Couple of years back I prepared a presentation on "Windows NT Architecture" to give seminar in my college when I was doing my graduation. I just found that presentation in a back up CD. I thought its worth to share with others:

The whole architecture of Windows NT can be divided into two parts: User mode and Kernel mode

  • User mode is the least privileged mode of Windows NT and it has no direct access to hardware and only restricted access to memory.
  • Kernel mode is the privileged mode of Windows NT and it has direct access to hardware and memory.

Components of User mode:

  • End user Applications
  • Environment Subsystems

Components of Kernel mode:

  • NT Executive
  • NT Kernel (Microkernel)
  • Hardware Abstraction Layer (HAL)

Environment Subsystem:

The main function of environment subsystem is to convert the requests made by an application to the request that NT’s Kernel mode component understand.

NT includes a set of environment subsystem which are:

  1. Win32 subsystem
  2. Win16 subsystem
  3. DOS environment
  4. OS/2 subsystem
  5. POSIX subsystem
  6. Security subsystem

The Executive:

NT’s Executive contains a set of subsystems which are used to perform most of the functions associated with Operating System. Each subsystem has a separate responsibility. Following are the various components of the Executive:

  1. Object Manager: It manage objects that represents resources.
  2. Security Reference Monitor: It checks for proper authorization before granting access to objects.
  3. Virtual Memory Manager: It creates and manages address space for processes, and it also controls physical memory allocation.
  4. I/O Manager:
    • It contains three components Drivers, File system, and Cache manager.
    • It manage file system drivers, device drivers, network drivers, and I/O request buffer. It is also responsible for integrating device drivers with NT.
    • Cache manager maintains NT’s file system cache.
  5. Process Manager: It wraps the process and thread objects and adds to it a process/thread identifier, the access token, and address space.
  6. Configuration Manager: It manages the registry of the operating system.


  1. It operates more closely with hardware than Executive, and it contains CPU specific code.
  2. Schedules threads and processes to run.
  3. It handles hardware interrupts and dispatches them to appropriate drivers and threads.
  4. It handles hardware and software generated exceptions.
  5. System shutdown, and restoration after power failure.

Hardware Abstraction Layer:

  1. It isolate Kernel from hardware variations.
  2. HAL exports a common processor model that masks the differences in various processor chips from NT.