Operating Systems Architecture

Operating Systems Architecture

Sections: 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | Index | Next >

The NT kernel

Learning objective: Explain the architecture of the NT kernel

Click on image to enlarge.

Windows 95 was an important operating system for Microsoft. However, it was a transitional system that gave Microsoft their first 32bit operating system. Much of the 95 kernel was still built on older and less stable architecture. The kernel is the core software that connects the software with the hardware. For Microsoft to enter the emerging server market, they needed something truly new. To address these concerns, Microsoft build the NT operating system from the ground up without any 95 kernel code. The Windows 95 shell was fitted to the new OS. This made NT easy to learn and use since the user interface was the same as Windows 95. The NT kernel is comprised of four rings that surround the hardware. The center two rings are currently not used and set aside for future development. The inner ring or kernel mode controls the functioning of the hardware. It is done through a hardware abstraction layer. It was designed to hide differences in hardware and therefore provide a consistent platform on which applications may run. The top ring or user mode manages how the user interface interfaces with the kernel. Note the multiple application program interfaces, or APIs, it has to work with Windows, OS2, and POSIX for UNIX. Microsoft was late into this market and needed to make their OS work well with other more established systems. This new technology or NT would become the kernel foundation for XP, Server 2000, Server 2003, Vista, Windows 7 and beyond. If you want to truly understand Windows, you need to understand the NT kernel.

The architecture of Windows NT, a line of operating systems produced and sold by Microsoft, is a layered design that consists of two main components, user mode and kernel mode. It is a preemptive, reentrant operating system, which has been designed to work with uniprocessor and symmetrical multi processor (SMP)-based computers. To process input/output (I/O) requests, they use packet-driven I/O, which utilizes I/O request packets (IRPs) and asynchronous I/O. Starting with Windows 2000, Microsoft began making 64-bit versions of Windows available before this, these operating systems only existed in 32-bit versions. [Wikipedia]

User mode

The user mode is made up of subsystems which can pass I/O requests to the appropriate kernel mode drivers via the I/O manager (which exists in kernel mode). Two subsystems make up the user mode layer of Windows NT: the Environment subsystem and the Integral subsystem. The environment subsystem was designed to run applications written for many different types of operating systems. None of the environment subsystems can directly access hardware, and must request access to memory resources through the Virtual Memory Manager that runs in kernel mode. Also, applications run at a lower priority than kernel mode processes.

There are three main environment subsystems: the Win32 subsystem, an OS/2 subsystem and a POSIX subsystem.

Kernel mode

Windows NT kernel mode has full access to the hardware and system resources of the computer and runs code in a protected memory area. It controls access to scheduling, thread prioritization, memory management and the interaction with hardware. The kernel mode stops user mode services and applications from accessing critical areas of the operating system that they should not have access to; user mode processes must ask the kernel mode to perform such operations on their behalf. While the x86 architecture supports four different privilege levels (numbered 0 to 3), only the two extreme privilege levels are used. Usermode programs are run with CPL 3, and the kernel runs with CPL 0. These two levels are often referred to as "ring 3" and "ring 0", respectively. Such a design decision had been done to achieve code portability to RISC platforms that only support two privilege levels, though this breaks compatibility with OS/2 applications that contain I/O privilege segments that attempt to directly access hardware. Kernel mode consists of executive services, which is itself made up on many modules that do specific tasks, kernel drivers, a kernel and a Hardware Abstraction Layer, or HAL. [Wikipedia]

Hardware abstraction layer

A hardware abstraction layer (HAL) is an abstraction layer, implemented in software, between the physical hardware of a computer and the software that runs on that computer. Its function is to hide differences in hardware from most of the operating system kernel, so that most of the kernel-mode code does not need to be changed to run on systems with different hardware. On a PC, HAL can basically be considered to be the driver for the motherboard and allows instructions from higher level computer languages to communicate with lower level components, such as directly with hardware. The Windows NT operating system has an HAL in the kernel space, between hardware and kernel, drivers, executive services. This allows portability of the Windows NT kernel-mode code to a variety of processors, with different memory management unit architectures, and a variety of systems with different I/O bus architectures; most of that code runs without change on those systems, when compiled for the instruction set for those systems. For example, the SGI Intel x86-based workstations were not IBM PC compatible workstations, but due to the HAL, Windows NT was able to run on them. [Wikipedia]

Blue Screen of Death

In Windows NT family of operating systems, the blue screen of death (officially known as a Stop error, and referred to as "bug checks" in the Windows Software development kit and Driver development kit documentation) occurs when the kernel or a driver running in kernel mode encounters an error from which it cannot recover. This is usually caused by an illegal operation being performed. The only safe action the operating system can take in this situation is to restart the computer. As a result, data may be lost, as users are not given an opportunity to save data that has not yet been saved to the hard drive. [Wikipedia]

✏ Self Quiz!

Select the best response(s) for each question/statement. Use this opportunity to test *your* knowledge and not just move on...

1) Key aspects of the NT kernel are the:
Shell mode
Kernel mode
Hardware abstraction layer

2) The Blue Screen of Death is often caused by...
Driver issues
Illegal operations
User errors


Thinking: Why have a HAL on NT?

Key terms: Blue Screen of Death, HAL, Kernel mode, NT, POSIX, User mode, kernel

To maximize your learning, please visit these Web sites and review their content to help reinforce the concepts presented in this section.

Quick links:
NT kernel @ Wikipedia
Protection rings @ Wikipedia
Hardware abstraction layer @ Wikipedia
POSIX @ Wikipedia
Blue Screen of Death @ Wikipedia

Embedded Resources

Notes on navigation: Click inside the frame to navigate the embedded Web page. - Click outside the frame to navigate this page to scroll up/down between the embedded Web pages. - Click on the frame title to open that page in a new tab in most browsers. - Click on the the "Reload page" link to reload the original page for that frame.

NT kernel @ Wikipedia | Reload page | If frame is empty, click on the link to view the page in a new tab or window

Protection rings @ Wikipedia | Reload page | If frame is empty, click on the link to view the page in a new tab or window

Hardware abstraction layer @ Wikipedia | Reload page | If frame is empty, click on the link to view the page in a new tab or window

POSIX @ Wikipedia | Reload page | If frame is empty, click on the link to view the page in a new tab or window

Blue Screen of Death @ Wikipedia | Reload page | If frame is empty, click on the link to view the page in a new tab or window

Sections: 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | Index | Next >