Service processes
                                        System support                               Applications
                                           processes
                                        Service control                                              Environment
                                          manager           SVChost.exe
                                                                                 Task manager         subsystems
                                         Lsass            Winmgmt.exe            Windows
                                       Winlogon            Spooler               Explorer           POSIX
                                                                                User
                                     Session           Services.exe           application
                                     manager                                                     Win32
                                                                            Subsytem DLLs


                                                                         Ntdll.dll
                                   System
                                   threads                         User mode
                                                                  Kernel mode
                                                                 System service dispatcher
                                                       (Kernel-mode callable interfaces)
                                                                                                     Win32 USER,
                                     I/O manager                                                        GDI


                                    Device        File system cache  Object manager  manager  Plug and play  Power manager  monitor  Security reference  Virtual memory  threads  Processes and  manager (registry)  Configuration  call  Local procedure
                                   and file                                                             Graphics
                                    system                                                               drivers
                                   drivers

                                                                      Kernel
                                                           Hardware abstraction layer (HAL)



                                       Lsass = local security authentication server  Colored area indicates Executive
                                       POSIX = portable operating system interface
                                       GDI = graphics device interface
                                       DLL = dynamic link libraries

                                                      Figure 2.14  Windows Architecture