CHAPTER TWO:

RECAP:
// write a c program that illustrates a simple system call.
#include <stdio.h> // header file to include std i/o header
#include<unistd.h>
#include<windows.h>
#include<fcntl.h>

int main() {

int file = open("Example.txt", O_RDONLY);

if( file < 0){

printf("Error opening file\n");
return 1;
}
char buffer[100];
read(file, buffer,sizeof(buffer));
printf("Content of the file: %s\n", buffer);
close(file);

return 0;
}
WINDOWS SYSTEM PROGRAMMING FOR INTEL386
ARCHITECTURE.
2.1 Introduction to Intel386 Architecture
Intel386 (x86)
The Intel 386 (or 80386) processor introduced a major leap in personal computing
with its 32-bit architecture. It became the foundation for modern operating systems
and application development.
x86 Architecture: Refers to Intel's family of processors, starting from the 16-bit
8086 processor to 32-bit 80386, and beyond.
Protected Mode: The 80386 introduced protected mode, which allowed the OS to
control memory access, enabling multitasking and better stability.
Real Mode: For backwards compatibility, the 80386 could still operate in 16-bit
real mode, emulating earlier processors.

Key Features of Intel386

i. 32-bit Registers and Addressing: 32-bit registers (EAX, EBX, ECX, etc.)
and 32-bit memory addressing allowed access to up to 4 GB of RAM.
ii. Virtual Memory Support: Virtual memory management was fully
supported, allowing for better memory isolation between processes.
iii. Multitasking: The ability to run multiple processes simultaneously by
switching between tasks in protected mode.
iv. Segmentation and Paging: Both segmentation and paging mechanisms
were supported, enhancing memory management by dividing memory into
segments and pages.
v. I/O Protection: The ability to restrict I/O operations to privileged code,
improving system security.
vi. Instruction Set Enhancements: New instructions for bit manipulation,
string operations, and signed multiplication and division.

Intel386 Memory Management

 i. Segmentation: Divides memory into variable-length segments, each with its
own protection level and attributes.
ii. Paging: Divides physical memory into fixed-size pages (typically 4 KB),
allowing for more efficient memory allocation and virtual memory
implementation.
iii. Memory Protection: Four privilege levels (rings) to control access to
memory and system resources.

2.2 16-bit vs. 32-bit Programming

16-bit Programming
✓ In 16-bit systems, such as those based on the Intel 8086/80286 processors,
addresses were limited to 64 KB due to the 16-bit addressing space.
✓ Programs needed to handle memory segmentation, where each memory
address was represented as a combination of a segment and offset.
✓ Complex memory management made it harder to write efficient programs,
especially for tasks requiring access to large amounts of memory.
✓ Limited to 16-bit arithmetic operations, which could be a bottleneck for
computationally intensive tasks.

32-bit Programming

✓ The 80386 introduced a 32-bit flat memory model where addresses were
linear, allowing direct access to the entire 4 GB memory space without the
need for segmentation.
✓ More efficient code could be written since the flat memory model simplified
memory management, and the 32-bit registers could handle larger amounts
of data at once.
✓ 32-bit programs could leverage the processor's protected mode, which
improved security and stability by preventing programs from accessing other
processes' memory.
 ✓ Enhanced performance due to 32-bit arithmetic operations and wider data
paths.
✓ Ability to use larger data types (e.g., 32-bit integers) natively, improving
performance for certain applications.

2.3 Windows System Programming Concepts

a. Win32 API
✓ The primary programming interface for Windows, providing access to
system services and hardware resources.
✓ Implemented as a set of DLLs (Dynamic-Link Libraries) that applications
can call.
✓ Key areas include process and thread management, memory management,
file I/O, and GUI programming.

b. Processes and Threads

✓ Processes: Represent running applications, each with its own virtual address
space.
✓ Threads: Units of execution within a process, sharing the process's resources
but having their own stack and register state.
✓ NB: Windows supports both preemptive multitasking and multithreading.

c. Memory Management in Windows

i. Virtual Memory: Each process has its own 4 GB virtual address space (2 GB
user space, 2 GB kernel space in 32-bit Windows).
ii. Memory-Mapped Files: Allow file I/O to be treated as memory access,
improving performance for certain operations.
iii. Heap Management: Dynamic memory allocation using functions like
HeapAlloc and HeapFree.

d. File I/O and Device Drivers

✓ Windows provides a unified I/O model for files, devices, and interprocess
communication.
 ✓ Asynchronous I/O support for improved performance in I/O-bound
applications.
✓ Device drivers allow hardware interaction through a standard interface.

e. Security and Access Control

✓ Windows implements a security model based on access tokens and security
descriptors.
✓ User accounts and groups are used to control access to system resources.
✓ Access Control Lists (ACLs) define permissions for objects like files and
registry keys.

