Operating systems - Introduction

Recommended reading:
Yosifovich, Paul – Ionescu, Alex – Russinovich, Mark E. – Solomon, David A.:
Windows Internals. 7th ed. Part 1. System architecture, processes, threads, memory management, and more. Pearson Education, 2017.

Micskei Zoltán: The Windows operating system. Budapest: Budapest University of Technology and Economics, 2014.
Overview of Windows Components (2024-03-26)
Wikipedia, selected entries. (2024-03-04)

The main components of the Windows operating system:

Windows NT operating system family's architecture

Windows NT operating system family's architecture

software (sw) layers

main sw layers in an IBM PC or Wintel-compatible computer [Wintel refers to the partnership of Microsoft Windows and Intel producing personal computers using Intel x86 (or x64) compatible processors running Microsoft Windows]

The terms layer and interface, as well as client and service describe interaction between software components in an abstract way.
Each layer provides an interface for the higher (i.e. more abstract) layer in a form of services implementing basic functions of the layer. So the higher layer can use the services through the interface in a standardized way without having to know the details of the implementation.
Sometimes the higher layer is called a client, and the lower layer that provides services (i.e. callable routines, functions, methods, objects etc.) for the client is called a server. The communication mechanism between them (called inter-process communication or IPC) is provided by the OS in order to manage shared data.
There are different approaches of IPC (e.g. through data records or files, shared memory buffers, pipes, message passing or LPC, message queues or mailboxes etc.).

further reading:
Wikipedia: IBM PC compatible
Wikipedia: Wintel
Wikipedia: Inter-process communication Wikipedia: Utility software

firmware (fw)

further reading:
Wikipedia: Firmware

BIOS (basic input-output system)

further reading:
Wikipedia: BIOS

UEFI (Unified Extensible Firmware Interface)

further reading:
Wikipedia: UEFI


there are different kernel architecture designs

further reading:
Wikipedia: Kernel

Windows API (Application Programming Interface)

The Windows API provides core services to build desktop and server apps that can run successfully on all versions of MS Windows. The functions provided by the Windows API can be grouped into certain categories. (The functions reside in one or more corresponding DLL files in the \Windows\System32 folder.)

further reading:
Wikipedia: Windows API

.NET Framework

The .NET Framework (pronounced as "dot net") is a proprietary software framework developed by Microsoft that runs primarily on Microsoft Windows. The .NET ("dot net") is a free and open-source managed computer software framework for Windows, Linux, and macOS operating systems.

Both platforms provide various services (user interface, data access, database connectivity, cryptography, web application development, numeric algorithms, network communications etc.) for application program developers to build desktop, web, and mobile apps in a software environment that can be implemented and run on any OS.

further reading:
Wikipedia: .NET Framework
Wikipedia: .NET
Microsoft: What is .NET Framework?
Microsoft: What is .NET?

processes and threads

In general, a program is a static sequence of instructions, whereas a process is a container for a set of resources used when executing the program. When a client (a program or one of its processes) needs a particular resource, the corresponding process will serve the requested resource for the client by its promptly created instance or thread.

A program (or process) can create one or more processes each of which can also be a parent of one or more child processes. In this way the parent-child relationships between the processes form a tree hierarchy where each child process points to its parent process. (In case a parent process is deployed, its child processes will be called orphans.)

A thread is an instance of a process which can be executed. Multiple threads can run concurrently. There should normally be at least one thread for each running process, and a process can host many threads.

The requests for particular resources by the running program can be sent either by direct procedure calls of the corresponding function of the server process or by IPC sending a signal to the kernel which activates the interrupt mechanism of the OS (and switches from the client program or thread into the server process).

The tasks (i.e. the apps, the background processes, and the system processes including their threads) that are actually running on the computer can be explored by the Task Manager. Some noteworthy information provided by the Task Manager are as follows:

Note that the parent and child processes may form a process tree but the Task Manager does not show the parent-child relationships between processes. Instead, we can use the Process Explorer from Sysinternals, or the tlist /t command from the Windows SDK.

further reading:
Wikipedia: Thread (computing)
Microsoft: Process Explorer

system processes

further reading:
Medium: Windows System Processes –
– An Overview for Blue Teams by Nasreddine Bencherchali
Wikipedia: Client/Server Runtime Subsystem

GUI (graphical user interface; Windows)

further reading:
Wikipedia: Windows shell

Boda István, 2024.