Every device needs an Operating System (OS) to function. Think of it as the soul of your device. And while most people don’t need to know what’s behind the surface, hackers surely do. So, let’s discover how a Windows OS works and what makes it unique.
What is an Operating System?
You can think of the OS as your device’s manager. It acts as an intermediary between the physical hardware and the software applications you want to run. It also manages the device’s resources, such as the CPU, memory, storage, and the Input/Output devices attached to it. It also provides a user interface (UI) that interacts with the device.
Examples of Operating Systems
There are several types of Operating Systems, depending on what kind of device you’re using. Below are some common examples:
The Windows Operating System
Microsoft developed the Windows Operating System, which is widely used in most private and government organizations. There are several versions of Windows OS, which can be summarized in the table below:
| MS-DOS based and 9x Windows OS Versions | NT-Kernel-Based Windows OS Versions | |
|---|---|---|
| For PC | For Server | |
| MS-DOS 1.0 | Windows NT 3.1 | Windows Server 2003 |
| MS-DOS 2.0 | Windows NT 3.51 | Windows Server 2003 R2 |
| MS-DOS 2.1x | Windows NT 3.5 | Windows Server 2008, Windows Home Server |
| MS-DOS 3.0 | Windows NT 4.0 | Windows Server 2008 R2 |
| MS-DOS 3.1x | Windows 2000 | Windows Server 2012 |
| Windows 95 | Windows XP | Windows Server 2012 R2 |
| Windows 98 | Windows XP Professional X64 Edition | Windows Server 2016 |
| Windows 98 SE | Vista | Windows Server 2019 |
| Windows ME | Windows 7 | Windows Server 2022 |
| Windows 8 | ||
| Windows 8.1 | ||
| Windows 10 | ||
| Windows 11 | ||
Windows Architecture
The Windows OS architecture is layered. The processors can work in User Mode or Kernel Mode (or Privileged Mode).
User Mode
Kernel Mode
- This is where user applications and some systems run.
- Processes have restricted access to system resources and hardware. They operatew within heir own private virtual address.
- If an application crashes, it typically doesn't bring down the entire OS.
- This is where the core OS services, the kernel itself, and most device drivers run.
- Code running in Kernel Mode has privileged access to all system memory and hardware.
- It executes critical OS functions like managing memory, scheduling threads, and communicating directly with hardware devices.
- A crash in Kernel Mode is critical and usually results in a system halt.
Here’s a breakdown of the significant components within these modes:
System Support Processes: essential system functions that run as standard user processes (e.g., login process winlogon.exe, session manager smss.exe).
Environment Subsystems: These provide the “personality” or API set that applications target.
User Applications: Any application (.exe) launched by the user.
Service Processes: Background processes hosting Windows Services (e.g., Task Scheduler, Windows Update).
Windows Executive: This forms the upper layer of Kernel Mode and contains the core OS service managers. It’s not a single block but a collection of components.
Windows Kernel (ntoskrnl.exe core): This is the heart of the OS, sitting below the Executive. It handles fundamental low-level functions.
Device Drivers: These are kernel-mode software modules that allow the operating system (specifically the I/O Manager) to communicate with specific hardware devices (graphics cards, network adapters, storage controllers, etc.). They translate generic I/O requests into hardware-specific commands.
Hardware Abstraction Layer (HAL – hal.dll): HAL is the lowest software layer in Kernel Mode. It isolates the Kernel, Executive, and drivers from variations in the underlying hardware platform (motherboard chipset, interrupt controllers, multiprocessor configurations). This makes Windows more portable across different hardware. It provides the basic interface needed to control the hardware directly.
Windowing and Graphic System (win32k.sys): This crucial part of the Win32 “personality” runs in Kernel Mode to allow efficient graphics rendering and window management.
This layered, modular architecture with strict User/Kernel mode separation allows Windows to be relatively stable, secure (by protecting core components), and adaptable to new hardware (via the HAL and drivers).
