Windows NT Kernel Mode is also known as the priveledged processor mode. The Kernel Mode is the inner core of the Windows NT operating system.

Kernel Mode has execution priority over all user items, and the execution cannot be swapped. The Kernel Mode handles all requests from user applications and returns all the resulting data.

There are three modules that make up the Kernel Mode:

  • NT Executive
    The NT Executive is the interface between the Kernel and the Environmental Subsystems. It performs the following functions:
    1. Object Manager
      Provides rules for retention, naming and security of objects.
    2. Security Reference
      Provides monitor for the logon process.
    3. Process Manager
      Creates and deletes processes, tracks threads and processes objects.
    4. Local Procedure Call Facility
      Provides client/server relations between the environmental subsystems and the user applications.
    5. Virtual Memory Manager
      Maps virtual to physical memory, provides efficient usage of flat memory model.
    6. I/O Manager
      Handles all I/O calls and routes requests to drivers.
    7. Hardware Device Drivers
      Enables specific hardware device to communicate with the NT operating system.
    8. Win32k Windows Manager and GDI
      Functions that control the display of graphics on a monitor or used in a print device.
    9. Graphics Device Drivers
      Enables the graphics hardware to communicate with Windows NT.

  • The Kernel
    The Kernel schedules all system activities and threads for optimum performance. There are 32 levels of thread priority, and they cannot be paged.

  • HAL
    Not the crazy computer from 2001, HAL is the Hardware Abstraction Layer. The HAL provides code portability and handles specific system calls to allow the code to be used on several hardware architectures. Between Intel and DEC Alpha, Windows NT is almost identical. The HALs are different, as they are the hardware architecture specific information on the installed machine.