Date: 26 July, 2014
Version: 0.1
By: Albert van der Sel
Windows OS Architecture
1. Very basic overview Windows OS Architecture.
2. Two types of bootsequences: (1) EFI boot, and (2) the traditional BIOS/MBR boot.
Schematic representation of the full boot, either MBR or EFI:
Figures below: Note the small EFI System Partition (typically created as 100M - 300M):
Now, on a Win2K8 system using BIOS/MBR, and a Win2K12 system with EFI, let's try the "bcdedit" command:
System 1: Win2K8 met BIOS/MBR
C:\temp> bcdedit
Windows Boot Manager
--------------------
identifier..............{bootmgr}
device..................partition=\Device\HarddiskVolume8
description.............Windows Boot Manager
locale..................en-US
inherit.................{globalsettings}
default.................{current}
resumeobject............{9a8c2406-9e45-11e2-a4c6-83b0f4cab6b1}
displayorder............{current}
toolsdisplayorder.......{memdiag}
timeout.................30
Windows Boot Loader
-------------------
identifier..............{current}
device..................partition=C:
path..................\Windows\system32\winload.exe (note this line)
description.............Windows Server 2008 R2
locale..................en-US
inherit.................{bootloadersettings}
recoverysequence........{9a8c240a-9e45-11e2-a4c6-83b0f4cab6b1}
recoveryenabled ........Yes
osdevice................partition=C:
systemroot..............\Windows
resumeobject............{9a8c2406-9e45-11e2-a4c6-83b0f4cab6b1}
nx......................OptOut
System 2: Win2K12 met EFI/GPT
C:\temp> bcdedit
Windows Boot Manager
--------------------
identifier..............{bootmgr}
device..................partition=\Device\HarddiskVolume2
path....................\EFI\Microsoft\Boot\bootmgfw.efi
description.............Windows Boot Manager
locale..................en-US
inherit.................{globalsettings}
integrityservices.......Enable
bootshutdowndisabled....Yes
default.................{current}
resumeobject............{e1ef3c5d-449a-11e4-8288-b8ca3ab421ed}
displayorder............{current}
toolsdisplayorder.......{memdiag}
timeout.................30
Windows Boot Loader
-------------------
identifier..............{current}
device..................partition=C:
path..................\Windows\system32\winload.efi (note this line)
description.............Windows Server 2012 R2
locale..................en-US
inherit.................{bootloadersettings}
recoverysequence........{e1ef3c5f-449a-11e4-8288-b8ca3ab421ed}
integrityservices.......Enable
recoveryenabled.........Yes
isolatedcontext ........Yes
allowedinmemorysettings.0x15000075
osdevice................partition=C:
systemroot..............\Windows
resumeobject............{e1ef3c5d-449a-11e4-8288-b8ca3ab421ed}
nx......................OptOut
3. Disksubsystems.
4. Very basic overview Windows Network Architecture.
5. Very basic overview Windows Print Architecture.
6. Very basic overview Windows Active Directory Tree/Forest Architecture.
7. Very basic overview RPC, COM/DCOM
The Windows OS (libraries etc..) is practically build on Remote (Local) Procedure Calls (RPC).
Also, although DOT NET is very prominent, COM/DCOM based apps are still very common.
Besides that, many base libraries stil are COM/DCOM based.
8. Very basic overview Windows Active Directory Architecture.