您可能听说过以“内核”或“用户”模式运行的应用程序。这完全取决于操作系统在完成工作时的工作方式。一旦理解了这一点，就很容易掌握用户模式和内核模式之间的区别。

了解操作系统的作用^(Does)

计算机由硬件、电子组件和软件（由该硬件执行的计算机代码）组成。但可能不太清楚的是它们如何协同工作。

计算机最基本的元素是位或“二进制数字”。” 计算机所做的一切都^{(” Everything)}表示为 1 和 0。不同^(Different)的计算机组件以不同的方式表示位。在CPU中，微观晶体管通过打开或关闭来表示 1 和 0。这些晶体管被排列成逻辑结构，称为逻辑门。

在电子计算机存储器中，位由具有高于或低于某个阈值的电荷的存储单元表示。在机械硬盘驱动器上，位表示为在旋转盘片上测量的磁波动。在光盘上，反射或不反射激光的凹坑和平台做同样的工作。 

无论二进制代码的物理表示是如何实现的，您最终都可以将所有消费类计算机组件简化为原始机器代码。

那么，如何从计算机的人性化界面转变为计算机本身的原始低级进程呢？这就是操作系统的用武之地。它直接控制计算机的硬件。 

该软件将应用程序（以及用户）想要的所有内容转换为CPU^(CPU)和其他组件可以理解的机器代码指令。这个过程中最关键的软件是内核。

什么是内核？

内核，顾名思义，是操作系统的核心。内核是驻留在RAM中的软件，它指导计算机所做的一切。当某些东西被写入内存时，它是指导执行的内核。

内核知道如何与GPU^(GPUs)和网卡等硬件接口，但它可能不知道如何充分发挥它们的潜力，依赖于计算机行业的通用标准。

硬件驱动程序在这里发挥作用。驱动程序告诉您的操作系统如何使用特定组件，这就是为什么您需要不同的驱动程序用于Nvidia和AMD GPU^{(AMD GPUs)}等。

配备了正确的驱动程序后，内核是计算机中的最终权威，包括可以灾难性地破坏数据的行为。

应用程序编程接口^{(Application Programming Interfaces)}( API^(APIs) )的作用^(Role)

在MS-DOS时代，软件开发人员必须专门为用户的硬件编写软件。在MS-DOS^(MS-DOS)系统上最臭名昭著的例子是声卡驱动程序。

给定的视频游戏必须支持最流行的卡（Sound Blaster、Ad-lib、Gravis Ultrasound等），并希望能覆盖大多数玩家。今天，由于API^(APIs)，事情的运作方式大不相同。

Microsoft DirectX就是一个很好的例子。如果您想深入了解，请查看什么是 DirectX 以及它为何重要？^{(What Is DirectX and Why Is It Important?)}然而，最重要的是要知道，API为软件开发人员提供了一种从^(API)GPU等组件请求硬件资源的标准方式。此外，硬件制造商必须确保他们的产品符合DirectX，以确保与任何同样兼容的软件完全兼容。

API^(APIs)在软件应用程序和带有硬件驱动程序的低级内核之间提供了一层转换。是的，这会带来轻微的性能损失。尽管如此，在现代计算机上，这仍然是微不足道的，它带来了各种优势，这就是我们最终来到用户模式和内核模式的地方。

用户模式与内核模式

现代操作系统同时运行成百上千个“进程”，根据它们的优先级和计算能力要求动态地为它们提供CPU时间。^(CPU)

当您启动应用程序时，它会生成进程，CPU可以在用户模式或内核模式下执行它们。

在用户模式下运行的Windows进程只能访问自己的私有虚拟内存地址空间和句柄表。该软件使用这些表将数据存储在RAM中并请求资源。无法直接访问内存或其他硬件，操作系统将这些虚拟空间映射到计算机的实际硬件。

这有很多好处，但最关键的好处是应用程序不能覆盖或更改其虚拟内存地址空间之外的数据。此外，某些功能对用户模式进程是禁止使用的，主要是那些可能导致系统崩溃或破坏数据的功能。

