Talk:Architecture of Windows NT

From Wikipedia, the free encyclopedia

Featured article star Architecture of Windows NT is a featured article; it (or a previous version of it) has been identified as one of the best articles produced by the Wikipedia community. If you can update or improve it, please do.
This article is part of WikiProject Microsoft Windows, a WikiProject devoted to maintaining and improving the informative value and quality of Wikipedia's many Microsoft Windows articles.
This article has been selected for Version 0.5 and the next release version of Wikipedia. This Engtech article has been rated FA-Class on the assessment scale.

Note that this was taken from Windows 2000. Any issues, blame me, not Mav :-) - Ta bu shi da yu 05:36, 26 May 2005 (UTC)

Contents

[edit] Microkernel

Win2k (and all versions of windows AFAIK) are NOT microkernel based operating systems. According to Windows Internals 4th ed: "Windows isn't a microkernel-based operating system in the classic definition of microkernels, where the principal operating system components ... run as separate processes in their own private address space". Windows Internals is written by Mark Russinovich and David Solomon (and considered to be authoritative). I'm going to try to reword the article, and perhaps expand on the issue at a later time. Consider the fact that the filesystem and much of GDI runs in kernel-mode.Timbatron 17:48, 7 November 2005 (UTC)

Those things run in Ring 0 with the kernel, but they aren't part of the kernel. NTOS certainly isn't monolithic either. Careful with the re-wording. SchmuckyTheCat 00:40, 8 November 2005 (UTC)
Ok, good point. It's not completely monolithic, but it certainly isn't microkernel either. I'm still contemplating how the best way is to word it. I think I'm going to write a brief section "Monolithic vs. Microkernel", and change the use of "microkernel" to "kernel", since this is the wording that Russinovich uses. Timbatron 16:13, 8 November 2005 (UTC)
As the current wording states hybrid and microkernel, and there is no disagreement to the above written some time ago, I will now make the change, tentatively. I have also proposed a change to the hybrid kernel page, and diagram, which are all inconsistent to say the least. --Widefox 19:09, 22 July 2006 (UTC)
I briefly explained the concept in the "kernel" section, hope that clears it up. Basically, what is called "kernel" is the microkernel, and the "executive" subsystems are what in a proper microkernel would be user-mode processes, communicating through the never-implemented "channel" objects. It's clear that the microkernel design was scrapped very early, before any development, but its overall shape and vestigial remains are visible everywhere --KJK::Hyperion 10:16, 21 December 2006 (UTC)

[edit] Privilege levels

Does the kernel mode take up 3 privilege levels of the μp?  =Nichalp (Talk)= 13:32, Jun 5, 2005 (UTC)

Not rightly sure. I found the following article, which states that:
X86_SELECTOR represents a 16-bit segment selector, as stored in the segment registers CS, DS, ES, FS, GS, and SS. In Figure 1, selectors are depicted as the upper-third of a logical 48-bit address, serving as an index into a descriptor table. For computational convenience, the 16-bit selector value is extended to 32-bits, with the upper half marked "reserved". Note that the X86_SELECTOR structure is a union of two structures. The first one specifies the selector value as a packed 16-bit WORD named wValue, while the second breaks it up into bit-fields. The RPL field specifies the Requested Privilege Level, which is either 0 (kernel-mode) or 3 (user-mode) on Windows 2000. The TI bit switches between the Global and Local Descriptor Tables (GDT/LDT).
Furthermore, I found the following site (specific to I/O ports) that states:
Under Windows NT, there are only two I/O privilege levels used, level 0 & level 3. Usermode programs will run in privilege level 3, while device drivers and the kernel will run in privilege level 0, commonly referred to as ring 0. This allows the trusted operating system and drivers running in kernel mode to access the ports, while preventing less trusted usermode processes from touching the I/O ports and causing conflicts. All usermode programs should talk to a device driver which arbitrates access.
HTH. - Ta bu shi da yu 02:42, 6 Jun 2005 (UTC)
Thanks for the info. Could you see to it that it is included in the text?  =Nichalp (Talk)= 07:28, Jun 6, 2005 (UTC)
Will see what I can do. - Ta bu shi da yu 08:03, 6 Jun 2005 (UTC)
Sorry this is taking so long... very busy and don't use the Internet at home. - Ta bu shi da yu 05:07, 15 Jun 2005 (UTC)

