读windows internals笔记(一)
os模型
在大多数的多用户os中,应用程序运行在用户模式下(user mode),in other words,application can't access to hardware and system data directly,当在用户模式下运行的application 需要调用系统服务时,处理器执行一个trap指令把调用线程转到内核模式(kernel mode)。当系统服务执行完毕,操作系统把线程上下文信息返回到用户模式使调用线程继续执行;
在windows 内核模式下的组件汲取了基本面向对象的设计精神;例如:这些组件不允许直接深入到数据结构内部去访问结构的状态信息,而是通过正常的接口来向结构传递参数,访问以及修改结构的数据信息;
尽管windows普遍采用对象来描述系统共享资源,但是windows并不是一个真正意义上的面向对象的操作系统,为了好的可移植性windows的大部分代码是用c语言书写的,c语言并不直接支持例如类型继承,多态等面向对象机制。在windows中基于c实现的对象借鉴了面向对象语言的特征;
Architecture Overview
下面这幅图简要的描述了windows系统架构的主要组成;
如上图把windows分为用户模式和内核模式两部分
notice the "Subsystem DLLs" box below the "Service processes" and "User applications" boxes. 在windows中,应用程序不能直接调用系统服务,而是通过一个或者多个子系统动态链接库调用系统服务,子系统动态链接库把documented function 转换为适当的windows内核服务调用
The kernel-mode components of Windows include the following:
-
The Windows executive contains the base operating system services, such as memory management, process and thread management, security, I/O, networking, and interprocess communication.
-
The Windows kernel consists of low-level operating system functions, such as thread scheduling, interrupt and exception dispatching, and multiprocessor synchronization. It also provides a set of routines and basic objects that the rest of the executive uses to implement higher-level constructs.
-
Device drivers include both hardware device drivers that translate user I/O function calls into specific hardware device I/O requests as well as file system and network drivers.
-
The hardware abstraction layer (HAL) is a layer of code that isolates the kernel, device drivers, and the rest of the Windows executive from platform-specific hardware differences (such as differences between motherboards).
-
The windowing and graphics system implements the graphical user interface (GUI) functions (better known as the Windows USER and GDI functions), such as dealing with windows, user interface controls, and drawing.
