Date post: | 15-Sep-2015 |
Category: |
Documents |
Upload: | ikram-nazeer |
View: | 236 times |
Download: | 3 times |
Windows Kernel Architecture
Kernel Mode
Fundamental part of a modern computer's Os.
Software which allow users to share computer resources.
Directly controls the computer hardware.
Definition
kernel is a computer program that manages input/output requests from software and translates them into data processing instructions for the central processing unit and other electronic components of a computer.
Windows Kernel Architecture
Kernel Mode Components
HAL(Hardware Abstraction Layer)
Executive
Graphic Device Driver(Implements the graphical user interface (GUI).
Hardware Abstraction Layer
Refers to a layer of software that deals directly with your computer hardware.
It operates in between the hardware and the Windows executive services.
Kernel Mode Executive
Object Manager
Process Manager
Security Reference Monitor
I/O Manager
Plug & Play Manager
Virtual Memory Manager
Local Procedure Call Facility
Object Manager
The Windows kernel-mode object manager component manages objects. Files, devices, synchronization mechanisms, registry keys, and so on, are all represented as objects in kernel mode. Each object has a header (containing information about the object such as its name, type, and location), and a body (containing data in a format determined by each type of object).
Windows has more than 25 types of objects
Object Manager
Process Manager
A process is a program in execution A process has resources (CPU time, files) Management of processes includes:
Process control block(PCB)
Process Scheduling (priority, time management )
Creation/termination
Block/Unblock
Synchronization
Communication(IPC)
Deadlock handling
Process Control Block
It contains:
An ID number
Pointers
Register contents
States of various flags
Pointers to the upper and lower bounds of the memory required for the process
A list of files opened by the process
The priority of the process
The status of all I/O devices needed by the process
Process Control Block
Process Control Block
Process Manager
I/O Manager
Framework through which I/O devices are accessible to applications.
Manages the communication between applications and the interfaces provided by device drivers.
Communication between the operating system and device drivers is done through I/O request packets (IRPs).
I/O Manager
Computer uses an I/O system bus
Each I/O device has controller attached to I/O system bus
Security Reference Monitor
A kernel-mode component that performs access checks, generates audit log entries, and manipulates user rights (privileges)
All system calls go through reference monitor for security checking.
System call is how a program requests a service from an operating system's kernel
Plug & Play Manager
Determines which drivers are required to support a
particular device and loads those drivers
PnP requires support from device hardware, system software, and drivers.
PnP requires:
1. Pnp Bios
2. Extended System Configuration Data (ESCD)
Local Procedure Call
High speed message based communication mechanism between two user mode processes, between a user mode process and a kernel mode driver or between two kernel mode drivers
Provide Inter-process communication(IRP).
Enforces synchronous communication model between the client and the server processes.
Virtual Memory Management