Windows
Like other multiuser OSes, Windows architecture draws a distinction between kernel mode and user mode. When user-mode threads call a system service, a special instruction is executed that switches the calling thread to kernel mode. When the call completes, the thread context is switched back to user mode.
- executive
- The Windows executive contains base OS services like memory management, process and thread management, security, I/O, networking, and IPC
- heterogeneous multi-processing
- A type of SMP-based design where some processor cores have less capability but higher efficiency than others. This allows power consumption to be reduced by allocating appropriate work to slower cores while power managing the faster ones.
- kernel
- The Windows kernel consists of low-level OS functions, like thread scheduling, interrupt, and exception dispatching, and multiprocessor synchronization. It also provides a set of routines and basic objects that the rest of the executive uses to implement higher-level constructs.
- kernel mode
- privileged processor mode with access to system data and hardware
- user mode
- non-privileged processor mode with limited access to system data and no direct access to hardware
Windows core files
- condrv.sys
- Console driver, which spawns conhost.exe
- dwm.exe
- Desktop Window Manager
- ntdll.dll
- Special system support library primarily for the use of subsystem DLLs and native applications (meaning images that are not tied to any particular subsystem)
- ntoskrnl.exe
- contains the Windows executive and kernel
- ssmss.exe
- Session Manager