2.4 Differences Between 16-bit and 32-bit Windows Programming

Memory Model

✓ 16-bit: Segmented memory model with complex memory management.

✓ 32-bit: Flat memory model with simpler, more efficient memory access.

API Differences
✓ 16-bit: Used older APIs like Win16 API.
✓ 32-bit: Introduced the Win32 API, providing more functionality and better
performance.
Multitasking
✓ 16-bit: Cooperative multitasking in Windows 3.x.
✓ 32-bit: Preemptive multitasking, allowing better system responsiveness and
true multitasking.
Resource Limits
 ✓ 16-bit: Limited system resources (e.g., GDI objects) shared among all
applications.
✓ 32-bit: Increased limits on system resources, with better isolation between
applications.
Compatibility
✓ 32-bit Windows can run 16-bit applications through the Windows on
Windows (WOW) subsystem.
✓ 16-bit Windows cannot run 32-bit applications natively.
Key Differences:

Feature 16-bit Programming 32-bit Programming

Addressing Space 16-bit (up to 64 KB) 32-bit (up to 4 GB)

Memory Management Segment Flat memory model

model
Efficiency Complex memory handling Direct memory access
(simplified)

Registers 16-bit registers 32-bit registers (EAX, EBX,

(AX, BX, CX, DX) ECX, EDX)

Protected Mode Limited support Full support with

multitasking and paging

2.3 32-bit Flat Memory Model

Flat Memory Model:
✓ The flat memory model treats all memory as a single contiguous block,
eliminating the need for memory segmentation.
✓ In this model, programs use 32-bit addresses to access any location in
memory directly, up to the maximum memory available (4 GB for 32-bit
systems).
✓ The simplicity of the flat memory model allows for more efficient memory
management and easier programming, especially in modern operating
systems.
Segmented Memory Model vs. Flat Memory Model:
✓ Segmented Memory: In older systems, memory was divided into segments,
and a logical address was expressed as a combination of a segment and an
offset.
✓ Flat Memory: All addresses are treated as linear, and programs no longer
need to deal with segments, making it easier to work with larger memory.

2.4 Windows Architecture for Intel386

➢ The Windows operating system running on Intel386 architecture builds on
the core features provided by the CPU to manage memory, processes, and
hardware interaction. Below are the key architectural components of
Windows:

Windows Architecture:
a. User Mode:
➢ The part of the system where user applications run. These applications are
isolated from the core system components for security and stability.
➢ Subsystems: Windows provides various subsystems to support different
APIs (e.g., Windows API, POSIX). Applications interact with the OS
through these APIs.
b. Kernel Mode:
➢ The kernel is the heart of the OS, running in privileged mode (Ring 0). It
manages hardware, I/O devices, memory, and system processes.
Kernel Components:
i. Executive Services: Manages system-level services like process scheduling,
memory management, and I/O operations.
ii. Device Drivers: Kernel-mode programs that interact with hardware devices
to perform I/O operations.
iii. HAL (Hardware Abstraction Layer): Provides an abstraction between the OS
kernel and the hardware, allowing Windows to run on different hardware
architectures without changes to the OS core.
Core Components of Windows Kernel:
i. Memory Manager: Manages physical and virtual memory, and ensures
processes don’t interfere with each other's memory space.
ii. Process Manager: Handles process creation, scheduling, and termination.
Ensures fair CPU time distribution among processes.
iii. I/O Manager: Manages I/O operations for file systems, devices, and network
communication, ensuring efficient data transfer.
iv. Security Reference Monitor: Ensures processes and users only have access
to resources they are allowed to.

2.5 Windows API and System Calls

Windows API:
➢ The Windows API (WinAPI) is a set of system calls that applications can use
to interact with the OS for tasks like file management, memory management,
and process control.
➢ It is divided into several categories:
✓ Kernel32: Handles system resources like memory management,
processes, and threads.
✓ User32: Manages user-interface elements such as windows, buttons, and
menus.
✓ GDI32: Manages graphics output devices, providing access to functions
for drawing and managing screen output.

