- Ntoskrnl.exe
ntoskrnl.exe (and ntkrnlpa.exe on systems with
Physical Address Extension support) is the kernel image for the family ofMicrosoft Windows NT operating systems. It provides the Microkernel and Executive layers of the Windows NT kernel space, and is responsible for various system services such as hardware virtualisation, process and memory management, etc., thus making it a fundamental part of the system. It contains the Cache Manager, the Executive, the Kernel, the Security Reference Monitor, the Memory Manager, and the Scheduler, among other things.Russinovich, M: [http://www.microsoft.com/technet/sysinternals/information/TipsAndTrivia.mspx#ERD Systems Internals Tips and Trivia] , "SysInternals Information"]Startup
This system binary is a Native Application (in that it is not linked against ntdll.dll) but with a standard main entry point, a stub that calls the kernel initialization function and is itself called upon system boot by the OS loader (internal symbol OSLOADER):
// // NTOSKRNL main // int main( boot parameters ) { // // Fire up NT! // KiSystemStartup(); return 0; }
While ntoskrnl.exe is not linked against ntdll.dll, it is linked against bootvid.dll, hal.dll and kdcom.dll. Because it requires a static copy of ntdll objects it depends on, the *.exe is usually about 2MB in size.
Names of kernel
* "NTOSKRNL.EXE" : 1 CPU
* "NTKRNLMP.EXE" : N CPU SMP
* "NTKRNLPA.EXE" : 1 CPU, PAE
* "NTKRPAMP.EXE" : N CPU SMP, PAENotes
See also
*
Architecture of the Windows NT operating system line
*Windows NT Startup Process
* [http://www.microsoft.com/technet/technetmag/issues/2007/02/VistaKernel/default.aspx?pf=true Inside the Windows Vista Kernel (TechNet Magazine)]
Wikimedia Foundation. 2010.
