Windows operating systems are, to some extent, the standard worldwide. However, as applied to our country, this circumstance is expressed even more distinctly. Be that as it may, but for most domestic users the expression “operating system” does not cause any other associations, except for the appearance of standard “windows” in front of the inner eye.
It is also caused by the fact that most of the problems that our users have to deal with, in one way or another, are connected precisely with those or other characteristics of the “windows”. Unfortunately, only a few users have at least some idea of the operating system with which they have to work every day. But this leads to the appearance of most of the very offensive problems. Do you know, for example, what is ntoskrnl.exe? But this is one of the fundamental components of the Windows OS, without knowing the features of which you may encounter quite serious difficulties.
Definition
Simply put, this unpretentious name does not hide anything, but the kernel of NT systems. Of course, this is far from the whole core, but a rather significant part of it. This file is intended to start in protected mode. Of course, it is precisely because of this that it is a fairly standard target of malware during attacks on the system.
Where is it located?
Knowing the location of the process in most cases is extremely useful, since it allows you to determine whether an element hanging in the task manager is a virus. But in this case, this file is located in several places at once, which is a completely justified step from the point of view of increasing the security of such an important structural element of the system.
So, in case of dangerous damage to the OS due to a system or hardware failure, virus attacks or other troubles, the recovery procedure becomes much simpler. However, let's do a standard search on all Windows directories. Starting with XP, you can find the file in subfolders at: c: \ windows \ system32 \ ntoskrnl.exe.
Different file versions
Experts note that today in Windows systems you can simultaneously see four versions of this file at once. Here they are:
- ntoskrnl.exe can be a kernel component on uniprocessor system configurations ;
- accordingly, it can also be part of the multiprocessor version of the OS;
- single-processor mode, subject to the presence of more than three gigabytes of RAM, also requires its own version of this file for stable operation;
- finally, separate ntoskrnl.exe have multi-core systems with more than three gigabytes of RAM.
Contributing to system boot management
At the initial stage of loading, the bootloader (bootloader) of the system transfers control of the process to the Ntoskrnl system file. The latter initiates the definition of various devices, and also significantly speeds up the preparation of the system environment to start working with various application programs and utilities.
What is the significance of ntoskrnl.exe for new systems? Windows 7 (as well as Windows 8 and Vista) is even more dependent on it (in comparison with older versions of the OS), since in our time the protection of the system from malware is of particular importance. Today they have become much more “inventive”, penetrating the OS at the stage of its launch.
About Security
An extremely important component of this process is the level of hardware abstractions of the kernel - Hardware Abstraction Layer. This is important because the ntoskrnl.exe process runs in privileged mode of the CPU. Specialists also call this option the “zero protection ring” (Ring 0). Simply put, special access mode allows a process to directly access system components, bypassing even interrupt technology. This is done to maximize the speed of the kernel, its balance and independence from the external system shell. Alas, in practice everything can turn out a little differently.
Once again about malware
Not surprisingly, this process is a "tidbit" for the creators of malicious applications. After all, if you infect it, you can access the system at a low level! If such an intervention succeeds, then any antivirus running directly on Windows becomes completely useless.
However, recently this problem has been solved. The very fact of interference in the system is successfully revealed by simply comparing the hash sums of the ntoskrnl.exe file (which you already know), which hangs in the system processes, with the same “reference” value provided by Microsoft.
Other methods of protection
If you try to delete this file from its rightful place in the Windows folder, then after ten to twelve seconds it will again be in the same place! Where will he come from? Yes, just the system will copy it directly from the RAM.
The presence of this process in memory ensures that its copy on disk will not be replaced by some malicious counterpart. To provide complete protection, modern systems of the Windows family repeatedly compare these files throughout their work.
How to make sure there is a process
Let's check if ntoskrnl.exe is actually in the list of system processes. What does it mean? First you need to start the "Task Manager" (by pressing the three buttons, as we mentioned above), and then check the box "Display processes of all users". After that, the process can be seen. Of course, it should be launched from the following location: windows \ system32 \ ntoskrnl.exe.
Possible problems
Alas, in practice it is not so rare to encounter cases when the system boot becomes impossible due to the missing ntoskrnl.exe file. The "blue screen of death" also often arises because of it.
Experts confidently say that in most cases this problem happens due to some kind of malfunction of the computer’s hard drive. Often, users encounter this trouble after replacing the main system disk or connecting a new hard drive. Simply put, after any physical manipulation of hard drives.
Common causes of malfunctions
Despite some vague terminology, some of the main reasons remain almost unchanged. Here they are:
- Cases of file system errors, which is especially common on XP and older operating systems (you can check and fix using the chkdsk command).
- Due to hard drive hardware failures caused by a sudden power outage.
- If bad blocks occur on the surface of the hard drive (it is checked and corrected by a program called Victoria).
Can I repair a damaged file?
Yes, that’s quite real. To complete this task, you will need the drive from which you or your friends installed the system. After loading, select the “System Restore” item in the window of the “Wizard” that appears, and from there run the command line mode. Insert the following command into it: expand d: \ i386 \ ntoskrnl.ex_ c: \ windows \ system32. Please note: substitute the letter of your optical drive instead of D !
Click on Enter. If everything was done correctly, you will be asked to agree to overwrite the system file. Press the Y button, press the Enter button again. The file will be re-copied from the optical disc and written to the system instead of the damaged item.
Important! Use only official installation disks for recovery. In no case do not use all kinds of “assemblies” for this purpose, as as a result you can get even bigger problems!