|
Ntoskrnl.exe
ntoskrnl.exe (short for Windows NT operating system kernel executable), also known as the kernel image, contains the kernel and executive layers of the Microsoft Windows NT kernel, and is responsible for hardware abstraction, process handling, and memory management. In addition to the kernel and executive layers, it contains the cache manager, security reference monitor, memory manager, scheduler (Dispatcher), and blue screen of death (the prose and portions of the code).Russinovich, MSystems Internals Tips and Trivia ''SysInternals Information'' Overview x86 versions of ntoskrnl.exe depend on bootvid.dll, hal.dll and kdcom.dll (x64 variants of ntoskrnl.exe have these DLLs embedded in the kernel to improve performance). However, it is not a native application thus it is not linked against ntdll.dll. Instead, ntoskrnl.exe has its own entry point "KiSystemStartup" that calls the architecture-independent kernel initialization function. Because it requires a static copy of the ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Native API
The Native API is a lightweight application programming interface (API) used by Windows NT's kernel and user mode applications. This API is used in the early stages of Windows NT startup process, when other components and APIs are still unavailable. Therefore, a few Windows components, such as the Client/Server Runtime Subsystem (CSRSS), are implemented using the Native API. The Native API is also used by subroutines such as those in kernel32.dll that implement the Windows API, the API based on which most of the Windows components are created. Most of the Native API calls are implemented in ntoskrnl.exe and are exposed to user mode by ntdll.dll. The entry point of ntdll.dll is LdrInitializeThunk. Native API calls are handled by the kernel via the System Service Descriptor Table (SSDT). Function groups The Native API comprises many functions. They include C runtime functions that are needed for a very basic C runtime execution, such as strlen(), sprintf(), memcpy() and ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Microsoft Windows Library Files
The Microsoft Windows operating system and Microsoft Windows SDK support a collection of shared libraries that software can use to access the Windows API. This article provides an overview of the core libraries that are included with every modern Windows installation, on top of which most Windows applications are built. Library Sources The Windows operating system contains compiled versions of these libraries known as dynamically-linked libraries ( .dll), which are executable libraries that can be used by multiple programs while only one copy of the library is loaded into memory. These are canonically referred to as system libraries and all programs installed on the system can utilize them. The Windows SDK additionally distributes compiled versions of these libraries known as statically-linked libraries ( .lib), which are non-executable libraries that, in whole or in part, can be embedded into a program when it is compiled. The most common Windows compilers being Micr ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Windows Executive
The architecture of Windows NT, a line of operating systems produced and sold by Microsoft, is a layered design that consists of two main components, user mode and kernel mode. It is a preemptive, reentrant multitasking operating system, which has been designed to work with uniprocessor and symmetrical multiprocessor (SMP)-based computers. To process input/output (I/O) requests, it uses packet-driven I/O, which utilizes I/O request packets (IRPs) and asynchronous I/O. Starting with Windows XP, Microsoft began making 64-bit versions of Windows available; before this, there were only 32-bit versions of these operating systems. Programs and subsystems in user mode are limited in terms of what system resources they have access to, while the kernel mode has unrestricted access to the system memory and external devices. Kernel mode in Windows NT has full access to the hardware and system resources of the computer. The Windows NT kernel is a hybrid kernel; the architecture compris ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
5-level Paging
Intel 5-level paging, referred to simply as ''5-level paging'' in Intel documents, is a processor extension for the x86-64 line of processors. It extends the size of virtual addresses from 48 bits to 57 bits by adding an additional level to x86-64's multilevel page tables, increasing the addressable virtual memory from 256 TiB to 128 PiB. The extension was first implemented in the Ice Lake processors. Technology In the 4-level paging scheme (previously known as IA-32e paging), the 64-bit virtual memory address is divided into five parts. The lowest 12 bits contain the offset within the 4 KiB memory page, and the following 36 bits are evenly divided between the four 9 bit descriptors, each linking to a 64-bit page table entry in a 512-entry page table for each of the four paging levels. This makes it possible to use bits 0 through 47 in the virtual address, for a total of 256 TiB. 5-level paging adds another 9 bit page table descriptor, making it ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Windows NT
Windows NT is a Proprietary software, proprietary Graphical user interface, graphical operating system produced by Microsoft as part of its Windows product line, the first version of which, Windows NT 3.1, was released on July 27, 1993. Originally made for the workstation, office, and Server (computing), server markets, the Windows NT line was made available to consumers with the release of Windows XP in 2001. The underlying technology of Windows NT continues to exist to this day with incremental changes and improvements, with the latest version of Windows based on Windows NT being Windows Server 2025 announced in 2024. The name "Windows NT" originally denoted the major technological advancements that it had introduced to the Windows product line, including eliminating the 16-bit computing, 16-bit memory access limitations of earlier Windows releases such as Windows 3.1 and the Windows 9x series. Each Windows release built on this technology is considered to be based on, if not a ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Hardware Abstraction
