Overview
The Windows Win32 Kernel layer provides the core services that power the operating system, including process management, memory handling, device I/O, and security. It sits just above the hardware abstraction layer (HAL) and below user‑mode subsystems such as Win32 APIs and the Windows Subsystem for Linux.
Key responsibilities:
- Process & Thread Scheduling
- Virtual Memory Management
- Interrupt Handling
- Synchronization Primitives
- System Calls & RPC
Architecture
| Component | Purpose |
|---|---|
| Executive | Higher‑level services (Object Manager, I/O Manager, Security Reference Monitor) |
| Kernel | Low‑level tasks (dispatcher, scheduler, memory manager) |
| HAL | Abstracts hardware differences for portability |
| Device Drivers | Interface with specific hardware devices |
Below is a simplified diagram of the Windows kernel stack:
+----------------------+
| User Mode |
| (Win32 API, Apps) |
+----------------------+
| Executive Services |
+----------------------+
| Kernel |
+----------------------+
| HAL |
+----------------------+
| Physical HW |
+----------------------+
Key Kernel APIs
Developers rarely call kernel APIs directly, but they are essential for driver and system‑level code.
// Example: Creating a kernel event
HANDLE hEvent = CreateEventW(
NULL, // default security
TRUE, // manual‑reset
FALSE, // initially non‑signaled
L"MyEvent"); // name (optional)
// Example: Querying system information
SYSTEM_BASIC_INFORMATION sbi;
ULONG retLen;
NtQuerySystemInformation(
SystemBasicInformation,
&sbi,
sizeof(sbi),
&retLen);