Overview of User and Kernel modes
Your computer running Windows operating has two different modes, and they are User mode and Kernel mode. The microprocessor within the computer is able to automatically switch between either mode, depending on what type of code is running. Applications & programs are designed to run in the User mode, while components linked to the core operating system will run in Kernel mode instead. Most drivers will run in Kernel mode, but there are those that run in the User mode as well.
Kernel Mode and User Mode in Windows operating system
Understanding the important aspects of User and Kernel modes should be on the agenda for any advanced computer user. We will discuss the following in this post:
1] How does Kernel Mode work in Windows 11/10?
Says Microsoft: OK, so every code that runs in Kernel mode tends to share the same virtual address space. What does this mean? Well, a Kernel-mode driver is not separated from other drivers, and the same can be said for the operating system as well. Bear in mind that if a Kernel-mode driver manages to write to the wrong virtual address accidentally, then the data that is linked with the operating system could be compromised. We also understand other drivers can be comprised in this fashion as well. Additionally, if a Kernel-mode driver experiences a crash, then the entire Windows 11/10 operating system will crash. Read: What is a Kernel in OS? What are the types of Kernel?
2] How does User mode work in Windows 11/10?
Says Microsoft: Whenever a computer user starts a User-mode application, the Windows 11/10 OS will create a process for that application. Now, the process will work to provide the application with a private handle table along with a virtual address space. Check this. One application is not able to alter data that belongs to other applications. This is because an application’s virtual address space is always private and cannot be changed. You see, every application here runs in isolation, therefore, if one app should crash, only that app will be affected. Other apps running on the operating system will continue running as expected.
3] What is the difference between Kernel and User mode on Windows 11/10?
The biggest difference between both modes, really, is the level of privilege they offer. When in User mode, the application does not have a lot of privilege, which means, it lacks direct access to hardware recourses. However, with Kernel mode, it comes with increase privileges, and as such, a simple crash can take down an entire operating system, something not possible with User mode.
4] How does Windows separate system resources from user applications?
Microsoft designed the Windows operating system to use a layered model to ascertain the current level of privilege for a process. You see, applications that live on the outer layer usually have access to fewer privileges, while the Kernel, which sits at the core, has access to a lot more. Read: What is Windows Kernel Mode Power Manager?
What is difference between Kernel space and User space?
Kernel space is reserved for running a privileged operating system kernel process including drivers. User space is the memory area that is reserved for running programs and software.
Do device drivers run in kernel mode?
Drivers are software, so yes, device drivers can run in Kernel mode. However, since device drivers do not need access to protected data, they can run just fine in User mode with little need to perform in Kernel mode. Read next: Interactive map of Linux Kernel.