A processor executes programs either in User Mode or Kernel Mode. And as you use your PC, your processor regularly switches between the two depending on what it's doing. But what is User Mode and Kernel mode, and what is the difference between the two?

Let’s see what these modes are and why does a CPU needs to switch between these modes.

What Is "User Mode" in Windows?

Protection rings in an operating system
Image Credit:Hertzsprung/Creative Commons

When you boot up a program on Windows, it launches in User Mode. Whenever a user-mode program wants to run, Windows creates a process for it. A process is just a program that a processor is executing or one that Windows has scheduled to be executed. And whenever Windows creates a process, it also creates a virtual address space for that process.

A virtual address space is the collection of logical (non-physical) addresses that Windows assigns to a process. Processes can use these addresses to store data on physical memory.

Additionally, virtual address spaces are isolated. So, one process’s virtual address space doesn’t interfere with another process’s address space. And because user-mode programs have separate address spaces, if one program crashes, it crashes alone and doesn’t take down other programs or the whole OS with it.

Related: Tips to Help You Fix the Windows 10 Blue Screen Error

Another way to describe user-mode applications is to use the term “less privileged”. Windows restricts user-mode applications from accessing critical system resources directly thus making them less privileged. For instance, if an application wants access to hardware, it has to go through the OS kernel by using system calls.

Put simply, application programs like video games run in user mode. They are less privileged, so don’t have unrestricted access to system resources. Each user-mode application has its own address space. An application can’t change another application’s address space. Consequently, if one application crashes, it doesn’t affect other programs running on the computer.

Related: Warning Signs Your Computer Is Going to Crash (And What to Do)

What Is "Kernel Mode" in Windows?

How Kernel Mode works
Image Credit: Bobbo/Wikimedia Commonms

Before we discuss Kernel mode, we have to first what a "kernel" is, and how it works with Windows.

The kernel is the brain of an operating system. It is the core software component that all the other components inside the OS rely on. The kernel manages computer hardware, schedules which processes run on the computer and when, and handles interactions between the hardware and the application software.

In short, the kernel is the most privileged piece of code running on the system. That's because it's the code that directly interacts with the hardware. Every other program that wants to use the hardware resources has to request access through the kernel.

When an application program is running under User Mode and wants access to hardware like the webcam, it has to request the kernel by using a system call. To service these requests, the CPU, at the time of execution of the program, switches from User Mode to Kernel Mode.

After the execution of a process is complete, the CPU switches back to User Mode and starts executing the next scheduled process. This is called “Context Switching”.

What's the Difference Between User Mode and Kernel Mode?

The key difference between User Mode and Kernel Mode is the level of privilege that each mode offers. In User Mode, applications have fewer privileges. They don’t have access direct access to hardware resources and also can’t write to the address spaces of other applications.

Related: How to Use the Device Manager to Troubleshoot Windows 10

Code that runs in Kernel Mode has elevated privileges. It not only has direct access to computer hardware, but all the programs running in Kernel Mode, including the OS, also share one address space. So, if a program in Kernel Mode crashes, it can take the whole OS down with it. To ensure such crashes don’t occur, Windows only allows some processes to run in Kernel Mode.

Windows Adopts a Layered Approach to Separate User Programs From System Resources

Windows uses a layered model to determine the level of privilege of processes. Applications that reside on the outermost layer are the ones with the lease privilege. At the core of these layers is the kernel. As a consequence, the kernel has unlimited access to OS resources.

The layered approach also protects vital OS functionality. When programs in the upper layer crash randomly, it doesn’t affect the OS. On the other hand, when the kernel crashes, the whole OS goes down.