Runtime Environment

Hardware Abstraction Layer

The Windows hardware abstraction layer (HAL) refers to a layer of software that deals directly with your computer hardware. Because the HAL operates at a level between the hardware and the Windows executive services, applications and device drivers need not be aware of any hardware-specific information. The HAL provides routines that enable a single device driver to support a device on different hardware platforms, making device driver development much easier. It hides hardware dependent details such as I/O interfaces, interrupt controllers, and multiprocessor communication mechanisms. Applications and device drivers are no longer allowed to deal with hardware directly and must make calls to HAL routines to determine hardware specific information. Thus, through the filter provided by the HAL, different hardware configurations can be accessed in the same manner. HAL is implemented via the kernel-mode hal.dll module. All Windows components access hardware via the HAL, and multiple HALs are available that are specific to different hardware platforms with the installed HAL chosen when the OS is installed.

Windows Kernel Executive Layer

The Windows operating system uses the term executive layer to refer to kernel-mode components that provide a variety of services to device drivers, including Object management, Memory management, Process and thread management, Input/output management, Configuration management. The executive layer components are part of Ntoskrnl.exe, but that drivers and the HAL are not part of the executive layer.

  1. Kernel-mode Object manager

    The Windows kernel-mode object manager component manages the creation, tracking, access control, destruction, and recycling resource space for Windows objects like Files, Devices, Threads, Processes, Events, Mutexes, Semaphores, and Registry keys.

  2. Kernel-mode Memory manager

    The Windows kernel-mode memory manager component manages physical memory for the operating system. This memory is primarily in the form of random access memory (RAM). The memory manager manages memory by managing the allocation and deallocation of memory virtually and dynamically, and supporting the concepts of memory-mapped files, shared memory, and copy-on-write.

  3. Kernel-mode Process and Thread manager

    The Windows kernel-mode process and thread manager handles the execution of processes having one or more threads on Windows and the synchronization of resources amongst the same.

  4. Kernel-mode I/O manager

    The Windows kernel-mode I/O manager manages the communication between applications and the interfaces provided by device drivers.The I/O manager has two subcomponents:

  5. Plug and Play manager

    The Plug and Play (PnP) manager provides the support for PnP functionality in Windows and is responsible for Device detection and enumeration while the system is booting, and adding or removing devices while the system is running. The PnP manager maintains the Device Tree that keeps track of the devices in the system. The device tree contains information about the devices present on the system. When the computer starts, the PnP manager builds this tree by using information from drivers and other components, and updates the tree as devices are added or removed.

    The PnP manager has two parts:

    1. The Kernel-mode PnP manager interacts with operating system components and drivers to configure, manage, and maintain devices. The kernel-mode PnP manager notifies the user-mode PnP manager that a new device is present on the system and must be installed. The kernel-mode PnP manager also calls the DriverEntry and AddDevice routines of a device's driver and sends the IRP_MN_START_DEVICE request to start the device.

    2. The User-mode PnP manager interacts with user-mode setup components, such as Class Installers, to configure and install devices. The user-mode PnP manager also interacts with applications to, for example, register an application for notification of device changes and notify the application when a device event occurs. The user-mode PnP manager receives device installation requests from the kernel-mode PnP manager, calls other user-mode components to start device installation tasks, and sends control requests (such as "start the device") to the kernel-mode PnP manager. The user-mode PnP manager tries to install a device in a trusted process context without requiring users to respond to dialog boxes. This method is known as a server-side installation.

  6. Kernel-mode power manager

    The Windows kernel-mode power manager manages the orderly change in power status for all devices that support power state changes. This is often done through a complex stack of devices controlling other devices. Each controlling device is called a node and must have a driver that can handle the communication of power state changes up and down through a device stack. The power manager works in combination with policy management to handle power management and coordinate power events, and then generates power management IRPs. The power manager collects requests to change the power state, decides which order the devices must have their power state changed, and then send the appropriate IRPs to tell the appropriate drivers to make the changes (which in turn may tell subdevices to make the change as well). The policy manager monitors activity in the system and integrates user status, application status, and device driver status into power policy.