Computers, Security
Ntoskrnl.exe - what is this? Detailed description of the component
Operating systems of the Windows family are to some extent the standard in the whole world. However, with regard to our country, this circumstance is expressed even more clearly. Whatever it was, but for the majority of domestic users the expression "operating system" does not cause any other associations, except the appearance before the inner eye of the standard "windows".
Definition
Simply put, under this unassuming name is hidden not something, but the core of NT systems. Of course, this is not all the core, but a significant part of it. This file is designed to start in protected mode. Of course, it is because of this that it is a fairly standard target of malicious programs when attacking the system.
Where is it located?
So, with dangerous OS damage due to system or hardware failure, virus attacks or other troubles, the recovery procedure becomes much easier. However, let's conduct a standard search in all Windows directories. Since XP, you can find the file in subfolders at the address: c: \ windows \ system32 \ ntoskrnl.exe.
Different versions of the file
Specialists note that to date, on Windows systems , you can simultaneously find four versions of this file at once. Here they are:
- Ntoskrnl.exe can be a kernel component on single-processor system configurations ;
- Accordingly, it can also be part of the multiprocessor version of the OS;
- Uniprocessor mode provided that more than three gigabytes of RAM also requires its own version of this file for stable operation;
- Finally, a separate ntoskrnl.exe has multi-core systems with more than three gigabytes of RAM.
Participation in system load management
At the initial stage of loading, the bootloader (bootloader) of the system transfers control of the process to the system file Ntoskrnl. The latter initiates the detection of various devices, and significantly speeds up the preparation of the system environment to start working with various applications and utilities.
What is the significance of ntoskrnl.exe for new systems? Windows 7 (as well as Windows 8 and Vista) is even more dependent on it (in comparison with older versions of the OS), because in our time, the protection of the system from malicious programs is of particular importance. Today they have become much more "inventive", penetrating into the OS at the stage of its launch.
About the protection system
An extremely important component of this process is the level of hardware abstractions of the kernel - Hardware Abstraction Layer. This is important, since the ntoskrnl.exe process runs in the privileged mode of the CPU. This option is called a "zero protection ring" by experts (Ring 0). Simply put, the special access mode allows the process to directly access system components, bypassing even interrupt technology. This is done for the maximum speed of the kernel, its balance and independence from the external system shell. Alas, in practice everything can turn out a little differently.
Once Again About Malware
However, recently this problem was solved. The very fact of the intervention in the system is successfully opened by simply comparing the hash sums of the file ntoskrnl.exe (which you already know) that hangs in the system processes, with a similar "reference" value provided by Microsoft.
Other protection methods
If you try to delete this file from its rightful place in the Windows folder, then in ten to twelve seconds it will again be in the same place! Where does he get there? Yes, just the system will copy it directly from the RAM.
How to verify the availability of the process?
Let's check if there really is ntoskrnl.exe in the list of system processes. What does it mean? First you need to start the "Task Manager" (by pressing the three buttons, as we mentioned above), and then mark the item "Display the processes of all users" there. After that, the process can be seen. Of course, it should be launched from the following location: windows \ system32 \ ntoskrnl.exe.
Possible problems
Alas, in practice, it's not so rare to meet the cases when system loading becomes impossible due to the missing file ntoskrnl.exe. The "blue screen of death" also often arises because of him.
Experts confidently say that in most cases this problem happens due to some malfunctions of the computer's hard drive. Often, users face this trouble after replacing the main system disk or connecting a new hard drive. Simply put, after any physical manipulation of hard drives.
Common causes of problems
Despite some vagueness of terminology, some basic reasons remain practically unchanged. Here they are:
- Cases of file system errors, which is especially common on XP and older operating systems (you can check and fix it with the chkdsk command).
- Due to hardware failures caused by a sudden power outage.
- When bad blocks appear on the hard disk surface (it is checked and corrected by the program called "Victoria").
Can I repair a corrupt file?
Press Enter. If everything was done correctly, you will be asked to agree to overwrite the system file. Press the button Y, press the Enter button again. The file will be copied from the optical disk and written instead of the damaged item in your system.
Important! To restore, use only the official installation discs. In any case, do not use all sorts of "assemblies" for this purpose, as a result you can get even bigger problems!
Similar articles
Trending Now