Hardware abstractions are sets of routines in software that provide programs with access to hardware resources through programming interfaces. The programming interface allows all devices in a particular class ''C'' of hardware devices to be accessed through identical interfaces even though ''C'' may contain different subclasses of devices that each provide a different hardware interface. Hardware abstractions often allow programmers to write device-independent, high performance applications by providing standard operating system (OS) calls to hardware. The process of abstracting pieces of hardware is often done from the perspective of a CPU. Each type of CPU has a specific instruction set architecture or ISA. The ISA represents the primitive operations of the machine that are available for use by assembly programmers and compiler writers. One of the main functions of a compiler is to allow a programmer to write an algorithm in a high-level language without having to care ab ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Multi-core Processor
A multi-core processor (MCP) is a microprocessor on a single integrated circuit (IC) with two or more separate central processing units (CPUs), called ''cores'' to emphasize their multiplicity (for example, ''dual-core'' or ''quad-core''). Each core reads and executes Instruction set, program instructions, specifically ordinary Instruction set, CPU instructions (such as add, move data, and branch). However, the MCP can run instructions on separate cores at the same time, increasing overall speed for programs that support Multithreading (computer architecture), multithreading or other parallel computing techniques. Manufacturers typically integrate the cores onto a single IC Die (integrated circuit), die, known as a ''chip multiprocessor'' (CMP), or onto multiple dies in a single Chip carrier, chip package. As of 2024, the microprocessors used in almost all new personal computers are multi-core. A multi-core processor implements multiprocessing in a single physical package. Des ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Symmetric Multiprocessing
Symmetric multiprocessing or shared-memory multiprocessing (SMP) involves a multiprocessor computer hardware and software architecture where two or more identical processors are connected to a single, shared main memory, have full access to all input and output devices, and are controlled by a single operating system instance that treats all processors equally, reserving none for special purposes. Most multiprocessor systems today use an SMP architecture. In the case of multi-core processors, the SMP architecture applies to the cores, treating them as separate processors. Professor John D. Kubiatowicz considers traditionally SMP systems to contain processors without caches. Culler and Pal-Singh in their 1998 book "Parallel Computer Architecture: A Hardware/Software Approach" mention: "The term SMP is widely used but causes a bit of confusion. ..The more precise description of what is intended by SMP is a shared memory multiprocessor where the cost of accessing a memory location ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
X86-64
x86-64 (also known as x64, x86_64, AMD64, and Intel 64) is a 64-bit extension of the x86 instruction set architecture, instruction set. It was announced in 1999 and first available in the AMD Opteron family in 2003. It introduces two new operating modes: 64-bit mode and compatibility mode, along with a new four-level paging mechanism. In 64-bit mode, x86-64 supports significantly larger amounts of virtual memory and physical memory compared to its 32-bit computing, 32-bit predecessors, allowing programs to utilize more memory for data storage. The architecture expands the number of general-purpose registers from 8 to 16, all fully general-purpose, and extends their width to 64 bits. Floating-point arithmetic is supported through mandatory SSE2 instructions in 64-bit mode. While the older x87 FPU and MMX registers are still available, they are generally superseded by a set of sixteen 128-bit Processor register, vector registers (XMM registers). Each of these vector registers ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Object Manager (Windows)
Object Manager (internally called Ob) is a subsystem implemented as part of the Windows Executive which manages Windows ''resources''. Resources, which are surfaced as logical ''objects'', each reside in a namespace for categorization. Resources can be physical devices, files or folders on volumes, Registry keys or even running processes. All objects representing resources have an Object Type property and other metadata about the resource. Object Manager is a shared resource, and all subsystems that deal with the resources have to pass through the Object Manager. Architecture Object Manager is the centralized resource broker in the Windows NT line of operating systems, which keeps track of the resources allocated to processes. It is resource-agnostic and can manage any type of resource, including device and file handles. All resources are represented as objects, each belonging to a logical namespace for categorization and having a type that represents the type of the resource, ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Pascal Case
The writing format camel case (sometimes stylized autologically as camelCase or CamelCase, also known as camel caps or more formally as medial capitals) is the practice of writing phrases without spaces or punctuation and with capitalized words. The format indicates the first word starting with either case, then the following words having an initial uppercase letter. Common examples include ''YouTube'', ''PowerPoint'', ''HarperCollins'', ''FedEx'', ''iPhone'', ''eBay'', and ''LaGuardia''. Camel case is often used as a naming convention in computer programming. It is also sometimes used in online usernames such as ''JohnSmith'', and to make multi-word domain names more legible, for example in promoting ''EasyWidgetCompany.com''. The more specific terms Pascal case and upper camel case refer to a joined phrase where the first letter of each word is capitalized, including the initial letter of the first word. Similarly, lower camel case (also known as dromedary case) requires ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
