Long description

The figure shows three layers. Layer 1 is divided into three blocks, first block is labeled Modern Windows Apps and consists of five rows which are given as follows: Modern app mgr, WinRT:.NET slash C plus plus, W W A slash J S, C O M, AppContainer and Process lifetime mgr. The second block is labeled Windo,ws Services and consists of three rows which are given as follows: Modern broker processes, NT services: smss, lsass, services, winlogon, Win32 subsystem process (csrss.exe). The third block is labeled Windows Desktop Apps and consists of five layers which are given as follows: Desktop mgr (explorer), open square bracket.NET: base classes, GC close square bracket, G U I (shell32, user32, gdi32), Dynamic libraries (ole, rpc) and Subsystem API (kernel32). The second and third layer is labeled Native NT API, C slash C plus plus run-time (ntdll.dll), and N T O S kernel layer (ntoskrnl.exe). A dotted line is placed in between the second and third layer which is marked user mode on top of the dotted line and kernel-mode below the dotted line. The fourth layer is divided into three blocks which are given follows Drivers: devices, file systems, network, NTOS executive layer (ntoskrnl.exe), and GUI driver (Win32k.sys). The fifth and sixth layer is labeled the Hardware abstraction layer (hal.dll) and Hypervisor (hvix, hvax).