[edit] Move to Architecture of Windows NT

I propose that this article is moved to Architecture of Windows NT, as it applies equally well to NT and XP as to 2000 and Windows NT is often used to refer to any one of NT/2K/XP. --R.Koot 22:48, 20 November 2005 (UTC)

  • Support. --R.Koot 22:48, 20 November 2005 (UTC)

I second that -- in common usage, "NT" refers to the whole family from NT 3.1 through Windows 2000, XP, and Server 2003. Similarly, 9x usually refers to non-NT releases of Windows -- Windows 95, Windows 98, and Windows ME.

As for the privilege level question, NT uses only two privileges today -- user mode and kernel mode. On the x86 family of processors, those modes use code privilege level (sometimes called "ring") 3 and CPL 0 respectively.

In that case, may I suggest that we move it to Architecture of the Windows NT operating system line? There are some things here that are specific to Windows 2000, like layered file system drivers. - Ta bu shi da yu 07:57, 25 November 2005 (UTC)
It's a bit long, but I wouldn't object. Specific changes made in 2000 or XP could also be mentioned here. Great article btw. —R. Koot 13:54, 25 November 2005 (UTC)
Thanks! - Ta bu shi da yu 02:16, 8 December 2005 (UTC)
Actually, it should just be "Architecture of Microsoft Windows". WinNT is a historical product and few people use NT to refer to Windows since 2000. Wikipedia uses common names and NT isn't. Win9x and Win3x are historical and a dab link to point to their architectures would do fine. SchmuckyTheCat 20:41, 25 November 2005 (UTC)
I entirely do not agree with that, to say it without using many words. —R. Koot 17:27, 27 November 2005 (UTC)
Agree with R. Koot. Windows 95/9x use an entirely different architecture, to say otherwise would be misleading. - Ta bu shi da yu 02:25, 8 December 2005 (UTC)

[edit] Move to Architecture of Microsoft Windows

[edit] Move to NT-based Architecture and merge of NT-based

[edit] Move to NT-based operating systems and merge of NT-based

I think there is a big problem with the new name "Architecture of Windows NT". It is factually incorrect, due to the whole line being discussed, and worse than that in software terms, it sounds obsolete. The discussion above did *not* reach consensus, and I like the others have no easy answer: Bad names:

  • "Architecture of recent Microsoft Windows" seems limp, as do
  • "Architecture of modern Microsoft Windows" also
  • "Architecture of contemporary Microsoft Windows" so do
  • "Architecture of Microsoft Windows NT and later" not pretty.
  • "Architecture of Windows 2000" (original title)
  • "Architecture of NT-based operating systems" - long
  • "NT-based operating system"

Luckily, now that W98 will be is unsupported 2007 Q3 2006, that leaves the obvious:

  • "Architecture of Microsoft Windows" (used with caveats - not applying to W98/95/3) is best. Widefox 01:08, 30 October 2006 (UTC) Support Widefox 01:11, 30 October 2006 (UTC)
  • "NT-based Architecture" (see article NT-based, which I propose is merged into this article) Support Widefox 23:13, 31 October 2006 (UTC)
  • "NT-based operating system" (and merge of NT-based into this article)

Support Widefox 17:56, 1 November 2006 (UTC)

