Windows Internals

Structural Foundations of Windows Architecture

Windows is one of the most widely used operating systems in the world, powering everything from personal computers to enterprise servers. Windows architecture is designed to provide users with a seamless interface for interacting with their computers. Developers are also offered with a robust platform for application development. The protection ring needs to be understood in depth to understand the OS architecture. Protection ring defines the logical separation of execution privileges between each layer.

Operating system protection ring

Protection Ring

Windows client architecture

Show below is the windows protection ring. This architecture provides fault tolerance and better security. Each component is discussed in detail.

Windows client architecture

Windows client architecture (Microsoft)

Operate system kernel: kernel is the lowest layer and acts as an interface between OS and hardware. In this architecture kernel consists of Windows kernel and low level drivers. This layer holds the highest level of privileges.

System services: Operating system interacts with drivers and kernals using system services.This consists of Windows APIs and .NET Framework. Windows API is the interface between applications and operating system.

Apps: Apps exists in the user mode and users interact with the applications. The operating system first transforms these interactions into corresponding API calls. These API calls are then converted into system calls.

Modes of operation

There are two modes of operations, user mode and kernel mode.

User mode: This layer is where applications and subsystems operate. This layer has the lowest privilege and handles much of the user interactions.

Kernel Mode: Below the user mode is where the kernel and its associated components reside. The kernel mode has direct access to system hardware and higher privileges. The Windows kernel is a hybrid kernel, blending aspects of monolithic kernels and microkernels to balance performance and molecularity. This design allows Windows to offer extensive hardware support and efficient process communication. Separation between the components are essential to maintain security and stability.

Windows API

The Windows API (Application Programming Interface) is a collection of functions, protocols, data structures, and other components provided by the Windows operating system. The API provides a set of well-defined functions and protocols that programmers can use to perform specific tasks, making it easier to create software that runs on the Windows platform. The Windows API consists of several libraries including:

  1. User32.dll: Contains functions for creating and managing user interface elements like windows, menus, and buttons.
  2. Kernel32.dll: Provides functions related to memory management, process handling, file operations, and system information.
  3. GDI (Graphics Device Interface): Handles graphical operations such as drawing shapes, text, and images on the screen.
  4. Winsock (Windows Sockets): Offers networking functions for developing applications that communicate over networks using protocols like TCP/IP.
  5. WinINet: Provides functions for internet-related operations such as HTTP, FTP, and Gopher protocols.

Programs Vs Processes

In computing, a program refers to a sequence of instructions written in a programming language. These instructions are typically stored in memory or on disk. Programs, like software applications or executable files, remain static until executed. When a program is run, the computer’s CPU activates it, creating what’s known as a process. A process embodies the execution of these instructions in a computer’s memory, comprising the program’s code, current activity, and a unique process identifier (PID). Processes actively consume system resources like CPU time, memory, and network connections. In contrast, a program remains inert until it is executed as a process. Essentially, a program is a defined set of instructions, while a process represents their active execution within a computer’s memory.