Jump to navigation Jump to search This article is about a computer file that contains a part of Windows kernel, among other things. This article may be too technical for most readers to understand. Please help jump.exe it to make it understandable to non-experts, without removing the technical details.

This section needs additional citations for verification. Overall, there are four kernel image files for each revision of Windows, and two kernel image files for each Windows system. Multiprocessor or uniprocessor files are selected at install time, and PAE or non-PAE files are selected by boot. Routines in ntoskrnl use prefixes on their names to indicate in which component of ntoskrnl they are defined. The following table lists some of them. Windows executive, an “outer layer” of Ntoskrnl.

Nt or Zw are system calls declared in ntdll. When calling the functions directly in ntoskrnl. Zw variants ensure kernel mode, whereas the Nt variants do not. When the kernel receives control, it gets a pointer to a structure as parameter.

In the x86 architecture, the kernel receives the system already in protected mode, with the GDT, IDT and TSS ready. The main entry point of ntoskrnl. This article is about NT implementation of interrupt handlers. For other uses, see Interrupt handling. O port polling to wait for information from devices.

The interrupt table contains handlers for hardware interrupts, software interrupts, and exceptions. This permits various kernel components to carry on critical operations without necessarily blocking services of peripherals and other devices. This article is about NT implementation of a memory manager. For other uses, see memory management. Microsoft Windows divides virtual address space into two regions. The lower part, starting at zero, is instantiated separately for each process and is accessible from both user and kernel mode.

Application programs run in processes and supply code that runs in user mode. The upper part is accessible only from kernel mode, and with some exceptions, is instantiated just once, system-wide. A few of the properties of each block are stored in structures called page table entries, which are managed by the OS and accessed by the processor’s hardware. Windows Registry is a repository for configuration and settings information for the operating system and for other software, such as applications. It can be thought of as a filesystem optimized for small files. However, it is not accessed through file system-like semantics, but rather through a specialized set of APIs, implemented in kernel mode and exposed to user mode.

The registry is stored on disk as several different files called “hives. One, the System hive, is loaded early in the boot sequence and provides configuration information required at that time. Additional registry hives, providing software-specific and user-specific data, are loaded during later phases of system initialization and during user login, respectively. The list of drivers to be loaded from the disk are retrieved from the Services key of the current control set’s key in the SYSTEM registry hive. That key stores device drivers, kernel processes and user processes.