Windows Architecture

Windows architecture

 The architecture of Windows , a line of produced and sold by

Microsoft, is a layered design.
 Layered design consist of two main components user mode and
kernel mode.
 Starting with Windows 2000, Microsoft began making 64-bit versions
of Windows available; before this, these operating systems only
existed in 32-bit versions.
 This structure is a modular structure, composed of several simple
modules. These modules are:
1. Hardware abstraction layer
2. Kernel/microkernel
3. Executive services
4. Environment subsystem
5. Integral subsystem
Modes of windows OS

 operating system Program and application run in OS in two modes •

Protected mode/Kernel mode
 Kernel is known as a hybrid kernel. The architecture comprises HAL,
driver, microkernel, executive Services.
 In Kernel mode, the executing code has complete and unrestricted
access to the underlying hardware.
 It can execute any CPU instruction and reference any memory
address.
 Kernel mode is generally most trusted functions of the operating
system.
 Crashes in kernel mode are terrible, they will halt the entire PC.
User mode

 Programs and subsystems in user mode are limited in terms of to

what system resources they have access.(can not directly access
hardware).
 In User mode, the executing code has no ability to directly access
hardware or reference memory.
 Code running in user mode must delegate to system APIs to access
hardware or memory.
 Due to the protection afforded by this sort of isolation, crashes in user
mode are always recoverable.
Hardware abstraction Layer

 is a layer between the physical hardware of the computer and the

rest of the operating system.
 It was designed to hide differences in hardware and provide a
consistent platform on which the kernel is run.
 The HAL includes hardware-specific code that controls I/O interfaces,
Interrupt controller and multiple processors.
 Without HAL, If a Program access Hardware then second one is
unable to access. If a Program access Hardware then second one is
unable to access.
 With HAL Program access HAL and here Is driver that is used to tell
HAL which hardware access. Therefore we can run multiple program.
kernel

 Windows Kernel is known as hybrid kernel.

 The Kernel works very closely with the HAL
 It schedules the activities to be performed by the CPU.
 kernel synchronizes activity among processors to optimize
performance.
 kernel mode stops user mode services and applications from
accessing critical areas of the operating system that should not have
access to.
 Kernel mode drivers exist in three levels.
1) Highest level drivers
2) Intermediate level drivers
3) Low level drivers
microkernel

 The microkernel is a collection of programs that can provide tasks

such as address space management, thread management and inter-
process communication (IPC).
 The Microkernel along with the Windows kernel make the operating
system work efficiently.
Responsibilities of kernel

1. Therad scheduling
2. Interrupt handling
3. Low-level processor synchronization
4. Recovery after power failure
Executive services

 The Executive Services, which includes the kernel and the HAL,
provides a set of common services that the user can use.
 This section interacts with Input/output devices, object management,
process management and the system security.
 Each group of services is managed by one of the components of the
executive services, which are as follows:
 Object manager
 Power Manger
 Process Manager
 I/O Manager
 Virtual memory management
 Local Procedure Call Facility
 Cache Manager
 Security Reference Monitor
 Plug and Play Monitor
 Device Drive Manager
Object manager

 The object Manager provides rules for retention, naming and security
of objects.
 Objects can be, for example, files and folders saved in the file
system.
 It also removes the duplicate object resources.
 Creation and insertion of objects can be done in this section.
 Objects are manipulated by a standard set of methods, namely
create, open, close, delete, query name and security
Power manager

 The power Manger deals with power events like power-off, stand-
by, and hibernate.
 Windows 2000 supports all of the latest standards in Power
Management including the Advanced Power Management (AMP) and
Advanced Configuration and Power Interface (ACPI).
 Consequently, network devices can be powered off when not in use
and dynamically reactivated when network access is required.
 Check network security.
Process manager

 The process Manager manages the creation and deletion of

processes.
 It provides a standard set of services for creating and using processes
 Process is started via the Create Process routine which loads any
dynamic link libraries that are used by the process, and creates a
primary thread
 Every dynamic link library or executable file that is loaded into the
address space of a process is identified by an instance handle
I/O manager

 The I/O Manager manages all the input and output for the operating
system.
 It supports all file system drivers, hardware device drivers and
network drivers, .
 The I/O Manager provides a common interface that all drivers, such
as FAT file system driver.
 This allows the I/O Manager to communicate with all drivers in the
same way, without any knowledge of how the devices they control
actually work.
Local procedure call facility

 The executive system implements a message passing facility called a

Local Procedure Call (LPC).
 Applications communicate with the environment subsystems by
passing messages via the LPC facility.
Cache manager

 The cache Manager is a part of the I/O architecture.

