Windows NT

format_list_bulleted Contenido keyboard_arrow_down
ImprimirCitar
Windows NT Logo.

Windows NT (Windows New Technology) is a family of operating systems produced by Microsoft, of which the first version was released in July 1993.

Prior to the appearance of Windows 95, the Microsoft company conceived a new line of operating systems aimed at workstations and network servers. An operating system with its own graphic interface, stable and with characteristics similar to UNIX network systems. The letters NT come from the product designation as "New Technology" (New Technology). Starting with Windows 2000, "NT" it was removed from the product name and is only included in the product version string along with various low-level places within the system.

NT was the first purely 32-bit version of Windows, while its consumer-facing counterparts, Windows 3.1x and Windows 9x, were 16-bit/32-bit hybrids. It is a multi-architecture operating system. Initially, it supported various instruction set architectures, including IA-32, MIPS, and DEC Alpha; Support for PowerPC, Itanium, x64, and ARM were added later. The latest versions support x86 (including IA-32 and x64) and ARM. The main features of the Windows NT family include Windows Shell, Windows API, Native API, Active Directory, Group Policy, Hardware Abstraction Layer, NTFS, BitLocker, Windows Store, Windows Update, and Hyper-V.

Prior to 2001, Microsoft distributed Windows NT as an office and business operating system, and maintained the MS-DOS-based line (Windows 95, Windows 98, and Windows ME) as a line of consumer operating systems.

The first versions, all released in the 1990s, were Windows NT 3.1 (1993), Windows NT 3.5 (1994), Windows NT 3.51 (1995), and Windows NT 4.0 (1996). There is also Windows 2000 (which was initially to be released under the name Windows NT 5.0), which reached RTM in December 1999, and was finally released in February 2000.

The main editions in which the first versions of Windows NT were distributed were two: Workstation for stations or work groups and Server for servers. There are also Advanced Server editions for NT 4.0 and 2000, and Terminal Server for NT 4.0 only.

In 1999, Microsoft began work on two new projects codenamed Neptune and Odyssey. The former was to be the first consumer version of NT, while the latter was to be the successor to Windows 2000. However, in January 2000, Microsoft decided to cancel the two projects to merge them into one, Whistler, which would eventually become Windows XP in 2001. Since then, Windows NT has been distributed to both consumers and businesses as it originally did.

Development

When development began in November 1993, Windows NT (using protected mode) was developed alongside OS/2 3.0, the third version of the operating system developed jointly by Microsoft and IBM. In addition to the work on the three versions of OS/2, Microsoft continued to develop in parallel a DOS-based, less resource-demanding Windows environment (using real mode). When Windows 3.0 was released in May 1990, it was so successful that Microsoft decided to change the API for the still unreleased NT OS/2 (as it was known) from an OS/2 API to an extended Windows API. This decision caused tension between Microsoft and IBM, and the collaboration fell apart. IBM continued development of OS/2 on its own, while Microsoft continued work on the newly named Windows NT.

Microsoft hired a group of developers from Digital Equipment Corporation led by Dave Cutler to develop Windows NT, and many elements that reflect DEC's experience with VMS and RSX-11. The OS was designed to run on multiple architectures, with the kernel separated from the hardware by a hardware abstraction layer. The APIs were implemented as subsystems on top of the undocumented native API; this allowed for future adoption of the Windows API. Originally a microkernel was designed, subsequent releases have integrated more features to improve kernel performance. Windows NT was the first operating system to use Unicode internally.

Architecture

The architecture of the Windows NT operating system family is based on two layers (user mode and core mode), with different modules within these layers.

Microsoft's Windows NT family of operating systems consists of versions such as Windows 10, Windows 8.x, 7, Vista, XP, Windows Server 2003, Windows 2000 and Windows NT. They all have preemptive multitasking and are operating systems that have been designed to work with both single-processor and multi-processor computers, which in English is the Symmetrical Multi Processor or SMP.

To process input/output requests (in English Input/Output, I/O) it goes to an I/O packet address that uses requests (IRP) and asynchronous I/O. Starting with Windows 2000 Advanced Server, Microsoft began developing operating systems that supported 64-bit. Before their operating systems were based on a 32-bit model.

