Date: 26 July, 2014
Version: 0.1
By: Albert van der Sel


Windows OS Architecture


1. Very basic overview Windows OS Architecture.




2. Two types of bootsequences: (1) EFI boot, and (2) the traditional BIOS/MBR boot.


Schematic representation of the full boot, either MBR or EFI:








Figures below: Note the small EFI System Partition (typically created as 100M - 300M):



Now, on a Win2K8 system using BIOS/MBR, and a Win2K12 system with EFI, let's try the "bcdedit" command:

System 1: Win2K8 met BIOS/MBR

C:\temp> bcdedit

Windows Boot Manager
--------------------
identifier..............{bootmgr}
device..................partition=\Device\HarddiskVolume8
description.............Windows Boot Manager
locale..................en-US
inherit.................{globalsettings}
default.................{current}
resumeobject............{9a8c2406-9e45-11e2-a4c6-83b0f4cab6b1}
displayorder............{current}
toolsdisplayorder.......{memdiag}
timeout.................30

Windows Boot Loader
-------------------
identifier..............{current}
device..................partition=C:
path..................\Windows\system32\winload.exe (note this line)
description.............Windows Server 2008 R2
locale..................en-US
inherit.................{bootloadersettings}
recoverysequence........{9a8c240a-9e45-11e2-a4c6-83b0f4cab6b1}
recoveryenabled ........Yes
osdevice................partition=C:
systemroot..............\Windows
resumeobject............{9a8c2406-9e45-11e2-a4c6-83b0f4cab6b1}
nx......................OptOut

System 2: Win2K12 met EFI/GPT

C:\temp> bcdedit

Windows Boot Manager
--------------------
identifier..............{bootmgr}
device..................partition=\Device\HarddiskVolume2
path....................\EFI\Microsoft\Boot\bootmgfw.efi
description.............Windows Boot Manager
locale..................en-US
inherit.................{globalsettings}
integrityservices.......Enable
bootshutdowndisabled....Yes
default.................{current}
resumeobject............{e1ef3c5d-449a-11e4-8288-b8ca3ab421ed}
displayorder............{current}
toolsdisplayorder.......{memdiag}
timeout.................30

Windows Boot Loader
-------------------
identifier..............{current}
device..................partition=C:
path..................\Windows\system32\winload.efi (note this line)
description.............Windows Server 2012 R2
locale..................en-US
inherit.................{bootloadersettings}
recoverysequence........{e1ef3c5f-449a-11e4-8288-b8ca3ab421ed}
integrityservices.......Enable
recoveryenabled.........Yes
isolatedcontext ........Yes
allowedinmemorysettings.0x15000075
osdevice................partition=C:
systemroot..............\Windows
resumeobject............{e1ef3c5d-449a-11e4-8288-b8ca3ab421ed}
nx......................OptOut


3. Disksubsystems.



4. Very basic overview Windows Network Architecture.






5. Very basic overview Windows Print Architecture.




6. Very basic overview Windows Active Directory Tree/Forest Architecture.




7. Very basic overview RPC, COM/DCOM


The Windows OS (libraries etc..) is practically build on Remote (Local) Procedure Calls (RPC).

Also, although DOT NET is very prominent, COM/DCOM based apps are still very common.
Besides that, many base libraries stil are COM/DCOM based.




8. Very basic overview Windows Active Directory Architecture.