当一个进程启动或提升到内核模式时，它可以完全访问系统资源，甚至是为操作系统保留的资源。因此，理论上，它可以覆盖操作系统正常运行所需的关键数据。

陷阱和异常

重要的是要了解这两种模式是由CPU本身在硬件级别强制执行的。如果在用户模式下运行的应用程序尝试执行需要内核模式访问的操作，则会生成“陷阱”或“异常”。然后操作系统将处理应用程序，通常是关闭它并生成崩溃日志，以便开发人员可以看到当事情出轨时内存中发生了什么。

内核^{(Kernel Mode)}模式^(Death)的危险^(Dangers)：蓝屏^{(Blue Screen)}死机_

如果您曾经经历过蓝屏死机^{(Blue Screen)}（^(Death)谁没有？）迫使您的计算机关闭或重新启动，那么很有可能是内核模式进程造成的。

当内核模式下的进程做了不应该做的事情时，操作系统无法从中恢复，整个计算机就会停止。当用户模式进程失控时，只有应用程序崩溃，其余软件和操作系统可以继续运行而不会出现任何问题。

这是API^(APIs)发挥重要作用的一个领域，因为它是请求内核模式权限的API 。用户模式应用程序本质上将需要内核模式权限的请求委托给API。

这就是为什么内核模式通常只授予需要直接访问计算机硬件的低级系统进程。通常，此权限会扩展到进程，因为它需要比用户模式所能提供的更多的性能。一些CPU指令只在内核模式下工作，所以如果一个进程需要使用这些功能，它必须被提升。

如果您遇到蓝屏^{(Blue Screen)}死机^(Death)问题，请务必阅读我们的 Windows 10 蓝屏死机故障排除指南^{(Blue Screen of Death Troubleshooting Guide for Windows 10)}！

What Is User Mode vs Kernel Mode in Windows

You may have heard about аpрlications running in “kernel” or “user” mode. It’s all down to how operating systems work when they do their jobs. Once you undеrstand that, it’ѕ easy to grasp the dіfferencе between user mode and kernel mode.

Understanding What an Operating System Does

A computer consists of hardware, the electronic components, and software, the computer code executed by that hardware. But what may be less clear is how they work together.

A computer’s most essential element is the bit or “binary digit.” Everything a computer does is represented as ones and zeroes. Different computer components represent bits in different ways. In a CPU, microscopic transistors represent ones and zeroes by either being on or off. Those transistors are arranged into logical structures, called logic gates.

In electronic computer memory, bits are represented by memory cells either having a charge above or below a certain threshold. On a mechanical hard drive, bits are represented as magnetic fluctuations measured on a spinning platter. On optical discs, pits and lands that do or do not reflect laser light do the same job. 

No matter how the physical representation of binary code is achieved, you can eventually reduce down all consumer computer components to this raw machine code.

So how do you go from the human-friendly interface of a computer to the raw, low-level processes in the computer itself? That’s where the operating system comes in. It directly controls the hardware of the computer. 

This software translates everything applications (and therefore the user) want into the machine code instructions that the CPU and other components understand. The most critical piece of software in this process is the kernel.

What Is the Kernel?

The kernel is, as the name suggests, the core of the operating system. The kernel is software that resides in RAM and directs everything the computer does. When something is written into memory, it’s the kernel that directs the execution.

The kernel knows how to interface with hardware such as GPUs and network cards, but it may not know how to operate them to their full potential, relying on generic standards in the computer industry.

The hardware drivers come into play here. Drivers tell your operating system how to work with specific components, which is why you need different drivers for Nvidia and AMD GPUs, for example.

Equipped with the right drivers, the kernel is the ultimate authority within the computer, including doing things that can catastrophically destroy data.

The Role of Application Programming Interfaces (APIs)

In the days of MS-DOS, software developers had to write their software specifically for the user’s hardware. The most notorious example of this on MS-DOS systems were sound card drivers.

