Windows Internals - Guide for beginners

-



Windows Internal a complete guide for beginners who wants to know how windows work.

Windows Architecture shows how the Windows OS is internally structured and how major components interact with each other.

Windows flow a layered architecture which is divide into two layers, user mode or kernel mode.

What is user mode?

User Mode is where normal applications run like Word, Chrome, or Photoshop, they run in User Mode. These applications do not directly access hardware for safety reasons. There is Win32 API / Subsystem which provides an interface for user programs to interact with the operating system. Then Environment Subsystems which Support multiple operating system environments such as Windows API, POSIX, and OS/2.

For example: you open the Calculator, it runs in User Mode, for perform tasks, it sends requests to the kernel for execution.

What is kernel mode?

Kernel Mode is the core of Windows, where the components like the kernel, device drivers, and memory manager operate and also responsible for controlling hardware and low-level system resources. Kernel Mode has full access to hardware and memory.

Kernel that Handles core functions like CPU scheduling and thread management, Includes the Memory Manager, Process Manager, and I/O Manager.

Device Drivers Control hardware devices like printers and graphics cards on the other hand Hardware Abstraction Layer (HAL) Acts as a bridge between the operating system and the hardware.

For example: When you save a file, the input/output Manager in Kernel Mode sends write commands to the disk.

Processes & Threads

A process is an instance of a running program. When you open an application like a browser or text editor or any kind of application, Windows creates a process for it.each process has its own independent virtual memory space and system resources.

A process contains:

Program code, Data variable, allocated memory, System resources.

The operating system maintains a Process Control Block (PCB) for every process.

Which stores important information such like:

·       Process ID (PID).

·       Current state (running, waiting, terminated).

·       CPU scheduling information.

·       Memory usage details.

Each process has its own memory, one process cannot directly access another process’s memory, which improves system stability and security.

Meanwhile

A thread is a unit of execution inside a process, a single process contain one or more thread. They are the smallest units of execution and are responsible for actually performing tasks. The OS divides the work into multiple threads to improve performance and responsiveness.

Threads share the same memory and resources of their parent process, each thread has its own program counter, stack, and registers.

Because threads share memory, they are faster to create and switch than processes.

Memory Management

Memory management is one of the important part of Windows operating system.it responsible for usage of RAM and ensure performance, stability and security. It controls and memory of each process, and give them memory according there needs

Virtual Memory

Windows uses virtual memory which makes each process its own space

1. Every process thinks it has a large, continuous block of memory

2. Those memory is virtual, not physical present in RAM

Memory management also protect processes to do not disturb each to others memory

Paging

Windows uses paging to move data between RAM and disk, if RAM is getting full windows temporarily moves less-used data to disk (page file).

Heap and Stack

Inside a process memory is organized into stack and heap.

Stack Used for function calls and local variables. When function is call, local variables placed on stack and removes when the function finished.

Heap is used for dynamic memory allocation, if a program, allocates a large array or objects at runtime, it is stored in the heap.

Input/output Management

Input/output (I/O) Management are responsible to handle the connection between operating system and hardware devices include:

·       Keyboard

·       Mouse

·       Printer

·       Files and disks

·       Network cards

·       USB devices

·       Network devices

The input/output manager acts as a layer between application and hardware devices. Windows manages I/O in structured way that applications do not need to deal directly with hardware.

Applications are not directly connect to hardware, everything done through the I/O Manager.

Device Drivers

Windows uses device drivers to interact with hardware.it is a special program that know how to communicate with specific hardware. Drivers translate OS commands into hardware-specific instructions.

HAL (Hardware Abstraction Layer)

HAL provides a hardware independent interface. It Allows Windows to run on different hardware platforms or Hides hardware differences from the OS

Security Subsystem

Security Subsystem in Windows is used to protect the user and system data. It is responsible for user authentication & permissions and access controls.

It ensures that only authorized users can access system resources.

Components:

User Authentication & Permissions

Whenever a user logs in pc the Windows verifies the user identity and assigns permissions based on their role like they are standard user or administrator.

Access Tokens

An Access Token defines your place in the system. Involve User identity, Group memberships, Privileges and rights.

Security Reference Monitor (SRM)

The Security Reference Monitor (SRM) is the core component that check access tokens, also compare permissions with requested resources

Audit & Event Logs

Windows keeps track of all the security activities with the help of Audit Logs and Event Logs. They record Login attempts, Permission failures, and Security violations.

Windows Registry

The Windows Registry is a centralized database that stores configuration settings for the operating system and installed applications. Windows operating system uses the registry to quickly read and apply system and application configurations.

When you install any software and change systems settings, windows updates the registry, Registry is organize into hierarchical structure like folders or subfolders for example:

 

HKEY_LOCAL_MACHINE (HKLM)

  Stores system-wide settings of hardware, drivers, and installed software.

 

HKEY_CURRENT_USER (HKCU)

  Stores settings specific to the currently logged-in user.

 

HKEY_CLASSES_ROOT (HKCR)

  Stores file associations or object linking information.

 

HKEY_USERS (HKU)

  Contains settings for all user profiles on the computer system.

Win32 Subsystem and GUI

The Win32 Subsystem provides the core application programming interface (API) and allows programs to create window and interact with the graphical user interface (GUI).

It acts as bridge between user applications and the Windows operating system.

Win32 Subsystem

It handle Window creation and management also performing tasks like Message handling and event processing, Applications use the Win32 API to request the services instead of directly interacting with the kernel.

