and executes a new child process.
The current process may wait for the child to terminate or may continue to execute concurrent
computing. Creating a new subprocess requires enough memory in which both the child process
and the current program can execute.
e. Execlp: execlp replaces the calling process image with a new process image. This has the
effect of running a new program with the process ID of the calling process. Note that a new
process is not started; the new process image simply overlays the original process image. The
execlp function is most commonly used to overlay a process image that has been created by a
call to the fork function.
f: Execle: The execle function also specifies the environment of the executed process by
following the NULL pointer that terminates the list of arguments in the parameter list or the
pointer to the argv array with an additional parameter. This additional parameter is an array
of pointers to null-terminated strings and must be terminated by a NULL pointer.
g: fexecve : fexecve() performs the same task as execve(2), with the difference that the file to be
executed is specified via a file descriptor, fd, rather than via a pathname. The file descriptor fd
must be opened read-only, and the caller must have permission to execute the file that it refers
to.
h: wait: All of these system calls are used to wait for state changes in a child of the calling
process, and obtain information about the child whose state has changed. A state change is
considered to be: the child terminated; the child was stopped by a signal; or the child was
resumed by a signal. In the case of a terminated child, performing a wait allows the system to
release the resources associated with the child; if a wait is not performed, then the terminated
child remains in a "zombie" state.

i: waitpid(): The waitpid() system call suspends execution of the calling process until a child
specified by pid argument has changed state. By default, waitpid() waits only for terminated
children, but this behavior is modifiable via the options argument.

j. exit: The exit() function causes normal process termination and the value
of status & 0377 is returned to the parent

k. _exit: The function _exit() terminates the calling process "immediately". Any open file
descriptors belonging to the process are closed; any children of the process are inherited by
process 1, init, and the process's parent is sent a SIGCHLD signal.

l. raise : The raise() function sends a signal to the calling process or thread. In a single-
threaded program it is equivalent to
kill(getpid(), sig) In a multithreaded program it is equivalent to
pthread_kill(pthread_self(), sig);
If the signal causes a handler to be called, raise() will only return after the signal handler has
returned.

m. signal: Each signal has a current disposition, which determines how the process behaves
when it is delivered the signal.
The entries in the "Action" column of the tables below specify the default disposition for each
signal, as follows:
Term Default action is to terminate the process.
Ign Default action is to ignore the signal.
Core Default action is to terminate the process and dump core (see
core(5)).
Stop Default action is to stop the process.
Cont Default action is to continue the process if it is currently
stopped.

n. kill: The kill command is used on Linux and other Unix-like operating systems to terminate
processes without having to log out or reboot (i.e., restart) the computer. Thus, it is particularly
important to the stability of such systems.
o. atexit: The atexit() function registers the given function to be called at
normal process termination, either via exit(3) or via return from the
program's main(). Functions so registered are called in the reverse
order of their registration; no arguments are passed.

p. Nice: nice is a program found on Unix and Unix-like operating systems such as Linux. It
directly maps to a kernel call of the same name. nice is used to invoke a utility or shell script
with a particular priority, thus giving the process more or less CPU time than other process.

Q.4 Describe the code given below. (You can run the code in user/privileged mode, but it will
work correctly in privileged mode only. Before running the code save all the work.) [Add header
files required]

This code write 0x02 and then 0x04 to the PCI port 0xcf9 and of course with a delay here
10 units makes your system reboot.