Actually, 98SE/ME dropped off this year or last. Win2K is unsupported as of last summer as well, except for the occasional security update. I would actually have suggested "Architecture of the Windows NT product line" if anyone has information on WinNT 3/3.51, then 4, 2000 (which was developed as 5.0), XP (5.1) and Server '03 (5.2). --JohnDBuell 01:22, 30 October 2006 (UTC)
(W98 July 11, 2006) Widefox 15:00, 30 October 2006 (UTC)
"Windows NT" and "Windows NT operating system line" are exactly the same, aren't they? I mean, there is no "Windows NT" other than it being a line of operating systems. Wikipedia doesn't have "operating system" in any article names unless it's a disambiguation. -/- Warren 01:38, 30 October 2006 (UTC)
If I'm understanding the past discussions correctly, the point is that the article applies to NT 3.x and all later versions, not JUST the versions that were called "Windows NT". --JohnDBuell 01:46, 30 October 2006 (UTC)
"Windows NT operating system line" is something different. NTOS is an architectural foundation of many Microsoft products, like the Xbox, that have nothing to do with Windows (or this article). A title without NT is better off as the NTOS part of current Windows is deprecated (in marketing and common usage) going on 7 years. It's there because Microsoft has managed to consolidate so many code-bases but nobody still calls it "NT". This article doesn't need to worry about Win9x (dead) anymore than it needs to worry about Windows Mobile. An architecture article on Win9x or WinCE may be useful, but not confused with the mainstay desktop OS. SchmuckyTheCat 04:03, 30 October 2006 (UTC)
Hi, I was the one who moved the page a few days ago. I thought that User:JohnDBuell was giving me the impression that he thought the current title would be a good one; apparently I misunderstood what he was saying. I don't mind what the title ends up as. Thanks. Andrew Levine 04:24, 30 October 2006 (UTC)
No, I wasn't. I was under the impression that one of your objections to a current FAC had to do with long article names, and pointed out this FA as having had one. Please don't post misleading information and attribute it to me. Any further discussion of this should be between Andrew and myself, and not on article talk pages. Thanks! --JohnDBuell 18:48, 30 October 2006 (UTC)
This article was originally called Architecture of Windows 2000. Perhaps that's what it should be called? If you read through the contents of the article (ignoring the first couple of sentences), that's precisely what it describes. I'm not happy with calling it "Architecture of Windows NT" either, because there's information in here that doesn't apply to NT 3, 3.5, 4, or 6. It'd also need some work to effectively cover 5.1 and 5.2 (the OS/2 and POSIX subsystems aren't included by default in 5.1 and later, e.g.). We might be better off creating separate articles for the architectural details of major versions of Windows; Vista has a lot of new details in it that would really weigh down this article if we tried to integrate them in. Likewise if we tried to separate out the new stuff in Windows 2000 from NT 4. -/- Warren 05:58, 30 October 2006 (UTC)
Please vote for name above, the caveats can cover all concerns above. Call me a pragmatist, but if we have maintenance issues with the 1 article, more will be worse. If I remember correctly, Vista information is in the article, and more should be added to keep it alive. If it gets too big, sure then split. Please compare with the situation at Netscape#Browser Netscape (web browser) . I think it's best to avoid that, just by having the evolution in the article. Widefox 15:00, 30 October 2006 (UTC)

Widefox: How about "Architecture of NT-based operating systems"? I'd really prefer to keep the "Aspect of subject" style of naming we've been using in most other Microsoft articles. -/- Warren 05:27, 1 November 2006 (UTC)

bit long - what about the compromise above - if we are merging NT-based, we should drop the Architecture and then everyone might be happy... Widefox 17:56, 1 November 2006 (UTC)
the article NT-Based should just be deleted as unsourced. NT should not be in the title unless you plan on including things like the xbox kernel. The subject matter here is the mainstream Windows architecture and it's evolution, not the myriad other msft projects that take the kernel and build something new. NT was the name of the OS in the past, now it's the name of an internal piece of the OS. It shouldn't be in the title. SchmuckyTheCat 19:28, 1 November 2006 (UTC)
Just calling it "Windows architecture" would be an extremely bad idea. There have been several distinct Windows architectures, only one of which is built on the NT kernel. Never mind this hooie about what the "mainstream" kernel in use today is; that's not important. The naming should accurately reflect what the article describes, and right now that's the kernel & executive architecture of Windows 2000 -- nothing older, and nothing newer. If nobody disagrees with this point, I'll rename the article to "Architecture of Windows 2000", and anybody who wants to expand the article to include other versions of Windows can make the effort to do so, and rename the article at that time. -/- Warren 20:11, 1 November 2006 (UTC)
I strongly disagree with this name. I originally called it that, but this article encompasses the NT-line products. - Ta bu shi da yu 00:40, 21 November 2006 (UTC)
I don't agree at all. I believe wikipedia wants the articles to remain contemporary. Being as there is no other architecture article, it must evolve. The desire to have a W2K article is understandable (especially due to the current state of this article), but results in no current article. The alternative is to make a split at this point, and concentrate on the new article, but it involves more work. Widefox 23:56, 1 November 2006 (UTC)