Graphical User Interface (GUI)

GUI have elements like windows, buttons, menus, and icons. These elements are created and controlled with the help of Win32 Subsystem.

 

Hardware Abstraction Layer (HAL)

The Hardware Abstraction Layer (HAL) acts as bridge between OS and physical hardware. It hides hardware specific details from the operating system. It allows

Windows to run on different hardware platforms without any kind of changes, also make the OS portable and flexible.

 

For example, doesn’t matter which processor or motherboard a system uses, the HAL makes sure the kernel communicates with the hardware, By hiding hardware differences, it improves system portability and stability, and also makes driver development much simpler.

 

Interview Questions to remember

 

Define Windows Internals?

Answer:

Windows Internals is the study of the architecture, components, and working of the Windows Operating System. It explains how processes, memory, I/O, and hardware interactions.


Define the two main modes of Windows OS?

Answer:

1. User Mode In user mode no direct access to hardware and Applications and environment subsystems run here.

2. Kernel Mode the Core OS components run here, with full access to hardware and memory.

 

What is a Process and a Thread?

Answer:

Process: A running instance of a program, with its own memory and resources.

Thread: A unit of execution inside every process which shares the process memory.


What is the role of the Kernel in Windows?

Answer:

The Kernel is the core of the Windows OS. It controls:

·       Process & Thread scheduling

·       Memory allocation

·       I/O operations

·       Security enforcement

 

What is HAL (Hardware Abstraction Layer)?

Answer:

It is a layer between the Windows kernel and the hardware. It abstracts hardware details, allowing Windows to run on different CPUs and devices without changes.

 

What is Windows Registry?

Answer:

 It is central database for system and application configuration.

It Stores settings like installed programs, user preferences, and system policies.


 Explain the flow of How Windows Works.

Answer:

1. User performs an action like click, type or save.

2. Application receives the request from user mode.

3. System Call sends the request to the Kernel.

4. Kernel processes the request CPU, Memory and I/O.

5. Device Drivers & HAL communicate with hardware.

6. Hardware executes the command.

7. Hardware Kernel Application User.

 

What is the difference between User Mode and Kernel Mode crash?

Answer:

User Mode Crash: In this only the application stops and Windows OS stays safe.

Kernel Mode Crash: The entire system stops which occur Blue Screen

 

What is the role of the Win32 Subsystem?

Answer:

It Provides APIs for Windows applications to interact with the OS.

Also Handles GUI, messages, and event processing

 

Why is Windows Internals important?

Answer:

It helps understand system behaviour & architecture. Also Useful for troubleshooting, and security.


YOU MAY ALSO LIKE TO LEARN ABOUT 

Learn more about process & service

Click Here

Also Learn About File System Structure

Click Here

Conclusion

Windows Internals means understanding that the Windows Operating System is not a graphical user interface, it’s a well-organized and highly controlled system that processes every single task in a structured, step-by-step way.

When a user performs a simple task like open an application, saving a file, or typing on the keyboard follows a complete internal mechanism that works. This mechanism ensures that every request send to the hardware safely, securely, and efficiently, and that the result is returned back to the user.

 

Comments

Post a Comment

Popular posts from this blog

BIOS and Booting Process Explained – Complete Guide for Beginner

-
Image
BIOS and Booting Process – Complete and Easy Guide for Beginners Ever wonder what happens inside your computer system when you press the power button? The Answer is ( BIOS and booting process ). BIOS (Basic Input/Output System) is firmware that initializes computer hardware and starts the boot process when you power on your PC.   Today In this article, we will deeply learn about BIOS and the booting process, also how they work together. This is the most informative topic for students who want to learn deeply about the computer system. What is BIOS?    BIOS stands for Basic Input /Output System. BIOS is a type of firmware software that is permanently installed inside a chip on the motherboard of the computer. When we turn on the computer, the very first program that runs is BIOS, not Windows or Linux, which are operating systems. Basically, BIOS acts as a bridge between hardware and software. BIOS first checks all the Computer Hardware Components  before...
Read more

Processes & Services: Complete Guide for Beginners

-
Image
  Processes & services In Operating system – Each & everything you should know We are often listen about process and service, but don’t know what the concept is, so let’s learn it deeply basically these concept are very important that how computer actually works inside. In this blog, we will learn about processes and services in easy or understanding English , so that even a beginner can understand them easily. You must have the basic knowledge about operating systems and programs before learning this topic. What is a program? So first of all we are going to talk about program. A program is a set of instruction given to the computer to perform a specific task, program is stored on Hard disk or SSD. For example user have a chrome browser in pc, Ms Word installed on user’s pc and a calculator in user’s pc, these are all program but they are basically inactive , until user open or run them. A program doesn’t doing anything by itself until user use a program. ...
Read more

What is a Virtual Machine? Complete Guide For Beginners

-
Image
  Virtual Machines Explained – complete Guide for the students, learners who wants to know about virtual machines. Virtual Machines (VM) is a software based computer which runs in a virtual way inside a real computer. For example, you have a computer in which Windows 10 operating system is running, but you want to run multiple operating systems inside that computer, then you use virtual machines concept, which helps you to run multiple operating system within your Computer Virtual machines (VM) have its own CPU, RAM, Hard disk, network and operating system. For example : • Running Linux along with Windows on a laptop running Windows. • Running Windows, Linux, or macOS simultaneously on a single PC   Invention of virtual machines In 1960s-70 when computers was too expensive, singe computer was used for a single work, which is a burden for CPU resources, then the need of virtual machines occur. Because people wants to run multiple works at a single time, multiple...
Read more