The Windows NT architecture is highly modular and is based on two main layers:

  • User mode: Which programs and subsystems are limited to the system resources they have access to.
  • Core Mode: Full access to system memory and external devices. The cores of the operating systems of this line are all known as hybrid cores, although it must be clarified that this term is in discussion as this core is essentially a monolithic core that is structured in the style of a micronucleus. The architecture within the core mode consists of the following:
  1. A hybrid core.
  2. A hardware abstraction layer (in English) Hardware Abstraction Layer o HAL).
  3. Controllers or also called drivers.
  4. Executive: On which all high-level services are implemented.
  5. Dynamic bookstores for proper operation, such as ntoskrnl.exe

Windows NT line kernel mode is composed of subsystems capable of passing I/O requests to the appropriate drivers using the I/O manager. Two subsystems create the Windows 2000 user mode layer: the Environment subsystem (runs applications written for different types of operating systems), and the Integral subsystem (handles system-specific functions of part of the Environment subsystem). Kernel mode in Windows 2000 has full access to the computer's hardware and system resources. Kernel mode prevents user-mode services and applications from accessing critical areas of the operating system that they shouldn't.

The Executive relates to all user mode subsystems. It deals with input/output, object management, security, and process management. The kernel sits between the hardware abstraction layer and the Executive to provide multiprocessor synchronization, threads and scheduling and interrupt dispatching, and exception dispatching.

The kernel is also responsible for initializing device drivers at boot time. There are three levels of drivers in kernel mode: high-level drivers, intermediate drivers, and low-level drivers. The Windows Driver Model (WDM) is in the middle layer and was designed primarily to maintain source code and binary compatibility between Windows 98 and Windows 2000. Lower level drivers are also a legacy of Windows NT device drivers that directly control a device or may be a PnP hardware bus.

User mode

User mode consists of subsystems that can pass I/O requests to the appropriate kernel mode drivers via the I/O manager (which is in kernel mode). Two subsystems make up the Windows 2000 user mode layer: the Environment subsystem and the Integral subsystem.

The environment subsystem was designed to run applications written for different types of operating systems. None of the environment subsystems can directly access the hardware, and they must request access to memory resources through the Virtual Memory Manager running in kernel mode. Also, applications run at a lower priority than kernel processes. There are currently three main environment subsystems: a Win32 subsystem, an OS/2 subsystem, and a POSIX subsystem.

The Win32 environment subsystem can run 32-bit Windows applications. Contains the console as well as support for text windows, shutdown, and fatal error handling for all other environment subsystems. It also supports Virtual DOS Machines (Virtual DOS Machine, VDM), allowing MS-DOS applications and 16-bit Windows 3.x (Win16) applications to run on Windows. There is a specific VDM that runs in its own memory space and emulates an Intel 80486 running MS-DOS 5. Win16 programs, however, run on a Win16 VDM.

Each program, by default, runs in the same process, so it uses the same address space, and the Win16 VDM gives each program its own thread to run. However, Windows 2000 allows users to run Win16 programs in a separate Win16 VDM, which allows the program to be a multitasking priority when Windows 2000 runs the entire VDM process, which contains only one running application. The OS/2 environment subsystem supports 16-bit character-based applications and emulates OS/2 1.x, but does not support running 32-bit or graphical applications like OS/2 2.x and later.. The POSIX environment subsystem only supports applications that strictly conform to the POSIX.1 standard or associated ISO/IEC standards.

The end-to-end subsystem takes care of operating system-specific functions on behalf of the environment subsystem. It consists of a security subsystem, a terminal service and a server service. The security subsystem handles security receipts, allows or denies access to user accounts based on resource permissions, handles login requests and initiates authentication, and determines which system resources need to be audited. by Windows 2000. It is also in charge of the Active Directory (in English, Active Directory). The terminal service is an API to the network redirector, which provides network access to the computer. The server service is an API that allows the computer to provide network services.

Kernel mode

Windows 2000 kernel mode has complete access to the computer's hardware and system resources and runs its code in a protected area of memory. It controls access to scheduling, thread prioritization, memory management, and interaction with hardware. Kernel mode prevents user-mode applications and services from accessing critical areas of the operating system that they shouldn't have access to, they must ask the kernel to perform those operations on their behalf.

Kernel mode is made up of executive services, which in turn are made up of various modules that perform specific tasks, kernel controllers, a kernel, and an Hardware Abstraction Layer or HAL.

