The
Windows NT/2003 operating system family's architecture
consists of two layers,
The architecture of Windows NT,by Microsoft, is a layered design consists of two main components, user mode and kernel mode.
It is a
preemptive,
reentrant operating
system, which has been designed to work with uniprocessor
and symmetrical multi processor (SMP)-based computers.
To
process input/output (I/O) requests, they use
packet-driven I/O, which utilizes I/O request packets (IRPs) and asynchronous I/O. Starting with Windows XP.
Programs
and subsystems in user mode are limited in terms of what system resources they
have access to, while the kernel mode has unrestricted access to the system
memory and external devices.
The
Windows NT kernel is known as a hybrid kernel and essential
parts of the system are executed in kernel mode, thus making it a monolithic kernel that
is structured similarly to a microkernel.
The
architecture comprises a simple kernel, hardware abstraction layer (HAL),
drivers, and a range of services (collectively named Executive), which all exist in kernel
mode.
User
mode in Windows NT is made of subsystems capable of passing I/O requests to the
appropriate kernel mode software drivers by using the I/O manager.
Two
subsystems make up the user mode layer of Windows NT:
1. Environment
subsystem (which runs applications written for many different types of O.S
2. Integral
subsystem (operates system specific functions on behalf of the environment
subsystem)
Kernel
mode in Windows NT has full access to the hardware and system resources of the
computer. The kernel mode stops user mode services and applications from
accessing critical areas of the operating system that they should not have
access to.
The
Executive interfaces with all the user mode subsystems. It deals with I/O,
object management, security and process management. The kernel sits between the
Hardware Abstraction Layer and the Executive to provide multiprocessor
synchronization, thread and interrupt scheduling and dispatching, and trap
handling and exception dispatching. The kernel is also responsible for
initializing device drivers at bootup.
Kernel
mode drivers exist in three levels: highest level drivers, intermediate drivers
and low level drivers. Windows
Driver Model (WDM) exists in the intermediate layer and was mainly
designed to be binary and source compatible between Windows 98 and Windows 2000.
The lowest level drivers are
either legacy Windows NT device drivers that control a device directly or can
be a PnP
hardware bus.
User mode
The
user mode is made up of subsystems which can pass I/O requests to the
appropriate kernel mode drivers via the I/O manager (in kernel mode).
Two
subsystems make up the user mode layer: (1) Environment subsystem (2) Integral subsystem.
(1) Environment subsystem
The
environment subsystem was designed to run applications written for many
different types of operating systems. None of the environment subsystems can
directly access hardware, and must request access to memory resources through
the Virtual Memory Manager that runs in kernel mode.
There
are three main environment subsystems:
(1) Win32 subsystem (2) OS/2 subsystem (3) POSIX
subsystem.
·
The Win32 environment subsystem can run 32-bit Windows
applications. It contains the console, text window support, shutdown and
hard-error handling for all other environment subsystems
·
The Win32 environment subsystem process (csrss.exe)
also includes the window management functionality, sometimes referred to as a
"window manager".
·
The POSIX environment subsystem supports applications
that are strictly written to either the POSIX.1 standard or the related ISO/IEC standards.
(2) The integral subsystem:- O.S specific functions on behalf of the environment subsystem.
It
consists of a (1) security subsystem
(2) workstation service (3) server service.
The
security subsystem deals with security tokens, grants or denies access to user
accounts based on resource permissions, handles login requests and initiates
login authentication, and determines which system resources need to be audited
by Windows NT. It also looks after Active Directory. The workstation service is an API to the network redirector,
which provides the computer access to the network. The server service is an API
that allows the computer to provide network services.
Kernel mode
Windows
NT kernel mode
has full access to the hardware and system resources of the computer and runs
code in a protected memory area.
It
controls access to scheduling, thread prioritization, memory management and the
interaction with hardware. The kernel mode stops user mode services and
applications from accessing critical areas of the operating system that they
should not have access to; user mode processes must ask the kernel mode to
perform such operations on their behalf.
While
the x86 architecture supports four different
privilege levels (numbered 0 to 3)
Executive
The
Windows Executive services make up the low-level kernel-mode portion, and are
contained in the file NTOSKRNL.EXE.
