Platform Technology (OS)

Laboratory

Rama, Benjie
Dawi, Jeson

The Kernel Diagram of Windows Operating Systems

The kernel diagram of windows OS is a layered design that consists of two main
components, user mode and kernel mode. User mode is where your applications,
such as Microsoft Word or Excel, and environment subsystems run. Kernel mode is
where the operating system kernel and other low-level processes operate. Basically,
when you open a program and start processing your tasks like the Microsoft Word, the
processes behind it takes place in the kernel mode while the inputs from you is in the
user mode. In modern operating systems, applications are separated from the operating
system itself. The operating system code runs in a privileged processor mode in kernel
mode and has access to system data and hardware.

To understand this, let us take the example of MS Paint. If I launch paint and
then try to open an image by keying in the filename, a thread in the mspaint.exe
process is going to be switched into the kernel mode by the processor in order to
access the file-system which is in the kernel mode that will allow it to view all the files
present on the disk and locate the file that matches the filename. On locating the file,
the mspaint thread is provided a handle to the file object in the kernel mode and then
the thread is switched back to user mode by the processor.
In the user mode, system Support Processes is one of the processes. System
Control Manager is a process that start and stop the windows processes including the
device drivers and the startup program, its main function is to start all the required
services at system start up. Followed by, Lsass or local security authority subsystem
service – a process responsible for enforcing the security policy on the system. In
society it is the authority that enforcing the security policies in the community. Winlogon
– it is the authenticator in the system which verifies the user and handling the system.
Session Manager System – performs critical operations when the system is starting up
like handling the environment in the system.
Another one is, Service processes. It inclues the following.
SVChost.exe - is a service that run from dynamic link libraries. Dynamic link libraries
contain the data and code that is needed in the program.
Winmgmt.exe exe is the major services of client manager, this process start when an
application connects or run continuously when management application requests its
services.
Spooler – primary component of the printing interface is the print spooler. The print
spooler is an executable file that manages the printing process. The spooler is loaded at
system startup and continues to run until the operating system is shut down.
Services.exe – service controller process. Service Controller helps you take some load
off the system when the OS initializes. It minimizes the process involved while
controlling Windows Services. creates a custom list of Windows
services to control manually within a single place, easily and more effectively.
In the applications, task manager, windows explorer and user application are
used. Task Manager - enables you to monitor the applications, processes, and services
currently running on your PC. You can use Task Manager to start and stop programs
and to stop processes, it can also give you the statistics about the computer
performance and network. Windows Explorer - It allows users to manage files, folders
and network connections, as well as search for files and related components. In short it
is a managing and search application for files or components. User Application It is an
application run by the user from computer software package that performs specific
functions. It runs with Subsystem DLLs which translate a function into the appropriate
internal to before sent to the kernel.

The environment subsystems are services that provide application programming

interfaces (APIs) that are specific to an operating system.The three environment
subsystems are the POSIX, OS/2, and Win32 subsystems. Applications and
subsystems form a client/server relationship, in which the applications are the clients
and the subsystems are the servers. One of the benefits of this type of architecture is
that you can include support for other types of applications to Windows 2000 simply by
adding subsystems.

All this services, application and subsystem is sent to NTDLL.dll. Before sending to
kernel. ntdll.dll is a system process that is needed for your PC to work properly. It
should not be removed.The ntdll.dll is an executable file on your computer's hard drive.
This file contains machine code

In the kernel mode, system threads is sent to kernel mode callable interfaces.
System threads is the execution of smallest sequence of programmed instructions that
can be manage independently by a scheduler, which is part of os.
System service dispatcher accepts all the execution from the user mode and distribute it
to other functions of the kernel. It passes through kernel mode callable interfaces which
are local procedure call, configuration manager(registry), processes and threads, virtual
memory, security reference monitor, power manager, plug and play manager, object
manager, file system cache and I/O Manager that send it to the device and file system
drivers and control by the kernel and interact with hardware devices using HAL or
hardware abstraction layer.
Local procedure call is a set of programming interfaces for high speed message
passing.
Configuration Manager it is the registry or preserved the state of a process from one
session to the next.
A thread is a path of execution within a process. A process can contain multiple threads.
The primary difference is that threads within the same process run in a shared memory
space, while processes run in separate memory spaces.
Virtual memory it is exist as main storage.
Security Reference Monitor is a secure, always-used and fully-testable module that
controls all software access to data objects or devices. The reference monitor verifies
the nature of the request against a table of allowable access types for each process on
the system.
Power management is a feature that turns off the power or switches system's
components to a low-power state when inactive.
Plug and Play Manager it just notifies the user if there is a new hardware or software is
present and must be installed.
Having the kernel mode and user mode in an OS is also for the protection of the
hardware. It’s like keeping your loaded gun away from people who don’t know how to
handle guns. You don’t want normal users’ code directly to the hardware. If you do, they
can cause major damage to the whole system. By keeping this separation, when your
‘user-mode’ programs crash, the damage is isolated just to your user-space.