Phoenix
asked on
How processes work with user and kernel mode in Windows OS?
Hey everyone, I have been trying to learn the Windows architecture but I am still struggling to piece all of the parts together and I think it is especially hard because I don't have any programming knowledge.
One of my pain areas is the kernel and user mode. Could anyone help me with a good example to understand how processes that run in user mode access the kernel ? And where do handles and objects come into the picture?
From what I read the kernel and user mode are just two different processor modes on Windows. User mode is used for applications, system processes, services etc. while the kernel mode is for Windows Executive, device and file-system drivers, HAL, kernel code itself, GDI etc. The processor running on Windows switches between these two modes depending on the code it is executing.
In user mode, the executing code has no ability to directly access hardware and has only limited access to system data. It would have to use handles to access kernel mode resources which are objects.
In kernel mode, the executing code has complete and unrestricted access to the underlying hardware and system data.
This isolation allows for better system stability and security. Crashes in the user mode only affect the application as each process runs in its own private virtual memory space called heap, while crashes in the kernel mode causes bug checks because the kernel mode shares the virtual memory space known as pool.
To show my understanding so far let us take the example of MS Paint. If I launch paint and then try to open an image by keying in the filename, a thread in the mspaint.exe process is going to be switched into the kernel mode by the processor in order to access the file-system which is in the kernel mode that will allow it to view all the files present on the disk and locate the file that matches the filename. On locating the file, the mspaint thread is provided a handle to the file object in the kernel mode and then the thread is switched back to user mode by the processor.
Please correct me if I am wrong and if so a correct example with how it works would be very much appreciated.
One of my pain areas is the kernel and user mode. Could anyone help me with a good example to understand how processes that run in user mode access the kernel ? And where do handles and objects come into the picture?
From what I read the kernel and user mode are just two different processor modes on Windows. User mode is used for applications, system processes, services etc. while the kernel mode is for Windows Executive, device and file-system drivers, HAL, kernel code itself, GDI etc. The processor running on Windows switches between these two modes depending on the code it is executing.
In user mode, the executing code has no ability to directly access hardware and has only limited access to system data. It would have to use handles to access kernel mode resources which are objects.
In kernel mode, the executing code has complete and unrestricted access to the underlying hardware and system data.
This isolation allows for better system stability and security. Crashes in the user mode only affect the application as each process runs in its own private virtual memory space called heap, while crashes in the kernel mode causes bug checks because the kernel mode shares the virtual memory space known as pool.
To show my understanding so far let us take the example of MS Paint. If I launch paint and then try to open an image by keying in the filename, a thread in the mspaint.exe process is going to be switched into the kernel mode by the processor in order to access the file-system which is in the kernel mode that will allow it to view all the files present on the disk and locate the file that matches the filename. On locating the file, the mspaint thread is provided a handle to the file object in the kernel mode and then the thread is switched back to user mode by the processor.
Please correct me if I am wrong and if so a correct example with how it works would be very much appreciated.
In general you are right.
Every CPU (it has more to do with CPU's than OS) provides some way of of SYSCALL's mechanism where a "user" mode program to switch to Kernel mode. The same method is also used by Linux, BSD, etc. etc.
Other architectures (AXP, IA64, ARM, Power, etc.) all provide a "similar" way to start kernel mode.
When kernel mode is activated, it executes code that is known, trusted, and then verifies all parameters is they are correct and sufficient.
(Like writable memory for a buffer to read data into, if the FileHandle you mention is writable, if it is an existing function etc. ).
(When a CPU boots it is in "kernel" mode and will setup the OS to allow usermode code to run.)
Every CPU (it has more to do with CPU's than OS) provides some way of of SYSCALL's mechanism where a "user" mode program to switch to Kernel mode. The same method is also used by Linux, BSD, etc. etc.
Other architectures (AXP, IA64, ARM, Power, etc.) all provide a "similar" way to start kernel mode.
When kernel mode is activated, it executes code that is known, trusted, and then verifies all parameters is they are correct and sufficient.
(Like writable memory for a buffer to read data into, if the FileHandle you mention is writable, if it is an existing function etc. ).
(When a CPU boots it is in "kernel" mode and will setup the OS to allow usermode code to run.)
ASKER
I know the question has a lot of text in it but I was hoping to be clear on what I was asking, to show what I know so far and to put forward an example of that understanding. I understand it might be difficult but what I was looking for was a high level example of how the usermode, kernelmode, handles and objects work together without all the minute details.
Maybe check out some simpler OS, like Minix that don't need to carry al the other bloat that huge OS's have.
MINI was built for educational purposes.
Hardware manuals for some CPU's might help as well. (well x86 is a pile of manuals, so try a RISC system like ARM, AXP, PDP) or older architectures like VAX.
MINI was built for educational purposes.
Hardware manuals for some CPU's might help as well. (well x86 is a pile of manuals, so try a RISC system like ARM, AXP, PDP) or older architectures like VAX.
I agree with noci about checking out something like Minix ....
It might be worth having a look at the forums on ReactOS also ?
Also, here are some (short, older threads ..) on Reddit that may give some more insights ...
Kernel Mode vs User Mode
Why is it important for an operating system to have kernel mode and user mode?
But, my search to find a good online article that gives a good overview of something like your mspaint example is still coming up blank ...
It might be worth having a look at the forums on ReactOS also ?
Also, here are some (short, older threads ..) on Reddit that may give some more insights ...
Kernel Mode vs User Mode
Why is it important for an operating system to have kernel mode and user mode?
But, my search to find a good online article that gives a good overview of something like your mspaint example is still coming up blank ...
Some general background: https://en.wikipedia.org/wiki/Protection_ring
(Usermode/Kernelmode is a simplistic version of the Ring Models...)
And the general source of this is:
https://www.multicians.org/protection.html (yes 1972...)
It actualy goes back a little firther, you will need to look into MULTICS.
https://en.wikipedia.org/wiki/Multics
(Usermode/Kernelmode is a simplistic version of the Ring Models...)
And the general source of this is:
https://www.multicians.org/protection.html (yes 1972...)
It actualy goes back a little firther, you will need to look into MULTICS.
https://en.wikipedia.org/wiki/Multics
This question needs an answer!
Become an EE member today
7 DAY FREE TRIALMembers can start a 7-Day Free trial then enjoy unlimited access to the platform.
View membership options
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
..... maybe a Verified Expert will chime in here later with a definitive answer to the mspaint example or illustrate a different scenario which gives a clearer/cleaner outline of the switching between modes which you seek .... and, if I come across a good (on the web) example I will post a link back here ....