Ntoskrnl.exe - what is it?

Windows operating systems to some extent are the standard worldwide.However, with regard to our country, this circumstance is expressed more clearly.Whatever it was, but for the majority of domestic users of the term "operating system" does not cause any other associations, but to the mind's eye to the emergence of a standard "windows."

The same is caused by the fact that most of the problems faced by our users, is somehow connected just the same with certain characteristics of "windows."Unfortunately, few people have at least some idea of ​​the operating system with which they have to work every day.But this leads to the appearance of most of the highly offensive problems.Did you know, for instance, that is ntoskrnl.exe?But this is one of the fundamental components of Windows, without any knowledge of the features that you may face quite serious problems.


Simply put, under this unassuming name hides nothing else but the core systems NT.Of course, this is not all the core, but quite a significant part of it.This rope is used to start in secure mode.Of course, precisely because he is a pretty standard target of malicious programs in the attacks on the system.

Where is?

knowledge of the location of most of the time extremely useful, as it allows to determine not whether the hanging element in the task manager virus.But in this case the file is located in several places, which is quite justified step in terms of improving the safety of such an important structural element of the system.

So, at risk of damage to the operating system as a result of system or hardware failure, virus attack or other troubles recovery procedure becomes much easier.However, let's standard search all directories Windows.Beginning with XP, you can find the file in the folder at the following address: c: \ windows \ system32 \ ntoskrnl.exe.

different versions of files

Experts note that today in the systems of Windows at the same time it can be seen as four versions of the file.Here they are:

  • ntoskrnl.exe can be a component in the core single-processor system configurations;
  • accordingly, it can also be part of a multi-OS;
  • single processor mode when the availability of more than three gigabytes of RAM is also required for stable operation of its own version of the file;
  • finally separate ntoskrnl.exe have multicore systems with more than three gigabytes of RAM.

participation in the management of the system boot

The initial boot loader (bootloader) system transmits process control system file Ntoskrnl.Last initiate the definition of different devices, and significantly speeds up the preparation of the system environment to start working with various applications and utilities.

What is important for new systems ntoskrnl.exe?Of Windows 7 (as well as 8 and Windows and Vista) even more dependent on it (in comparison with older versions of the operating system), as in our time is particularly important to protect the system against malicious software.Today, they have become much more "inventive", getting into the operating system at the stage of its launch.

about security

extremely important part of this process is a hardware abstraction layer core - Hardware Abstraction Layer.This is important as the process ntoskrnl.exe executed in a privileged mode of the CPU.This option experts also called "zero ring protection» (Ring 0).Simply put, the regime of special access allows a process to directly access the components of the system, bypassing even the technology trap.It made it to the maximum speed of the nucleus, its balance and independence of the external system shell.Alas, in practice it may turn out a little differently.

Once again malware

It is not surprising that this process is a "tasty morsel" for the creators of malicious applications.After all, if it is infected, you can get access to the system on the low-level mode!If such intervention is possible, then any antivirus software running directly on Windows, it becomes useless.

However, in recent years the problem was solved.The fact of interference in the system successfully opened simply by comparing the hash sum file ntoskrnl.exe (this is, you know), which hangs in the system processes, the same "reference" value provided by Microsoft.

Other ways to protect

If you try to delete this file from its rightful place in the folder of Windows, within ten to twelve seconds, he will once again be in the same place!From there it will take?Simply copy it to the system directly from the memory.

presence in the memory of the process ensures that a copy of the disk will not be replaced by some malicious counterpart.To ensure full protection, modern systems of the Windows family repeatedly compared these files throughout their work.

How to verify that process?

Let's check, is it really in the list of system processes has ntoskrnl.exe.What does it mean?First, you need to run the "Task Manager" (by pressing three buttons, as we mentioned above), and then there is a point to note "Show processes from all users."Thereafter, the process can be seen.Of course, it must be started from the following locations: windows \ system32 \ ntoskrnl.exe.

Possible problems

Alas, but in practice is not so rare to meet cases when the system load is no longer possible due to a missing file ntoskrnl.exe."Blue Screen of Death" also often occurs because of him though.

Experts confidently say that in most cases, this problem occurs because of any fault of the hard disk.Often, users are faced with this trouble after replacing the main system drive or connect a new hard drive.Simply put, after any physical manipulation of the hard drives.

most common causes of problems

spite of some vagueness of the terminology, some of the basic reasons remain virtually unchanged.Here they are:

  • cases of file system errors, most often on XP and older operating systems (check and correct with the command chkdsk).
  • Because of the hard drive hardware failure caused by a sudden power outage.
  • If you have a bad blocks on the disk surface (check and correct the program called "Victoria").

Can I restore a corrupted file?

Yes, it's real.To perform this task, you will need the drive from which you or your friends have installed the system.After downloading you need to select appears in the window "Master" select "System Restore", and from there to launch a command prompt.It is necessary to insert the following command: expand d: \ i386 \ ntoskrnl.ex_ c: \ windows \ system32.Note: instead of D put your optical drive letter!

Click on Enter.If everything was done correctly, you will be asked to agree to overwrite system files.Push the button Y, again click on the press Enter.The file will be re-copied from the optical disc, and recorded with the affected component on your system.

Important!To restore only the official installation disks.In no case do not use for this purpose all sorts of "assembly", as a result, you can get even more problems!