Windows Kernel Architecture

Kernel Mode
Fundamental part of a modern computer's Os.
Software which allow users to share computer

resources.
Directly controls the computer hardware.

Definition
kernel is a computer program that
manages input/output requests from software and
translates them into data processing instructions for
the central processing unit and other electronic
components of a computer.

Windows Kernel Architecture

Kernel Mode Components

HAL(Hardware Abstraction Layer)

Executive
Graphic Device Driver(Implements the graphical

user interface (GUI).

Hardware Abstraction Layer

Refers to a layer of software that deals directly with

your computer hardware.

It operates in between the hardware and the
Windows executive services.

Kernel Mode Executive

Object Manager
Process Manager
Security Reference Monitor
I/O Manager
Plug & Play Manager
Virtual Memory Manager
Local Procedure Call Facility

Object Manager
The Windows kernel-mode object manager

component manages objects. Files, devices,

synchronization mechanisms, registry keys, and so
on, are all represented as objects in kernel mode.
Each object has a header (containing information
about the object such as its name, type, and
location), and a body (containing data in a format
determined by each type of object).
Windows has more than 25 types of objects

Object Manager

Process Manager
A process is a program in execution
A process has resources (CPU time, files)
Management of processes includes:

Process control block(PCB)

Process Scheduling (priority, time management )
Creation/termination
Block/Unblock
Synchronization
Communication(IPC)
Deadlock handling

Process Control Block

It contains:

An ID number
Pointers
Register contents
States of various flags

Pointers to the upper and lower bounds of the memory

required for the process

A list of files opened by the process
The priority of the process
The status of all I/O devices needed by the process

Process Control Block

Process Control Block

Process Manager

I/O Manager
Framework through which I/O devices are accessible

to applications.
Manages the communication between applications
and the interfaces provided by device drivers.
Communication between the operating system and
device drivers is done through I/O request packets
(IRPs).

I/O Manager
Computer uses an I/O system bus
Each I/O device has controller attached to I/O

system bus

Security Reference Monitor

A kernel-mode component that performs access checks,

generates audit log entries, and manipulates user rights

(privileges)

All system calls go through reference monitor for

security checking.
System call is how a program requests a service
from an operating system's kernel

Plug & Play Manager

Determines which drivers are required to support a

particular device and loads those drivers

PnP requires support from device hardware, system
software, and drivers.
PnP requires:
1. Pnp Bios
2. Extended System Configuration Data (ESCD)

Local Procedure Call

High speed message based communication

mechanism between two user mode processes,

between a user mode process and a kernel mode
driver or between two kernel mode drivers
Provide Inter-process communication(IRP).
Enforces synchronous communication model
between the client and the server processes.

Virtual Memory Management