Program run in either program mode or kernel mode. The terms derive from RISC
microprocessors which had either user mode or privileged mode. The i386
architecture has 4 levels of privilege but to maintain compatibility, only ring
0 (privileged / kernel mode) and ring 3 ( user mode) are used. Windows 2000 is
based on Windows NT and cares the same architecture.
The distinction is important. Program errors in processes running in User
mode should not be able to crash NT, that is, case a BSOD, Stop error. Only
device drivers and other kernel level programs cause Stop errors. If on occurs,
not focus on that user level application.
Kernel pool corruption has been difficult to debug in Windows NT because
typically the system crashes before you can find the culprit. Kernel Special
Pool was included in NT 4.0 SP4 which can be used to find these problems. Kernel
Special Pool catches problems associated with pool corruption, and it catches
them early enough so that you can fix them. Kernel Special Pool works on both
the checked and free versions of the operating system. Use Kernel Special Pool
only during debugging. This article describes how the Kernel Special Pool works:
Q192486
