用户模式和内核模式User mode and kernel mode

运行 Windows 的计算机中的处理器有两个不同模式:用户模式 和内核模式 。A processor in a computer running Windows has two different modes: user mode and kernel mode. 根据处理器上运行的代码的类型,处理器在两个模式之间切换。The processor switches between the two modes depending on what type of code is running on the processor. 应用程序在用户模式下运行,核心操作系统组件在内核模式下运行。Applications run in user mode, and core operating system components run in kernel mode. 虽然许多驱动程序以内核模式运行,但某些驱动程序可能以用户模式运行。While many drivers run in kernel mode, some drivers may run in user mode.

启动用户模式应用程序时,Windows 会为该应用程序创建进程 。When you start a user-mode application, Windows creates a process for the application. 进程为应用程序提供专用的“虚拟地址空间” 和专用的“句柄表” 。The process provides the application with a private virtual address space and a private handle table. 由于应用程序的虚拟地址空间为专用空间,因此一个应用程序无法更改属于其他应用程序的数据。Because an application's virtual address space is private, one application cannot alter data that belongs to another application. 每个应用程序都隔离运行,如果一个应用程序发生故障,则故障仅局限于该应用程序。Each application runs in isolation, and if an application crashes, the crash is limited to that one application. 其他应用程序和操作系统不会受该故障的影响。Other applications and the operating system are not affected by the crash.

除了专用之外,用户模式应用程序的虚拟地址空间也受到限制。In addition to being private, the virtual address space of a user-mode application is limited. 在用户模式下运行的处理器无法访问为操作系统保留的虚拟地址。A processor running in user mode cannot access virtual addresses that are reserved for the operating system. 限制用户模式应用程序的虚拟地址空间可防止应用程序更改以及可能损坏关键的操作系统数据。Limiting the virtual address space of a user-mode application prevents the application from altering, and possibly damaging, critical operating system data.

在内核模式下运行的所有代码都共享单个虚拟地址空间。All code that runs in kernel mode shares a single virtual address space. 这意味着内核模式驱动程序不会与其他驱动程序和操作系统本身隔离。This means that a kernel-mode driver is not isolated from other drivers and the operating system itself. 如果内核模式驱动程序意外写入错误的虚拟地址,则属于操作系统或其他驱动程序的数据可能会受到安全威胁。If a kernel-mode driver accidentally writes to the wrong virtual address, data that belongs to the operating system or another driver could be compromised. 如果内核模式驱动程序发生故障,整个操作系统就会发生故障。If a kernel-mode driver crashes, the entire operating system crashes.

此图说明了用户模式组件与内核模式组件之间的通信。This diagram illustrates communication between user-mode and kernel-mode components.

框图:用户模式组件和内核模式组件

相关主题Related topics

虚拟地址空间Virtual Address Spaces