A given video game would have to support the most popular cards (Sound Blaster, Ad-lib, Gravis Ultrasound, etc.) and hope that most players were covered. Today, things work very differently, thanks to APIs.

Microsoft DirectX is a great example. If you want an in-depth explanation, check out What Is DirectX and Why Is It Important? However, the most important thing to know is that the API offers a standard way for software developers to ask for hardware resources from components like the GPU. Additionally, hardware makers must only ensure that their products comply with DirectX to ensure full compatibility with any likewise compliant software.

APIs offer a layer of translation between software applications and the low-level kernel with its hardware drivers. Yes, this comes with a slight performance penalty. Still, on modern computers, this is negligible, and it comes with a variety of advantages, which is where we finally come to user mode and kernel mode.

User Mode vs. Kernel Mode

Modern operating systems run hundreds or thousands of “processes” simultaneously, dynamically giving them CPU time as needed based on their priorities and computation power requirements.

When you launch an application, it generates processes, and the CPU can execute them in either user mode or kernel mode.

A Windows process running in user mode only has access to its own private virtual memory address space and handle table. The software uses these tables to store data in RAM and request resources. There’s no direct access to memory or other hardware, and it’s up to the operating system to map those virtual spaces to the actual hardware of the computer.

This is good for many reasons, but the most crucial benefit is that the application can’t overwrite or alter data outside its virtual memory address space. In addition, certain functions are off-limits to user-mode processes, mainly ones that could crash the system or destroy data.

When a process launches or is elevated to kernel mode, it has full access to system resources, even those reserved for the operating system. So, in theory, it could overwrite crucial data that the operating system needs to run properly.

Traps and Exceptions

It’s important to understand that these two modes are enforced at the hardware level by the CPU itself. If an application running in user mode tries to do something that requires kernel-mode access, it generates a “trap” or “exception.” The operating system will then deal with the application, usually by shutting it down and generating a crash log so that the developers can see what happened in memory when things went off the rails.

The Dangers of Kernel Mode: The Blue Screen of Death

If you’ve ever experienced a Blue Screen of Death (who hasn’t?) that forced your computer to switch off or restart, there’s a good chance it was a kernel-mode process to blame.

When a process in kernel mode does something it’s not supposed to, the operating system can’t recover from it, and the entire computer halts. When a user-mode process goes haywire, only the application crashes, and the rest of the software and the operating system can go on without any issues.

This is one area where APIs play an essential role since it’s the API asking for kernel-mode privileges. User-mode applications essentially delegate requests that would have required kernel-mode privileges to the API.

This is why kernel-mode is usually only granted to low-level system processes that need to access the computer’s hardware directly. Usually, this privilege is extended to a process because it needs more performance than user mode can provide. Some CPU instructions only work in kernel mode, so if a process needs to use those functions, it has to be elevated.

If you’re having trouble with the Blue Screen of Death, be sure to read our Blue Screen of Death Troubleshooting Guide for Windows 10!

Related posts

• 如何在Windows 11中启用Dark Mode

• 如何使用本地帐户安装Windows 11

• 6种方法退出Windows 11

• 如何在Safe Mode中启动Windows 11（8种方式）

• 在Windows 11中创建和添加新用户的5种方法

• 如何在Windows 11中从Photos中制作Video

• Dynamic Refresh Rate feature如何在Windows 11中工作

• 如何在 Windows 11 中启用休眠模式

• 如何在Windows 11上切换Insider Channel9

• 如何阻止Windows 11在计算机上安装

• 如何从Microsoft one切换到Windows 11本地帐户

• 如何安装Windows Subsystem为Linux上Windows 11

• 如何签出email account在Mail app在Windows 11

• 如何在Windows 11开设Windows Tools

• Windows 11 vs. Windows 10 vs. Windows 7中的God Mode

• 支持Windows 11 operating system的芯片组和主板

• 您将升级哪个Windows 11的Edition？

• 如何将任何应用程序放到Windows 11中的Taskbar

• 如何在Windows 11上设置不同桌面上的不同壁纸

• 如何以安全模式启动 Windows 11