Basic Windows Operating System Architecture
The Microsoft Windows operating system has changed a lot from the simple personal computer operating system, DOS. It has grown from a single product offering to a full family of products to meet different needs. The current versions of Windows address a wide variety of computing needs, from portable devices and workstations to enterprise-class, high-performance platforms. The Windows operating system is designed to be a modular system to provide the widest variety of services for most platform requirements.
The current versions of client and server Windows operating systems in use today are all based on the Windows NT code base. Windows NT was Microsoft’s first operating system designed with security in mind. The first commercial version of Windows NT was version 3.1, released in 1993. At the time, Windows NT was a ground-breaking product from Microsoft. Several versions of Windows share a common ancestry back to Windows NT.
Based on the same kernel, the current Windows operating systems are designed with modified microkernel architectures. The operating system design allows many system functions to be implemented as external programs that run in kernel mode. In a pure microkernel architecture, external programs are not allowed to run in kernel mode. Because of the modular nature of Windows, major components can be removed, replaced, or enhanced without having to rewrite the entire operating system. This design allows Microsoft to create different versions of the same base operating system to provide specific services for different client and server environments.
Windows Run Modes
The architecture of the Windows operating system consists of two main layered components—kernel (or supervisor) mode and user mode programs. Kernel mode and user mode programs run in a privileged mode, also called kernel or supervisor mode, and interact closely with the physical hardware. User mode programs interact with both users and kernel mode programs. FIGURE 2-3 shows the basic architecture of a Windows operating system.
FIGURE 2-3
Windows operating system components.
© Jones & Bartlett Learning.
Kernel Mode
Programs running in kernel mode have complete access to the computer’s hardware and system services. This level of access is needed by the operating system and provides an attractive target for attackers.
TABLE 2-2 shows the main kernel mode program components.
TABLE 2-2 Windows Kernel Mode Components |
|
|---|---|
| COMPONENT | DESCRIPTION |
| Hardware Abstraction Layer (HAL) | The HAL provides the actual access to physical hardware. All other kernel mode programs interact with hardware through the HAL. This allows Microsoft to support multiple hardware platforms by just writing different HAL modules, instead of rewriting all operating system programs. |
| Kernel mode drivers | Kernel mode drivers provide user programs and other kernel mode programs access to individual hardware devices, through the HAL. These drivers provide the translation to allow other programs to access devices as file objects. |
| Microkernel | The microkernel is the memory-resident portion of the operating system that provides the core functionality of operating system functionality, including CPU synchronization, process thread/interrupt scheduling, and exception handling. |
| Executive | The executive is at the “highest level” of the kernel mode programs. It provides services, such as managing objects, I/O, security, and process management. User mode programs interact with the operating system via the executive. |
© Jones & Bartlett Learning. |
|
User Mode
All nonkernel mode programs run under user mode. This includes application programs and the user mode layer of Windows. The Windows user mode layer programs handle all user interaction and processing requests, and pass I/O requests to the necessary kernel mode drivers, using the executive. TABLE 2-3 lists the two main user mode program components.
TABLE 2-3 Windows User Mode Components |
|
|---|---|
| COMPONENT | DESCRIPTION |
| Environment subsystem | The environment subsystem provides the ability to run programs written for different operating systems, including previous Windows versions and Linux. |
| Integral subsystem | The integral subsystem handles the user mode functions on behalf of the environment subsystem, including logon and access control, network access, and providing network services. |
© Jones & Bartlett Learning. |
|