It
deals with I/O, object management, security and process management. It's
informally divided into several subsystems such as Cache Manager, Configuration
Manager, I/O Manager, Local
Procedure Call (LPC), Memory Manager, Object
Manager, Process Structure and Security Reference Monitor (SRM).
Grouped together, the components can be called Executive services (internal
name Ex). System Services (internal name Nt), i.e., system calls, are implemented at this
level, too, except very few that call directly into the kernel layer for better
performance.
Object Manager
The Object Manager (internal name Ob )
is an executive subsystem that all other executive subsystems, especially system
calls, must pass through to gain access to Windows NT resources—essentially
making it a resource management infrastructure service.
The object manager is used to reduce the duplication of
object resource management functionality in other executive subsystems, which
could potentially lead to bugs and make development of Windows NT harder.
Object manager, each resource is an object,
whether that resource is a physical resource (such as a file system or
peripheral) or a logical resource (such as a file). Each object has a structure
or object type that the object manager must know about.
Object creation is a process in two phases,
creation and insertion.
Creation causes the allocation of an empty object and the
reservation of any resources required by the object manager, such as an
(optional) name in the namespace
Handles are identifiers that represent a reference to a kernel
resource through an opaque value.
Object types define the object procedures and any data
specific to the object. In this way, the object manager allows Windows NT to be
an object oriented operating system.
Cache Controller :- Closely
coordinates with the Memory Manager, I/O Manager and I/O drivers to provide a
common cache for regular file I/O. Uniquely,
Configuration Manager :- Implements
the Windows registry.
I/O Manager :- Allows devices to communicate with
user-mode subsystems. It translates user-mode read and write commands into read
or write IRPs which it passes to device drivers.
Local Procedure Call (LPC)
Provides inter-process communication ports with
connection semantics. LPC ports are used by user-mode subsystems to communicate
with their clients, by Executive subsystems to communicate with user-mode
subsystems, and as the basis for the local transport for MSRPC.
(Microsoft Remote Procedure Call)
(Microsoft Remote Procedure Call)
Memory Manager: - Manages virtual memory, controlling memory
protection and the paging of
memory in and out of physical memory to secondary storage.
Process Structure :-Handles process
and thread
creation and termination, and it implements the concept of Job, a group of
processes that can be terminated as a whole, or be placed under shared
restrictions (such a total maximum of allocated memory, or CPU time).
PnP Manager: - Handles Plug n Play
& supports device detection and installation at boot time
Power Manager :- Deals with power events (power-off,
stand-by, hibernate, etc)
Security Reference Monitor (SRM) :- The primary
authority for enforcing the security rules of the security integral subsystem.
It determines whether an object or resource can be accessed, via the use of
access control lists (ACLs), which are they made up of access control entries
(ACEs).
GDI:- The Graphics
Device Interface is responsible for tasks such as drawing lines and
curves, rendering fonts and handling palettes.
Kernel:-The
kernel sits between the HAL and the Executive and provides multiprocessor
synchronization, thread and interrupt scheduling and dispatching, and trap handling
and exception dispatching.
Kernel-mode drivers
Windows NT uses kernel-mode device
drivers to enable it to interact with hardware devices. Each of the
drivers has well defined system routines and internal routines that it exports
to the rest of the operating system.
Kernel
mode drivers exist in three levels: (1) highest
level (2) intermediate (3) low level drivers.
The
highest level drivers: - Such as file system drivers for FAT
and NTFS, rely
on intermediate drivers. Intermediate drivers consist of function drivers—or
main driver for a device
Intermediate drivers:- rely on the
lowest level drivers to function. The Windows
Driver Model (WDM) exists in the intermediate layer.
The
lowest level drivers:- are either legacy Windows NT device drivers that control
a device directly or can be a PnP hardware bus. These lower level drivers
directly control hardware and do not rely on any other drivers.
Hardware abstraction layer
The
Windows NT HAL, is a layer between the physical hardware of the computer and
the rest of the operating system. It was designed to hide differences in
hardware and therefore provide a consistent platform on which the kernel is
run.
The HAL
includes hardware-specific code that controls I/O interfaces, interrupt
controllers and multiple processors.
No comments:
Post a Comment