System Calls in Windows:

➢ Applications running in user mode cannot directly interact with the
hardware. Instead, they make system calls (e.g., CreateFile, ReadFile,
WriteFile) to request services from the Windows kernel.
➢ System call process:
i. An application makes a system call.
 ii. The call is intercepted by the Windows API (in user mode).
iii. The API calls the appropriate function in the Kernel Mode (via the NTOS
kernel).
iv. The kernel performs the requested operation (e.g., read from disk).
v. The result is returned to the application.

2.6 Windows System Programming Example

Here’s a simple example of using the Windows API to create a file, write data, and
then read from the file:
TO BE DONE NEXT WEEK:

2.7 Windows Driver Model (WDM)

Windows Device Drivers
➢ Drivers in Windows are kernel-mode software components that allow the
operating system to communicate with hardware devices.
➢ They act as a bridge between the hardware and the operating system,
translating OS commands into specific hardware instructions.
➢ Drivers are critical for system stability and performance, as they operate at a
very low level with direct hardware access.

Windows Driver Model (WDM)

➢ WDM is a framework for writing drivers that allows device drivers to be

portable across different versions of Windows.
➢ Introduced with Windows 98 and Windows 2000 to unify driver
development across Windows versions.
 ➢ WDM abstracts device-specific details, ensuring that drivers work across
different hardware architectures.

Key Features of WDM:

i. Plug and Play (PnP) Support: Allows automatic detection and
configuration of hardware devices.
ii. Power Management: Enables drivers to support system power states and
device-specific power management.
iii. Windows Management Instrumentation (WMI): Provides a way for
drivers to expose management information and operations.
iv. I/O Request Packets (IRPs): Standardized method for communication
between drivers and the I/O Manager.

Driver Types
1. Kernel-Mode Drivers:
➢ Run in Ring 0 (highest privilege level) and interact directly with hardware.
➢ Examples: graphics drivers, disk drivers, network adapter drivers.
Types of Kernel-Mode Drivers:
i. File System Drivers: Manage file systems (e.g., NTFS, FAT32).
ii. Bus Drivers: Manage a bus controller, adapter, or bridge.
iii. Function Drivers: Main driver for a device, providing the operational
interface.
iv. Filter Drivers: Add value to or modify the behavior of other drivers.

2. User-Mode Drivers:
➢ Run in Ring 3 (user mode) and interact indirectly with the hardware.
➢ Examples: printer drivers, scanner drivers.
Advantages:
 a. Enhanced system stability (crashes don't affect kernel).
b. Easier debugging and development.
c. Can leverage user-mode APIs and services.

Driver Development Kit (DDK) / Windows Driver Kit (WDK)

➢ Microsoft provides tools and documentation for driver development:
➢ DDK was the original kit, later replaced by WDK.
➢ WDK includes headers, libraries, tools, and samples for Windows driver
development.
➢ Kernel-Mode Driver Framework (KMDF) and User-Mode Driver
Framework (UMDF) are part of WDK, simplifying driver development.
EXTRA NOTES ON DRIVERS
Driver Signing and Certification
➢ Microsoft requires drivers to be digitally signed for improved security and
stability.
➢ Kernel-mode drivers must be signed with a certificate issued by Microsoft
for Windows 10 and later versions.
➢ Windows Hardware Quality Labs (WHQL) testing is used to certify drivers
for Windows logo compliance.

Driver Loading and Initialization

a. System Boot: Core system drivers are loaded during the boot process.
b. Plug and Play: When a device is connected, Windows searches for and loads
the appropriate driver.
c. Manual Installation: Users or administrators can manually install drivers
through Device Manager or other utilities.
Driver Communication
➢ Drivers communicate with each other and the OS through a layered
architecture:
a. I/O Manager: Manages communication between applications and drivers.
b. Driver Stack: Multiple drivers may be involved in handling a single device
(e.g., function driver, bus driver, filter drivers).
c. Hardware Abstraction Layer (HAL): Provides an abstraction layer between
the hardware and the drivers.

Challenges in Driver Development

a. Complexity: Kernel-mode programming requires deep understanding of the
Windows architecture.
b. Testing: Errors in drivers can cause system crashes, making thorough testing
crucial.
c. Compatibility: Ensuring drivers work across multiple Windows versions and
hardware configurations.
d. Security: Drivers must be designed with security in mind to prevent
vulnerabilities.