[edit] ReactOS

It might be worth while mentioning ReactOS as it is attempting to reimplement the NT architecture.

[edit] Vulnerabilities

On November 16, 2006 Microsft announced that there was an vulnerability in the workstation service and that exploit code had been created to attack vulnerable machines.[1]Cite error 4; Invalid <ref> tag; refs with no name must have content

- Ta bu shi da yu 00:39, 21 November 2006 (UTC)

off topic --KJK::Hyperion 10:07, 21 December 2006 (UTC)

[edit] Why are there multiple HALs for the same platform?

See[1]. I understand that different drivers would be needed for ACPI or non-ACPI systems, but why is it so fundamental that they need a different HAL? Grouse 15:47, 8 December 2006 (UTC)

To give you an example I'm familiar with, when ReactOS was ported to the Xbox, exactly three things needed porting: the boot loader, the VFAT driver, and the HAL. The Xbox HAL did three things differently from the standard x86 HAL: it reimplemented basic video output (think BSOD), it parsed the non-standard partition table and it blacklisted a PCI device that would crash the machine upon access. There is no value in detecting such differences at runtime, as it has to be done exactly once, very early, so there is no value in putting all functionality at once in an universal HAL - in fact, adding another layer of indirection could slow things down. Instead, what is done in peculiar environments such as installation/recovery CDs is using a special boot loader that scans the hardware and determines the correct combination of kernel+HAL to load --KJK::Hyperion 10:32, 21 December 2006 (UTC)

[edit] Removed from HAL section

As irrelevant and outdated:

Windows 2000 was designed to support the 64-bit DEC Alpha. After Compaq announced they would discontinue support of the processor, Microsoft stopped releasing tests build of Windows 2000 for AXP to the public, stopping with beta 3. Development of Windows on the Alpha continued internally in order to continue to have a 64-bit architecture development model ready until the wider availability of the Intel Itanium IA-64 architecture. The HAL now only supports hardware that is compatible with the Intel x86 architecture.

Preserved here because the information is factual and could be used elsewhere --KJK::Hyperion 10:07, 21 December 2006 (UTC)

[edit] POV concerns

Recent edits introduce phrases like "blah-blah-blah is a kludge which...." This is clearly POV. You may be right ... but the article needs to be unbiased, balanced, and without any sermonizing or judgement. Please have a cuppa tea and find more neutral ways to describe the details. If you can describe what's good and bad about the design, the user can draw his/her own conclusions. David Spalding (  ) 02:41, 26 December 2006 (UTC)

Ain't that great, I've finally fallen victim to Wikipedia tagsoup nazism. No worries kind mister, I'll reword faster than you could type "WP:OR" --KJK::Hyperion 00:53, 29 December 2006 (UTC)

[edit] How I will make this article better

The current structure isn't that great. The division between kernel and user mode components feels very artificial to me, as several kernel-mode components depend (for "everyday use") from user-mode components, and certain subsystems (like Win32) are divided between user mode and kernel mode more out of practical concerns (read: security) than by design. Also, Win32 has its own, parallel architecture, and the rest of the system can and does live fine without it.

In general, the article doesn't do justice to Windows NT's unique architecture and philosophy - no mention of features, like callbacks, that would make UNIX-heads' hair curl, turn gray and then fall. The article fails to bite.

