Windows Driver BASICS (iii) Windows System Basics

Windows Driver BASICS (iii) Windows System Basics

Windows Driver basic series, reproduced please indicate the source: http://blog.csdn.net/ikerpeng/article/details/38778375

Windows running mode: user mode and Kernel Mode

Windows is divided into kernel mode and user mode in general. Intel's i386 series CPU logic has four privileged layers: Ring0 (highest privilege), Ring1, Ring2, ring3. the kernel mode runs on Ring0, and the user mode runs on Ring3.

Windows Components running in kernel mode are safe (the driver is running here) and will not be maliciously attacked; programs Running in user mode are insecure and vulnerable to attacks.

The driver runs in kernel mode and has the highest permissions. Therefore, there are no other protection measures, so you should be extremely careful when writing the driver, which may directly cause the system to crash.

Windows operating system architecture:

Modern operating systems are designed based on a layered approach. It is generally a "client-server" structure.

Windows architecture diagram (made by iker)

The Win32 subsystem is the most pure Windows subsystem and provides a large number of APIs. Applications perform operations on computers by calling them. Most of the Win32 sub-system APIs are implemented through NativeAPI. NativeAPI is set based on version compatibility considerations. It enters the kernel mode by means of software interruption.

The following describes several important concepts:

Virtual Memory Management: introduces the concept of virtual memory in Windows, and then associates physical memory with virtual memory through some ing. Each process has 4 GB of virtual memory, which is then divided into two parts: the first half, 0 ~ 0X7FFFFFFF indicates the user mode address, and the second half indicates the kernel mode address. In addition, Windows requires that the ing mode of virtual memory in memory mode is the same, and the data in the kernel mode address at the top is the same.

I/O manager: initiates I/O requests and manages these requests. Whether it is port read/write, access to the keyboard, or operations on disk files are always IRP (I/O Request Packages ). The driver is responsible for completing these IRPs.

The driver performs operations after receiving these IRP requests.

This section is complete.

Bibliography:

Windows driver development technology details