Windows Kernel Architecture
Kernel Mode
Fundamental part of a modern computer's Os.
Software which allow users to share computer
resources.
Directly controls the computer hardware.
�Definition
kernel is a computer program that
manages input/output requests from software and
translates them into data processing instructions for
the central processing unit and other electronic
components of a computer.
�Windows Kernel Architecture
�Kernel Mode Components
HAL(Hardware Abstraction Layer)
Executive
Graphic Device Driver(Implements the graphical
user interface (GUI).
�Hardware Abstraction Layer
Refers to a layer of software that deals directly with
your computer hardware.
It operates in between the hardware and the
Windows executive services.
�Kernel Mode Executive
Object Manager
Process Manager
Security Reference Monitor
I/O Manager
Plug & Play Manager
Virtual Memory Manager
Local Procedure Call Facility
�Object Manager
The Windows kernel-mode object manager
component manages objects. Files, devices,
synchronization mechanisms, registry keys, and so
on, are all represented as objects in kernel mode.
Each object has a header (containing information
about the object such as its name, type, and
location), and a body (containing data in a format
determined by each type of object).
Windows has more than 25 types of objects
�Object Manager
�Process Manager
A process is a program in execution
A process has resources (CPU time, files)
Management of processes includes:
Process control block(PCB)
Process Scheduling (priority, time management )
Creation/termination
Block/Unblock
Synchronization
Communication(IPC)
Deadlock handling
�Process Control Block
It contains:
An ID number
Pointers
Register contents
States of various flags
Pointers to the upper and lower bounds of the memory
required for the process
A list of files opened by the process
The priority of the process
The status of all I/O devices needed by the process
�Process Control Block
�Process Control Block
�Process Manager
�I/O Manager
Framework through which I/O devices are accessible
to applications.
Manages the communication between applications
and the interfaces provided by device drivers.
Communication between the operating system and
device drivers is done through I/O request packets
(IRPs).
��I/O Manager
Computer uses an I/O system bus
Each I/O device has controller attached to I/O
system bus
�Security Reference Monitor
A kernel-mode component that performs access checks,
generates audit log entries, and manipulates user rights
(privileges)
All system calls go through reference monitor for
security checking.
System call is how a program requests a service
from an operating system's kernel
�Plug & Play Manager
Determines which drivers are required to support a
particular device and loads those drivers
PnP requires support from device hardware, system
software, and drivers.
PnP requires:
1. Pnp Bios
2. Extended System Configuration Data (ESCD)
�Local Procedure Call
High speed message based communication
mechanism between two user mode processes,
between a user mode process and a kernel mode
driver or between two kernel mode drivers
Provide Inter-process communication(IRP).
Enforces synchronous communication model
between the client and the server processes.
�Virtual Memory Management
