USER MODE AND KERNEL MODE

USER MODE AND KERNEL MODE:

A processor in a computer running Windows has two different modes: user mode and kernel mode.

The processor switches between the two modes depending on what type of code is running on the processor.

Applications run in user mode, and core operating system components run in kernel mode.

 Many drivers run in kernel mode, but some drivers run in user mode.

Firstly, Intel CPUs have modes of operation called rings which specify the type of instructions and memory available to the running code. There are four rings:

    Ring 0 (also known as kernel mode) has full access to every resource. It is the mode in which the Windows kernel runs.
  
    Rings 1 and 2 can be customized with levels of access but are generally unused unless there are virtual machines running.

    Ring 3 (also known as user mode) has restricted access to resources.

The reason for this is because if all programs ran in kernel mode, they would be able to overwrite each others' memory and possibly bring down the entire system when they crashed.When you start a user-mode application, Windows creates a process for the application.

The process provides the application with a private virtual address space and a private handle table. Because an application's virtual address space is private, one application cannot alter data that belongs to another application.Each application runs in isolation, and if an application crashes, the crash is limited to that one application. Other applications and the operating system are not affected by the crash.

In addition to being private, the virtual address space of a user-mode application is limited. A processor running in user mode cannot access virtual addresses that are reserved for the operating system. Limiting the virtual address space of a user-mode application prevents the application from altering, and possibly damaging, critical operating system data.All code that runs in kernel mode shares a single virtual address space. This means that a kernel-mode driver is not isolated from other drivers and the operating system itself. If a kernel-mode driver accidentally writes to the wrong virtual address,data that belongs to the operating system or another driver could be compromised. If a kernel-mode driver crashes, the entire operating system crashes.



Switching from User Mode to Kernel Mode:

The switch from user mode to kernel mode is not done automatically by CPU. CPU is interrupted by interrupts (timers, keyboard, I/O). When interrupt occurs, CPU stops executing the current running program, switch to kernel mode, executes interrupt handler. This handler saves the state of CPU, performs its operations, restore the state and returns to user mode.