Windows Architecture
The Windows operating system is built on a layered architecture that separates core system services from user-facing components. This design promotes stability, security, and extensibility.
System Architecture Overview
At a high level, Windows consists of three primary layers:
- Hardware Abstraction Layer (HAL) – abstracts hardware specifics.
- Kernel – manages low-level tasks such as process scheduling, memory, and I/O.
- Subsystems & User Mode – provides APIs and environments for applications.
Kernel Mode vs User Mode
Windows separates execution contexts into two modes:
| Kernel Mode | User Mode |
|---|---|
| Full access to hardware and memory. | Restricted access; runs application code. |
| Runs in Ring 0 on x86. | Runs in Ring 3. |
Subsystems
Subsystems expose the kernel's capabilities to different programming models:
- Win32 API – classic desktop applications.
- NT Native API – low‑level system components.
- POSIX subsystem – legacy UNIX compatibility.
Process and Thread Model
Each process has its own virtual address space, while threads share this space and execute concurrently.
void CreateSimpleThread()
{
HANDLE hThread = CreateThread(
NULL, 0,
[](LPVOID) -> DWORD { /* work */ return 0; },
NULL, 0, NULL);
WaitForSingleObject(hThread, INFINITE);
CloseHandle(hThread);
}
Memory Management
Windows uses a paging system with a configurable page size (usually 4 KB). The memory manager handles virtual memory, working sets, and the page file.
Security Architecture
Key security components include:
- Access Control Lists (ACLs) – define permissions.
- User Account Control (UAC) – mitigates privilege escalation.
- Windows Defender – integrated anti‑malware.
Future Directions
Microsoft continues to evolve Windows with a focus on:
- Containerization and virtualization.
- Enhanced hardware acceleration.
- Improved security through virtualization‑based security (VBS).