Menu
Simplified Windows Architecture Overview

With this brief overview of the design and packaging of Windows, let's take a look at the key system components that make up its architecture. A simplified version of this architecture is shown in Figure 2-1. Keep in mind that this diagram is basic - it doesn't show everything. (For example, the networking components and the various types of device driver layering are not shown.)

Simplified Windows architecture

In Figure 2-1, first notice the line dividing the user-mode and kernel-mode parts of the Windows operating system. The boxes above the line represent user-mode processes, and the components below the line are kernel-mode operating system services. User-mode threads execute in a protected process address space (although while they are executing in kernel mode, they have access to system space). Thus, system support processes, service processes, user applications, and environment subsystems each have their own private process address space.

The four basic types of user-mode processes are described as follows:

Fixed (or hardwired) system support processes, such as the logon process and the Session manager, that are not Windows services. (That is, they are not started by the service control control manager.

Service processes that host Windows services, such as the task Scheduler and Print Spooler services. Services generally have th requirement that they run independently of user logons. Many Windows server applications, such as Microsoft SQL Server and Microsoft Exchange Server, also include components that run as services.

User applications, which can be one of the following types: 32-bit or 64-bit, Windows 3.1 16-bit, MS-DOS 16-bit, or POSIX 32-bit or 64-bit. Note that 16-bit applications can be run only on 32-bit Windows.

Environmental subsystem server processes, which implement part of the support for the operating system environment, or personality, presented to the user and programmer. Windows NT originally shipped with three environment subsystems: Windows, POSIX, and OS/2. However, the POSIX and OS/2 subsystems last shipped with Windows 2000. The Ultimate and Enterprise editions of Windows client as well as all server versions include support for an enhanced POSIX subsystem call Subsystem for Unix-based Applications (SUA).

In Figure 2-1, notice the "Subsystem DLLs" box below the "Service processes" and the "User applications" boxes. Under Windows, user applications don't call the native Windows operating system services directly; rather, they go though one or more subsystem dynamic-link libraries (DLLs). The role of the subsystem DLLs is to translate a documented function into the appropriate internal (and generally undocumented) native system service calls. This translation might or might not involve sending a message to the environment subsystem process that is serving the user application.

The kernel-mode components of Windows include the following:

The Windows executive contains the base operating system services, such as memory management, process and thread management, security, I/O, networking, and interprocess communication.

The Windows kernel consists of low-level operating system functions, such as thread scheduling, interrupt and exception dispatching, and multiprocessor synchronization. It also provides a set of routines and basic objects that the rest of the executive uses to implement higher-level constructs.

Device drivers include both hardware device drivers, which translate user I/O function calls into specific hardware device I/O requests, as well as nonhardware device drivers such as file system and network drivers.

The hardware abstraction layer (HAL) is a layer of code that isolates the kernel, the device drivers, and the rest of the Windows executive from platform-specific hardware differences (such as differences between motherboards).

The windowing and graphics system implements the graphical user interface (GUI) functions (better known as the Windows USER and GDI functions), such as dealing with windows, user interface controls, and drawing.

Table 2-1 lists the file names of the core Windows operating system components.

Table 2-1 Core Windows System Files

File NameComponents
Ntoskrnl.exe (32-bit systems only)Executive and kernel, with support for Physical Address Extension (PAE), which allows 32-bit systems to address up to 64 GB of physical memory and to mark memory as nonexecutable.
Hal.dllHardware abstraction layer
Win32k.sysKernel-mode part of the Windows subsystem
Ntdll.dllInternal support functions and system dispatch to execute functions
Kernel32.dll,Advapi32.dll,
User32.dll,Gdi32.dll
Core Windows subsystem DLLs

The above is an excerpt from:

Delve inside Windows architecture and internals - and see how core components work behind the scenes. Led by three renowned internals experts, this classic guide is fully updated for Windows 7 and Windows Server 2008 R2 - and now presents its coverage in two volumes. As always, you get critical insider perspectives on how Windows operates. And through hands-on experiments, you'll experience its internal behavior firsthand-knowledge you can apply to improve application design, debugging, system performance, and support.

A Windows Internals, Part 1 reader says, "This book delivers as advertised. It is a deep dive into the Windows architecture and as advertised is targeted toward developers. I am not a developer but was looking for a book that might give me insight into the things I see as a computer technician. Much of what is in this book is beyond my understanding and need. However, there is enough that hits home that I'm glad that I purchased it."

"A main feature of the book is examples. The author does a very nice job of providing examples so you can see how the architecture blocks function and relate to each other. I have only read about 100 pages so far but am glad that I bought the book." Click here for more information.

More Computer Architecture Articles:
• Microcontroller's Parallel I/O System
• Simplified Windows Architecture Overview
• Processor Affinity in Symmetric Multiprocessing
• Shortest-Job-First CPU Scheduling Algorithm
• The Computer's Chipset
• AMD's Microarchitectures
• Oscilloscope Required for Serious Digital Electronics Work
• Basic Decoder Circuitry
• The Motherboard Chipset
• Intel's Dual-Core Core i3 Processor