Executive

The Executive relates to all user mode subsystems. It handles I/O, object management, security, and process management. It is informally divided into several subsystems, among which are the Cache Manager, the Configuration Manager, the Input Manager /Output, the Calls to Local Procedures, the Memory Manager, the Object Manager, the Structure of Processes, and the Security Reference Monitor. All together, the components can be called Executive Services (internal name Ex). System Services (internal name Nt), for example system calls, are implemented at this level as well, except for a few that are called directly within the system layer. kernel for better performance.

The Object Manager (internal name Ob) is a special subsystem of the Executive through which all other subsystems of the Executive, especially system calls, must pass to gain access to Windows 2000 resources. This makes it essentially a resource management infrastructure service.

The object manager is used to avoid duplication of resource object management functionality in the other subsystems of the executive, which could potentially lead to bugs and complicate the design of Windows 2000. For the object manager, each resource is an object, regardless of whether the resource is a physical resource (such as a file system or peripheral) or a logical resource (such as a file). Each object has a structure or object type that the object manager must know about.

Object creation is a two-phase process, creation and insertion. The creation causes the allocation of an empty object and the reservation of the necessary resources by the object manager, such as an (optional) name in the namespace. If the creation is successful, the subsystem responsible for the creation fills in the object data. Finally, if the subsystem considers that the initialization was successful, it tells the object manager to insert the object, which makes it accessible via its name (optional) or a cookie called pointer. From then on, the life of the object is controlled by the object manager, and it is the obligation of the subsystem to keep the object running until it is marked by the object manager for release.

The purpose of pointers is similar to UNIX file descriptors, in that each represents a reference to a kernel resource via an obscure value. Similarly, opening an object from its name is subject to security checks, but working through an existing one is only limited to the level of access needed when the object was opened or created. Unlike UNIX file descriptors, multiple Windows pointers can reference the same object (while file descriptors can be duplicates, duplicates refer to the same file node, but to a different unique file description).

Object types define their procedures and their specific data. In this way, the object manager allows Windows 2000 to be an object-oriented operating system, since object types can be thought of as polymorphic classes that define objects. However, most subsystems rely on the default implementation for all object types of procedures.

Each object that is created stores its name, parameters passed to the object's create function, security attributes, and a pointer to its object type. The object also contains a procedure to close it and a reference counter to tell the object manager how many objects reference it. In this way, the object manager determines whether the object can be destroyed when a request to delete the object is sent to it. All named objects are found in the hierarchical object namespace.

Other executive subsystems are as follows:

