Microsoft Windows OS Internals: Part 1 — Genesis and
Architecture
The history of the Windows operating system is not just a story of software
updates; it is a timeline of architectural shifts that redefined the
relationship between hardware, software, and users. To understand the
modern Windows environment, we must look back at its foundational roots—from a
"quick and dirty" command-line interface to a sophisticated,
dual-mode protected kernel.
Genesis: From QDOS to MS-DOS
The journey began on July 27, 1981, when Bill Gates licensed
the "Quick and Dirty Operating System" (QDOS) from Seattle Computer
Systems. At the time, Gary Kildall (1942–1994) was the man who "could
have been Bill Gates," as he was the inventor of CP/M. However,
Gates’s Microsoft Corporation produced a variant of CP/M called QDOS, which
Microsoft licensed to IBM as PC-DOS and marketed its own
clone, MS-DOS (Microsoft Disk Operating System).
MS-DOS became the standard for IBM-compatible personal
computers, but it was purely text-based. In this traditional programming
model, the program was in control would issue prompts, and the user would
respond.
Graphical Transition: Windows 1.0 to 3.1
In 1985, Microsoft released Windows 1.0, so named because of
the visual "windows" that represented the operating system’s
core. This shifted the paradigm from typing commands to a "point and
click" interface. By 1987, Windows 2.0 was optimized for the Intel
286 processor, introducing desktop icons and keyboard shortcuts.
The release of Windows 3.0 in 1990 brought advanced 16-color
graphics for the Intel 386 and introduced the Program Manager and File
Manager. These versions fundamentally changed the programming model
to event-driven programming, where the user is in control and the
program must be ready to handle any event (like a mouse click) at any time.
Major Advancement: Windows 95 and NT
Windows 95, released in August 1995, was a significant leap
forward. It introduced a new user interface and, crucially,
supported 32-bit applications, allowing software to run much faster
than its 16-bit predecessors.
However, the "professional" lineage of Windows
truly began with Windows NT (New Technology). Unlike the
consumer-grade MS-DOS variants, NT was a ground-up 32-bit system that supported
preemptive multitasking. This architecture evolved into Windows 2000
(W2K), which offered distinct versions for Professional use, Servers, Advanced
Servers, and Datacenters.
MS-DOS and Beyond:
→ MS-DOS - Microsoft Disk Operating System (1981)Originally developed by Microsoft for IBM, MS-DOS was the standard operating system for IBM-compatible personal computers.
→ Windows 1.0 – 2.0 (1985-1992)Introduced in 1985, Microsoft Windows 1.0 was named due to the computing boxes, or "windows" that represented a fundamental aspect of the operating system. Instead of typing MS-DOS commands, windows 1.0 allowed users to point and click to access the windows.In 1987 Microsoft released Windows 2.0, which was designed for the designed for the Intel 286 processor. This version added desktop icons, keyboard shortcuts and improved graphics support.
→ Windows 3.0 – 3.1 (1990–1994)Windows 3.0 was released in May, 1990 offering better icons, performance and advanced graphics with 16 colors designed for Intel 386 processors. It included Program Manager, File Manager and Print Manager and Games (Hearts, Minesweeper and Solitaire). Microsoft released Windows 3.1 in 1992.
→ Windows 95 (August 1995)Windows 95 was released in 1995 and was a major upgrade to the Windows operating system. This OS was a significant advancement over its precursor, Windows 3.1. In addition to sporting a new user interface, Windows 95 also includes a number of important internal improvements. Perhaps most important, it supports 32-bit applications, which means that applications written specifically for this operating system should run much faster.
→ Windows 98 (June 1998)Windows 98 offers support for a number of new technologies, including FAT32, AGP, MMX, USB, DVD, and ACPI. Its most visible feature, though, is the Active Desktop, which integrates the Web browser (Internet Explorer) with the operating system.
→ Windows ME (September 2000)"Windows Me" was an update to the Windows 98 core and included some features of the Windows 2000 operating system. This version also removed the "boot in DOS" option.
→ Windows NT 31. - 4.0 (1993-1996)A version of the Windows operating system. Windows NT (New Technology) is a 32-bit operating system that supports preemptive multitasking. There are actually two versions of Windows NT: Windows NT Server, designed to act as a server in networks, and Windows NT Workstation for stand-alone or client workstations.
→ Windows 2000 (February 2000)Often abbreviated as "W2K," Windows 2000 is an operating system for business desktop and laptop systems to run software applications, connect to Internet and intranet sites, and access files, printers, and network resources. Microsoft released four versions of Windows 2000: Professional (for business desktop and laptop systems), Server (both a Web server and an office server), Advanced Server (for line-of-business applications) and Datacenter Server (for high-traffic computer networks).
Core Architecture: User Mode vs. Kernel Mode
To prevent a single application from crashing the entire
system or modifying critical OS data, Windows uses two distinct processor
access modes: User Mode and Kernel Mode.
- User
Mode: This is where user application code runs. In this mode, the
application is restricted from accessing hardware or system memory
directly. If an application crashes, it only affects that specific
process.
- Kernel
Mode: This mode grants processor access to all system memory and all
CPU instructions. Operating system code, including system services
and device drivers, runs here. Because kernel mode has unrestricted
access, any failure in this layer can lead to a complete system crash.
Unlike traditional UNIX systems, which maintain a very clear
separation between the kernel and user space, Windows utilizes a sophisticated
series of libraries to bridge these worlds.
API Layers: DLLs and NTDLL
Applications in Windows typically do not talk to the
hardware. Instead, they call functions from a set of Dynamic Link
Libraries (DLLs). The primary platform is the Win32 API,
provided by libraries such as:
- Kernel32.dll:
Manages core resources like memory and processes.
- User32.dll:
Handles the user interface.
- GDI32.dll:
Manages graphics.
When an application calls a Win32 function, the request is
passed to NTDLL.dll. NTDLL acts as the final interface between
the User space and the Kernel API. It takes the parameters from the
application, invokes the system call interface, and passes control to the
kernel-mode implementation (like NTCreateFile).
System Primitives: Processes, Threads, and Handles
At the heart of the OS are three main elements: Applications, Windows,
and Messages.
- Process:
A process is an isolated memory structure that supports an
application. A Windows process contains one or more threads.
- Thread:
A thread is a stream of sequential machine-code instructions that the CPU
executes. Every time the CPU runs an instruction for an application,
it is doing so via a thread.
- Handle:
A handle is a logical association with a shared resource, such as a file,
a window, or a memory location. Internally, it acts as a
"name" for that instance of the resource.
- Message:
Communication between the OS and the application is done via
messages. Information about events is sent by the OS to the
application, and the application notifies its windows using these
messages.
Evolution of Windows Programming
The method of building Windows programs has shifted overtime:
- Windows
SDK/API: The original, manual method.
- MFC
(Microsoft Foundation Classes): Popular from 1994 to 2003, providing a
C++ object-oriented wrapper around the API.
- .NET:
The modern approach, providing a common language runtime (CLR) and
simplified development.
