Operating System Organization

Table of Contents

Operating System Organization kernel-mode Components

kernel-mode Components

Windows has a highly modular architecture. Each system function is managed by just one component of the OS. The rest of the OS and all applications access that function through the responsible component using standard interfaces. Key system data can only be accessed through the appropriate function.

In principle, any module can be removed, upgraded, or replaced without rewriting the entire system or its standard application program interface (APIs).

The kernel-mode components of Windows are the following:

• Executive: Contains the base OS services, such as memory management, process
and thread management, security, I/O, and interprocess communication.

• Kernel: Controls execution of the processor(s). The Kernel manages thread scheduling, process switching, exception and interrupt handling, and multiprocessor synchronization. Unlike the rest of the Executive and the user level, the Kernel’s own code does not run in threads.

• Hardware abstraction layer (HAL): Maps between generic hardware commands and responses and those unique to a specific platform. It isolates the OS from platform-specific hardware differences.

The HAL makes each computer’s system bus, direct memory access (DMA) controller, interrupt controller, system timers, and memory module look the same to the Executive and Kernel components.

• Device drivers: Dynamic libraries that extend the functionality of the Executive. These include hardware device drivers that translate user I/O function calls into specific hardware device I/O requests and software components for
implementing file systems, network protocols, and any other system extensions that need to run in kernel mode.

• Windowing and graphics system: Implements the graphical user interface (GUI) functions, such as dealing with windows, user interface controls, and drawing.

Executive modules

The Windows Executive includes components for specific system functions
and provides an API for user-mode software. Following is a brief description of each of the Executive modules:

• I/O manager: Provides a framework through which I/O devices are accessible to applications, and is responsible for dispatching to the appropriate device drivers for further processing.

The I/O manager implements all the Windows I/O APIs and enforces security and naming for devices, network protocols, and file systems (using the object manager).

• Cache manager: Improves the performance of file-based I/O by causing recently referenced file data to reside in main memory for quick access, and by deferring disk writes by holding the updates in memory for a short time before sending them to the disk.

• Object manager: Creates, manages, and deletes Windows Executive objects and abstract data types that are used to represent resources such as processes, threads, and synchronization objects. It enforces uniform rules for retaining, naming, and setting the security of objects.

The object manager also creates object handles, which consist of access control information and a pointer to the object. Windows objects are discussed later in this section.

• Plug-and-play manager: Determines which drivers are required to support a
particular device and loads those drivers.

• Power manager: Coordinates power management among various devices and can be configured to reduce power consumption by shutting down idle devices, putting the processor to sleep, and even writing all of memory to disk and shutting off power to the entire system.

• Security reference monitor: Enforces access-validation and audit-generation rules. The Windows object oriented model allows for a consistent and uniform view of security, right down to the fundamental entities that make up the Executive.

Thus, Windows uses the same routines for access validation and for audit checks for all protected objects, including files, processes, address spaces, and I/O devices.

• Virtual memory manager: Manages virtual addresses, physical memory, and the paging files on disk. Controls the memory management hardware and data structures which map virtual addresses in the process’s address space to physical pages in the computer’s memory.

• Process/thread manager: Creates, manages, and deletes process and thread
objects.

• Configuration manager: Responsible for implementing and managing the system registry, which is the repository for both system wide and per-user settings of various parameters.

• Local procedure call (LPC) facility: Implements an efficient cross-process procedure call mechanism for communication between local processes implementing services and subsystems. Similar to the remote procedure call (RPC) facility used for distributed processing.

User-Mode Processes

User- More Processes Four basic types of user-mode processes are supported
by Windows:

• Special system processes: User mode services needed to manage the system, such as the session manager, the authentication subsystem, the service manager, and the logon process.

• Service processes: The printer spooler, the event logger, user mode components that cooperate with device drivers, various network services, and many, many others. Services are used by both Microsoft and external software developers to extend system functionality as they are the only way to run background user mode activity on a Windows system.

• Environment subsystems: Provide different OS personalities (environments). The supported subsystems are Win32/WinFX and POSIX. Each environment subsystem includes a subsystem process shared among all applications using the subsystem and dynamic link libraries (DLLs) that convert the user application calls to LPC calls on the subsystem process, and/or native Windows calls.

• User applications: Executables (EXEs) and DLLs that provide the functionality users run to make use of the system. EXEs and DLLs are generally targeted at a specific environment subsystems; although some of the programs that are provided as part of the OS use the native system interfaces (NTAPI). There is also support for running 16-bit programs written for Windows 3.1 or MS-DOS.

Windows Kernel Control Objects

Asynchronous Procedure Call: Used to break into the execution of a specified thread and to cause a procedure
to be called in a specified processor mode.

Deferred Procedure Call: Used to postpone interrupt processing to avoid delaying hardware interrupts. Also used to implement timers and inter-processor communication.

Interrupt: Used to connect an interrupt source to an interrupt service routine by means of an entry in an Interrupt Dispatch Table (IDT). Each processor has an IDT that is used to dispatch interrupts that occur on that processor.

Process: Represents the virtual address space and control information necessary for the execution of a set of thread objects. A process contains a pointer to an address map, a list of ready threads containing thread objects, a list of
threads belonging to the process, the total accumulated time for all threads executing within the process, and a base priority.

Thread: Represents thread objects, including scheduling priority and quantum, and
which processors the thread may run on.

Profile: Used to measure the distribution of run time within a block of code. Both
user and system code can be profiled.

See more: Operating System | Microkernel

[table id=1 /]