The NT Kernel is a microkernel design supporting various architectures (including PPC, Alpha, X86-64, Itanium, MIPS) used in Windows NT, XP, 2003 and Longhorn. Originally designed by Dave Cutler, Lou Perazzoli, Steve Wood, Darryl Havens, Gary Kimura, Tom Miller, Jim Kelly and some others, it now has a much larger team. While the first version of the kernel could be called a true microkernel, recent versions have added many more components which are specific to Win32 support or go beyond the scope of a microkernel; these include win32k-specific callbacks, built-in WMI APIs, networking APIs (there are actually IP->String Conversion routines now built in the kernel), etc.
The kernel design is based on that of Microsoft Windows 2003 Server. It implements kernel mode Asynchronous Procedure Calls (APCs), Deferred Procedure Calls (DPCs), processes, threading, mutexes, semaphores, spinlocks, timing code, and more.
The Scheduler is often considered the most critical part of a kernel. The NT Kernel Scheduler is a Thread-Based Scheduler, which means that it schedules threads, not processes. The NT Scheduler uses a highly scalable preemptive multitasking design. A new thread will usually be scheduled at the next system interrupt, but a Deferred Procedure Call can also be delivered instead. The time that threads will run on is called the Quantum, and the end of a Quantum usually means that a new thread will be scheduled. NT Threads have 3 basic states: Running, Ready, Scheduled and threads in all three categories can be preempted by a higher priority thread, or interrupted by a DPC or APC if the right environment is present. Because of this "volatility", NT Kernel (and User-Mode, although less noticeably) developers cannot assume that their thread will control the CPU for as long as they want. For this reason, a variety of locking, synchronization, priority level and interrupt masking facilities are available. These facilities provide simple means for locking a resource so that a new thread will not be able to touch it, for ensuring that the thread won't be interrupted by an APC, for not allowing the thread to be preempted (by using the highest priority level), or even to totally disable any system interrupts and task switching by raising the IRQL to maximum, thereby masking all interrupts. The Idle Thread is the default thread that will be switched to by the Scheduler if no suitable thread has been found. It is also the thread which is used for Phase 1 Initialization, until the Initial System Thread has been created.
The Dispatcher is the Kernel Component that takes care of Dispatcher Objects, which are used for Synchronization and Notificaiton. The Dispatcher is responsible for signaling these objects when needed, handling any waits on these objects, managing the waiters and their wait blocks and performing the actual wait. These operations are part of Dispatching. Not to be confused with Scheduling.
- Event – An action that is usually initiated outside the scope of a program.
- Semaphore – The classic method for restricting access to shared resources.
- Thread – The smallest functional unit of executing code on a CPU.
- Timer – Counters that either increment or decrement at a fixed frequency.
- Mutex – An object that allows multiple threads to synchronize access and avoid the simultaneous use of a common resource.
The NT Executive is the subsystem which provides drivers with a high-level access to the kernel dispatcher objects as well as support for higher-level process and thread functionality, such as Tokens (managed by the Security Subsystem), Objects, Handles, Quotas, WIN32K, Jobs, Ports (managed by the LPC Subsystem), etc. It contains a wrapper interface for every kernel dispatcher object and provides some of its own, such as the Fast Mutex, Callbacks and Pushlocks. It also provides high-level access to some memory management structures and functionality, such as Pool Allocation.