 It handles caching for the entire I/O system.
 Caching is used to improve the performance of the I/O systems.
 Instead of reading and writing directly to disk, frequently used files
are temporarily stored in a cache in memory, and read and write
operations are performed to these files in the memory
Security reference monitor

 The Security Reference Monitor (SRM) is responsible for enforcing the

access validation and audit-generation policy defined by the local
security subsystem.
Plug and play manager

 Plug and Play, which made its first appearance with Microsoft
Windows 95, is now a feature of Windows 2000. Changes have been
made within the system architecture of Windows 2000 to
accommodate this facility.
Device manager

 Device Manager allows you to check the status of your hardware

devices and to update device drivers for the hardware installed on
your computer.
Environment subsystem

 Environment subsystem allow Windows to run application written for

different operating system.
 The environment subsystem accept the API call made by the
application, convert the API call into a format that is understood by
Window , and then pass the converted API to executive components
running in Kernel mode.
 Main three environment subsystem
1. The Win32 subsystem
2. An OS/2 subsystem
3. POSIX subsystem
In groups of 3 discuss each of the
environment subsystems
Integral subsystem

 subsystem perform essential operating system function.

Security
 Creates security token and rights.
 Permission to user account.
 Accept user login request and initiates authentication.
Workstation services
 The workstation services allow a Windows computer to access the
network.
 Provide an API to access the network redirection
 The Windows architecture refers to the overall design and structure of
the Microsoft Windows operating system (OS).
 The architecture of Windows has evolved over time with the
introduction of new versions and features.
 Understanding the Windows architecture is crucial for developers and
system administrators to build and maintain applications and systems
that are compatible, efficient, and secure on the Windows platform.
 It allows for leveraging the provided APIs, services, and subsystems
to interact with the underlying system components effectively.
 Here are the key components and layers of the Windows
architecture:
 Kernel: At the core of the Windows architecture is the kernel, which
provides low-level services and manages system resources, such as
memory, processes, threads, and input/output operations. The
Windows kernel is responsible for essential functions like hardware
abstraction, process scheduling, memory management, and device
drivers.

 Executive Services: The executive services layer sits above the kernel
and provides higher-level system services. It includes components
like the Process Manager, Memory Manager, I/O Manager, Security
Reference Monitor, and Object Manager. These services handle tasks
such as managing processes and threads, memory allocation and
protection, I/O operations, security, and object management.
 Windows API: The Windows API (Application Programming Interface) is a
collection of functions, libraries, and interfaces that developers can use
to interact with the Windows OS. It provides a set of standardized
functions for tasks like window management, file operations, networking,
graphics, and more. The Windows API allows developers to create
applications that run on Windows and utilize the underlying system
services.

 Subsystems: Windows supports different subsystems, including the

Win32 subsystem (also known as the user-mode subsystem), POSIX
subsystem, and others. The Win32 subsystem is the primary subsystem
for Windows applications, providing a compatibility layer for running 32-
bit and 64-bit Windows applications. The POSIX subsystem allows
running applications developed for the POSIX standard.
 User Mode and Kernel Mode: Windows employs a protected mode
architecture, which differentiates between user mode and kernel
mode. User mode is the environment where most applications run,
and it provides a restricted and isolated environment. Kernel mode,
on the other hand, is reserved for trusted system processes and
device drivers, allowing direct access to system resources.

 Device Drivers: Device drivers are software components that facilitate

communication between the operating system and hardware devices.
Windows supports various types of drivers, such as kernel-mode
drivers and user-mode drivers. Device drivers handle the interaction
with hardware components like graphics cards, network adapters,
printers, and storage devices.
 Windowing System: The windowing system layer handles the
graphical user interface (GUI) functionality in Windows. It includes
components like the Desktop Window Manager (DWM), which
manages window composition, rendering, and visual effects. The
windowing system allows for the creation and management of
windows, user interface elements, and interaction with input devices.

 Services: Windows provides a range of built-in services that extend

the functionality of the operating system. These services include
networking services, security services, authentication services,
remote procedure call (RPC), and more. Services can be system-level
services that run continuously or user-initiated services that start on-
demand.
 At the bottom layer, you have the hardware components, including
the processor, memory, storage devices, input/output devices, and
network interfaces.
 On top of the hardware layer, you have the Windows kernel. The
kernel includes the executive services responsible for managing
system resources, such as memory management, process and thread
management, I/O operations, and device drivers.
 The Windows API provides a set of functions and libraries that allow
applications to interact with the operating system. It includes services
for window management, file operations, networking, graphics, and
more.
 Application frameworks, such as .NET Framework or Universal
Windows Platform (UWP), provide additional tools and libraries for
application development, including runtime environments,
development frameworks, and class libraries.
 At the top layer, you have user applications, which are developed
using the Windows API and application frameworks. These
applications can range from desktop applications to web browsers,
productivity tools, games, and more.