windows kernel
DESCRIPTION
Windows kernelTRANSCRIPT
-
Windows Kernel Architecture
-
Kernel Mode
Fundamental part of a modern computer's Os.
Software which allow users to share computer resources.
Directly controls the computer hardware.
-
Definition
kernel is a computer program that manages input/output requests from software and translates them into data processing instructions for the central processing unit and other electronic components of a computer.
-
Windows Kernel Architecture
-
Kernel Mode Components
HAL(Hardware Abstraction Layer)
Executive
Graphic Device Driver(Implements the graphical user interface (GUI).
-
Hardware Abstraction Layer
Refers to a layer of software that deals directly with your computer hardware.
It operates in between the hardware and the Windows executive services.
-
Kernel Mode Executive
Object Manager
Process Manager
Security Reference Monitor
I/O Manager
Plug & Play Manager
Virtual Memory Manager
Local Procedure Call Facility
-
Object Manager
The Windows kernel-mode object manager component manages objects. Files, devices, synchronization mechanisms, registry keys, and so on, are all represented as objects in kernel mode. Each object has a header (containing information about the object such as its name, type, and location), and a body (containing data in a format determined by each type of object).
Windows has more than 25 types of objects
-
Object Manager
-
Process Manager
A process is a program in execution A process has resources (CPU time, files) Management of processes includes:
Process control block(PCB)
Process Scheduling (priority, time management )
Creation/termination
Block/Unblock
Synchronization
Communication(IPC)
Deadlock handling
-
Process Control Block
It contains:
An ID number
Pointers
Register contents
States of various flags
Pointers to the upper and lower bounds of the memory required for the process
A list of files opened by the process
The priority of the process
The status of all I/O devices needed by the process
-
Process Control Block
-
Process Control Block
-
Process Manager
-
I/O Manager
Framework through which I/O devices are accessible to applications.
Manages the communication between applications and the interfaces provided by device drivers.
Communication between the operating system and device drivers is done through I/O request packets (IRPs).
-
I/O Manager
Computer uses an I/O system bus
Each I/O device has controller attached to I/O system bus
-
Security Reference Monitor
A kernel-mode component that performs access checks, generates audit log entries, and manipulates user rights (privileges)
All system calls go through reference monitor for security checking.
System call is how a program requests a service from an operating system's kernel
-
Plug & Play Manager
Determines which drivers are required to support a
particular device and loads those drivers
PnP requires support from device hardware, system software, and drivers.
PnP requires:
1. Pnp Bios
2. Extended System Configuration Data (ESCD)
-
Local Procedure Call
High speed message based communication mechanism between two user mode processes, between a user mode process and a kernel mode driver or between two kernel mode drivers
Provide Inter-process communication(IRP).
Enforces synchronous communication model between the client and the server processes.
-
Virtual Memory Management