  • Cache Controller Cache Controller, internal name Cc): is closely related to the Memory Manager, the Entry/Output Manager and the Entry/Output drivers to provide a common cache for frequent E/S files. The Windows Cache Manager operates only with file blocks (more than with device blocks), to perform consistent operations between local and remote files, and ensure a certain degree of consistency with the pages in memory of the files, as cache blocks are a special case of the pages in memory and cache failures are a special case of page failures.
A long-standing issue on the existing implementation is why it does not explicitly release the blocks that have not been used for a long time, depending, instead, on the algorithm of assigning pages of the memory manager to finally download them from the physical memory. As an effect, sometimes the cache grows indiscriminately, compelling another memory to be paged, often replacing the process that started the E/S, which ends up spending most of its execution time in response to page failures. This is more visible when copying large files.
  • Configuration Manager Configuration Manager, internal name Cm): implements the Windows registry.
  • E/S Manager I/O Manager, internal name Io): allows devices to communicate with the user mode subsystems. It deals with translating the user mode reading and writing commands to reading or writing IRP that sends to the device drivers. It also accepts E/S requests from the file system and translates them into specific calls to devices, can incorporate low-level device drivers that directly manipulate the hardware to read the input or write an output. It also includes a cache manager to improve disk performance by saving read requests and writing to disk in the background.
  • Call to Local Procedures Local Procedure Call (LPC), internal name Lpc): provides communication between processes through ports with semantic connection. The LPC ports are used by the user mode subsystems to communicate with their customers, by the Executive subsystems to communicate with the user mode subsystems, and as a basis for local transport for MSRPC.
  • Memory Manager (in English Memory Manager, internal name) Mm.): manages virtual memory, controlling memory protection and the physical memory page to secondary storage, and implements a general purpose physical memory manager. It also implements a pair of Portable Executable Runners (in English, Executable Portable, PE) that allows an executable to be mapped or released in a unique and atomic step.
Starting in Windows NT Server 4.0, Terminal Server Edition, the memory manager implements the so-called session space, a memory range of the core mode that is used for context change as well as the memory of the user mode. This allows several instances of the Win32 subsystem and GDI controllers to be executed together, despite some flaws of their initial design. Each session space is shared by several processes, called together as "session".
To ensure the level of insulation between sessions without introducing a new type of object, the insulation between processes and sessions is managed by the Safety Reference Monitor, as an attribute of a security object (witness), and can only be changed if they have special privileges.
The relatively unsophisticated and ad-hoc naturazela of the sessions is due to the fact that they were not part of the initial design, and they had to be developed, with minimal interruption to the main line, by a third group (Citrix) as a requirement for their terminal server product for Windows NT, called WinFrame. Beginning with Windows Vista, the sessions eventually became an aspect of Windows architecture. From now on, a memory manager that furtively enters user mode through Win32, was expanded into a dominant abstraction affecting most Executive subsystems. In fact, the usual use of Windows Vista always results in a multi-session environment.
  • Process Structure (in English Process Structure, internal name) Ps): manages the creation and completion of processes and threads, and implements the concept of work (job), a group of processes that can be completed as a set, or can be placed under shared restrictions (such as a maximum of assigned memory, or CPU time).
  • PnP Manager PnP Manager, internal name Pnp): manages the Plug and Play service, maintains device detection and installation at the time of startup. It also has the responsibility to stop and boot devices on demand, this can happen when a bus (such as a USB or FireWire) detects a new device and needs to have loaded a driver to access it. Most of it is implemented in user mode, in the Service Plug and Playwhich manages the tasks, often complex, of installation of the appropriate controllers, noting the services and applications of the arrival of new services, and showing the GUI to the user.
  • Energy Manager (in English Power Manager, internal name) Po): deals with energy events (off, waiting mode, hibernation, etc.) and notifies the drivers affected with special IRP (IRP Energy).
  • Security Reference Monitor (in English Security Reference Monitor (SRM), internal name Separate): it is the primary authority to enforce the rules of the comprehensive security subsystem. Determine when an object or resource can be accessed through the use of access control lists (in English Access Control List, ACL), which are made up of access control inputs (in English Access Control Entries, ACE). The ACEs contain a security identifier (in English, Security Identifier, SID) and a list of operations that the ACE provides to a trusted group — a user account, a group account, or login — permission (to allow, refuse, or audit) to that resource.

Core

The core of the operating system sits between the HAL and the Executive and provides multiprocessor synchronization, threads and interrupt dispatching and scheduling, interrupt handling and exception dispatching, it is also responsible for initializing device drivers that are required at boot to keep the operating system running. That is, the kernel performs almost all the tasks of a traditional microkernel, the strict distinction between the Executive and the kernel is the major remnants in the latter of the original microkernel design, and that historical design documentation refers to the kernel component as "the microkernel".

The kernel often interacts with the process manager. The level of abstraction is such that the kernel never calls the process manager, only the other way around is allowed (except for a handful of cases, not quite getting to the point yet). of a functional dependency).

Kernel mode drivers

Windows 2000 uses kernel-mode device drivers to allow it to interact with hardware devices. Each of the drivers have well-defined system routines and internal routines that they export to other operating systems. All devices are seen by the user mode as a file object in the I/O manager, through the I/O manager itself, devices are seen as device objects, which he defines as either file, device, or controller. Kernel-mode drivers are found at three levels: high-level drivers, intermediate drivers, and low-level drivers. High-level drivers, such as file system drivers for FAT and NTFS, depend on intermediate drivers. Intermediate drivers are made up of driver functions — or main drivers for a device — that are optionally sandwiched between low-level and high-level driver filters. Controller functions depend on a bus controller — or a controller serving a bus controller, adapter, or bridge — which can have an optional bus controller filter sitting between itself and the controller function. The Windows Driver Model (WDM) is in the middle layer. The lowest level drivers are also legacy Windows NT device drivers that control a device directly or may be a PnP hardware bus. Those low-level drivers directly control the hardware and don't rely on others.

Hardware Abstraction Layer

Hardware Abstraction Layer, or HAL, is a layer that sits between the computer's physical hardware and the rest of the operating system. It was designed to hide hardware differences and therefore provide a consistent platform on which applications can run. The HAL includes hardware-dependent code that controls I/O interfaces, interrupt handlers, and multiple processors.

