Windows NT Architecture

User mode consists of subsystems that transmit I / O requests to the appropriate kernel-mode driver through an I / O manager. The user level consists of two subsystems - the environment subsystem (Environment) and the integrated subsystem (Integral).

The environment subsystem is designed to run applications written for different types of operating systems. None of the subsystems of the environment has direct access to the hardware of the computer. Access to memory resources occurs through the Virtual Memory Manager, which operates in kernel mode. Applications also run with lower priority than kernel-mode processes.

The environment subsystem consists of the following subsystems - the Win32 subsystem, the OS / 2 subsystem, and the POSIX subsystem. The Win32 environment subsystem runs 32-bit Windows applications. It contains a console and text window support, error handling for all other environment subsystems. Supports VDM (Virtual DOS Machine), which allows you to run 16-bit DOS and Windows (Win16) applications. VDM runs in its own address space and emulates an MS-DOS system running on a computer with an Intel 80486 processor. Win16 programs run in Win16 VDM mode. Each program is launched in one process using one address space, but each program uses its own separate thread. However, Windows NT allows you to run Win16 programs in separate Win16 VDM processes, implementing preemptive multitasking. The Win32 environment subsystem process - csrss.exe also includes the functionality of a window manager, that is, it processes incoming events, such as keystrokes of the keyboard and mouse, and passes them to the corresponding applications for processing. Each application itself redraws the windows in response to these messages.

The OS / 2 environment subsystem supports non-graphical 16-bit OS / 2 operating system applications and emulates the OS / 2 2.1.x system.

The POSIX environment subsystem supports applications written in accordance with the POSIX.1 standard.

An integrated subsystem (Integral subsystem) monitors some functions of the operating system on behalf of the environment subsystem. It consists of a security subsystem, a workstation service, and a server service. The security service handles access tokens , allows or denies access to the user account, processes authorization requests, and initiates the user login process. The Workstation service provides computer access to the network - it is an API for a network redirector (software that emulates access to a remote file system as a local one). The Server service allows a computer to provide network services.

Windows NT kernel mode has full access to the computer’s hardware and system resources. It works in a protected area of ​​memory. Manages memory and hardware interactions. Prevents access to critical areas of memory from applications and user-mode services. To perform such operations, the user-mode process must ask the kernel mode to execute it on its behalf.

The x86 architecture supports 4 privilege levels - from 0 to 3, but only the 0th and 3rd levels are used. User mode uses level 3, and kernel mode uses 0. This was done to allow portability to the RISC platform, which uses only two privilege levels. Kernel mode consists of executive services, which are various modules that perform specific tasks, kernel drivers, the kernel itself and the level of hardware abstractions HAL.

Executive subsystem

Works with input / output, object manager, process and security control. Unofficially divided into several subsystems - cache manager, configuration manager, I / O manager, local procedure call, memory manager, security monitor. System services, that is, system calls, are implemented at this level, with the exception of a few calls that directly call the kernel for better performance. In this context, the term “service” refers to called routines, or a set of called routines. They differ from user-mode services, which are somewhat analogous to daemons on UNIX-like systems.

Object Manager

This is the executive subsystem, which is accessed by all the other modules of the executive subsystem, in particular, system calls, when they need to access the resources of Windows NT. The object manager serves to reduce duplication of objects, which can lead to errors in the system. For an object manager, each system resource is an object — whether it be a physical resource such as a peripheral device, a file system, or a logical resource — a file, etc. Each object has its own structure, or object type.

Creating an object is divided into two stages - creation and insertion. Creation - an empty object is created and the necessary resources are reserved, for example, a name in the namespace. If the creation of an empty object was successful, then the subsystem responsible for creating the object fills it. If the initialization is successful, then the subsystem forces the object manager to insert the object - that is, make it accessible by its name or descriptor.