Windows API

Bits of history MS-DOS graphical layer Windows 2000 as independent system NT (new technology) family

MS-DOS family Windows 1.0 Windows 2.0 Windows 3.x Windows 95

Legacy Up till Windows 98 these systems was 16 and 32 bits hybrids Kernel was the same

Windows NT family Windows NTx Windows 2000 Windows Me Windows XP Windows Server 2003 CE, Mobile, Vista, Server 2008, Phone, 7, 8, RT, 10

Something new New Kernel NT is purely 32 bit system NT family is independent from MS-DOS Windows 2000 as independent new system

HAL.DLL (hardware abstraction layer) Architecture Win32 API NTDLL.DLL WIN32K.SYS NTOSKRNL.EXE HAL.DLL (hardware abstraction layer)

Win32 API (1) kernel32.DLL – equivalent to NTDLL.DLL, but… documented gdi32.DLL – drawing functions user32.DLL – GUI, window technology

Win32 API (2) MSVCRT.DLL stdlib functions WS2_32.DLL Winsock2 library

User mode vs. Kernel mode 0 ring 1 ring 2 ring 3 ring

What is it? Hierarchical protection domains – mechanisms to protect data and functionality from faults and malicious behaviour. Hardware enforced by CPU architecture (microcode level) Special gates between rings

Rings... 0 ring (kernel mode) – full access to resources (Windows kernel). 1 and 2 rings – limited access levels, commonly not used (device drivers). 3 ring (user mode) – restricted access to resources. Link

Virtual Memory Every program runs in its own process Process has its own virtual memory and other resources Virtual memory and real memory dosn‘t match. For example, process can „think“ it is located at address 0x1234567, but in reality address can be 0x65f7a580 Process cannot access memory of another process Inactive memory regions could be paged out (stored in files)

User mode Every process (except system one) runs in user mode Cannot access other program‘s memory other than through API functions Programs cannot intervene with interrupts and context switching

Kernel mode, interrupts and system calls When Windows starts for the first time, Windows Kernel is started, which runs in kernel mode and manages page outs and virtual memory Kernel starts system processes and let them run in user mode. How CPU switches to kernel mode?

Kernel set up interrupt handlers to work with events Processors work is interrupted by events from hardware or software (interrupts) Kernel set up interrupt handlers to work with events When CPU work is interrupted, it switches to kernel mode and executes interrupt handler for that event. This procedure: Saves CPU state Process event Restores CPU state (possibly switching back to user mode) API functions works only in kernel mode

Context switching When a program runs for some time („thread quantum“ or processes „time slice“), OS will context switch to another program: Saving the current program's state (including registers), Figuring out which program to run next, and restoring a different program's state.