In particular, the "hardware abstraction" It does not imply abstracting the instruction set, which generally falls under the broader concept of portability. Instruction set abstraction, when necessary (such as to handle various revisions of the x86 instruction set, or emulation of a non-existent math coprocessor), is performed by the kernel.

Despite its purpose and its position within the architectural design, the HAL is not a layer that sits completely below the kernel in the same way that the kernel sits below the Executive: all known implementations of the HAL they depend in some way on the kernel, or even on the executive. In practice, this means that the kernel and variations of the HAL are distributed together, built specifically to work together.

Versions

Windows NT Versions
NT version Name Editions Date released Compilation
NT 3.1 Windows NT 3.1 Workstation, Advanced Server July 1993 528
NT 3.5 Windows NT 3.5 Workstation, Server September 1994 807
NT 3.51 Windows NT 3.51 Workstation, Server May 1995 1057
NT 4.0 Windows NT 4.0 Workstation, Server, Server Enterprise Edition, Terminal Server, Embedded July 1996 1381
NT 5.0 Windows 2000 Professional, Server, Advanced Server, Datacenter Server February 2000 2195
NT 5.1 Windows XP Home, Professional, Media Center (2004 & 2005), Tablet PC, Starter, Embedded, N, 64 bit edition (IA-64) October 2001 2600 (SP1, SP2 and SP3)
NT 5.2 Windows Server 2003 Standard, Enterprise, Datacenter, Web, XP Professional x64 April 2003 3790
NT 5.1 Windows Fundamentals for Legacy PC N/A July 2006 2600
NT 6.0 Windows Vista Starter, Home Basic, Home Premium, Business, Enterprise, Ultimate January 2007 RTM: 6000

SP1: 6001

SP2: 6002

SP2 Update: 6003

NT 6.0 Windows Server 2008 Standard, Enterprise, Datacenter, Web, Storage, Small Business Server February 2008 RTM: 6001

SP2: 6002

SP2 Update: 6003

NT 6.1 Windows Server 2008 R2 Standard, Enterprise, Datacenter, Web, Storage, Small Business Server February 2009 7601
NT 6.1 Windows 7 Starter, Home Basic, Home Premium, Professional, Ultimate, Enterprise October 2009 RTM: 7600

SP1: 7601

NT 6.2 Windows Server 2012 Foundation, Essentials, Standard, Datacenter September 2012 9200
NT 6.2 Windows 8 Windows 8, Windows 8 Pro, Windows RT(ARM), Windows Phone 8 (ARM) October 2012 9200
NT 6.3 Windows 8.1 Windows 8.1, Windows 8.1 Pro, Windows RT(ARM), Windows Phone 8.1 (ARM) October 2013 9600
NT 6.3 Windows Server 2012 R2 Essentials, Standard, Datacenter, Multipoint Premium Server, Storage Server, Hyper-V Server October 2013 9600
NT 10.0 Windows 10 Home Single Language, Home, Pro, Pro for Workstations, Pro Education, Enterprise, Education, Mobile, Mobile Enterprise, X 1507: 29 July 2015

1511: 10 November 2015

1607: August 2, 2016

1703: April 5, 2017

1709: 17 October 2017

1803: April 30, 2018

1809: 13 November 2018

1903: May 21, 2019

1909: November 12, 2019

2004: 27 May 2020

20H2: 20 October 2020

21H1: 18 May 2021

1507: 10240

1511: 10586

1607: 14393

1703: 15063

1709: 16299

1803: 17134

1809: 17763

1903: 18362

1909: 18363

2004: 19041

20H2: 19042

21H1: 19043

Canal Dev: 21390.2025

NT 10.0 Windows Server 2016 Essentials, Standard, Datacenter, Multipoint Premium Server, Storage Server, Hyper-V Server September 2016 14393
NT 10.0 Windows Server 2019 Essentials, Standard, Datacenter, Multipoint Premium Server, Hyper-V Server October 2018 17763
NT 10.0 Windows Server 2022 Essentials, Standard, Datacenter, Multipoint Premium Server, Hyper-V Server August 2021 20384
NT 10.0 Windows 11 Home Single Language, Home China, Home, Pro, Pro Education, Pro for Workstations October 2021 21H2: 22000
  • Microsoft when starting to use Windows NT in ARM processors ended Windows CE
Más resultados...
Tamaño del texto:
undoredo
format_boldformat_italicformat_underlinedstrikethrough_ssuperscriptsubscriptlink
save