So I will, sooner or later, reorganize it in a better structure, that makes the article less about "architecture" (actually more than it is now) and more about "philosophy":

  • Core architecture
  • Kernel general info + breakdown by primitive
  • Executive breakdown by subsystem
  • Balance set manager
  • Hardware Abstraction Layer (HAL)
  • Structured Exception Handling (SEH)
  • Runtime Library (RTL)
  • Loader (LDR)
  • Interfacing user mode and kernel mode
  • System services
  • Callbacks
  • User-mode Asynchronous Procedure Calls (APCs)
  • Thread Environment Block (TEB) and Process Environment Block (PEB)
  • NT Layer DLL (ntdll)
  • Special LPC ports
  • Special objects
  • Process management what is a process, how processes are started, jobs, etc.
  • Thread scheduling algorithms, priorities, boosting, idle threads, real-time scheduling, etc.
  • Security model and architecture
  • Security model SDs, tokens, access control, privileges, MIC, etc.
  • Auditing
  • Local Security Authority (LSA) Subsystem (LSASS) logon sessions, SSPs, APs, etc.
  • Security Support Provider Interface (SSPI)
  • Kernel Security Device Driver (KSecDD)
  • winlogon omitted intentionally because it's part of Win32
  • Networking
  • Network Driver Interface Specification (NDIS)
  • Transport Device Interface (TDI)
  • Winsock Ancillary Function Driver (AFD)
  • also an overly complex architecture to control protocol bindings whose name escapes me now
  • Device drivers
  • Architecture DriverEntry, Dispatch, Unload, DOs, FOs, etc.
  • PnP support AddDevice, StartIo, etc.
  • Windows Driver Model (WDM)
  • Driver Verifier
  • lots more - NDIS, HID, WIA, KS, bus support, etc. - probably too much, in fact
  • Filesystem drivers
  • Architecture FCBs, CCBs, VCBs, etc.
  • Filesystem Runtime Library (FSRTL)
  • Multiple UNC Provider (MUP)
  • Plug and Play (PnP) I'm no expert, sadly
  • Windows Management Infrastructure (WMI)
  • Interoperability services
  • NT Virtual DOS Machine (NTVDM)
  • POSIX support
  • OS/2 support
  • Windows on Win64 (WOW64)
  • Windows x86 emulation (WX86) if I can find enough information, it's an Alpha thing
  • Debugging services
  • Debugging Kernel & Debugging Subsystem
  • Kernel Debugger
  • Bugchecking and dumping
  • Boot environment
  • OS Loader (NTLDR)
  • System startup

--KJK::Hyperion 04:07, 29 December 2006 (UTC)

On a second look, that looks like it would make for a bloody long article. Bravo to me if I can pull it off without going "War and Peace" --KJK::Hyperion 04:14, 29 December 2006 (UTC)
We have a variety of articles floating around that cover several of the areas you've listed here. Windows Management Instrumentation, NTVDM, Windows NT Startup Process, WOW64, NDIS, Local Security Authority Subsystem Service, Security Support Provider, and so on. If anything, this article should briefly summarise how these components fit into the bigger picture, reserving the deeper details for the articles themselves. Also, be aware that the text that's here now really only describes the architecture of Windows 2000, not what came before or after it. While that makes the article interesting and relevant for people interested in that particular piece of Windows history, it means we aren't covering the present very well -- NT6 is quite a bit different than NT5 in many areas, and apart from Features new to Windows Vista and a few other areas like Kernel Transaction Manager, we've done nothing to address that yet. -/- Warren 04:28, 29 December 2006 (UTC)
Agree on the "bigger picture". With regards to NT 6, no, it didn't change the architecture significantly. All existing applications and all existing drivers (except those based on deprecated bus/class/port drivers) still work, all assumptions still hold. I/O is still packet-driven, the cache is still based on memory-mapping, the scheduler is still a RR thread scheduler, etc. --KJK::Hyperion 03:20, 31 December 2006 (UTC)