Home > cyberstack, Forensics > KERNEL the heart of operating system

KERNEL the heart of operating system

Hi Friends,
    Most of us use Linux boxes we can identify and update our Linux kernels if any updates / patches released we know that how to patch /update the kernels but what about windows box , will windows use kernels ? The answer is yes no operating system will run without a kernel, kernel is the heart /mind for the operating systems. Then
Can we identify our windows Kernel versions? How?
Will Linux and windows use same kernel?
How can we update our kernels in windows?
What details can we get in kernel?
                We can identify our windows kernel, but we don’t have any direct option to get windows kernel version, but yes we can get them by some log entries and using some third party tools or from the registry entries.
    When we boot a windows box an entry is generated in event log with “EVENT ID 6009”.
    The log entry doesn’t indicate whether you booted the PAE (Physical Address Extension) version of the Kernel.    We can determine the PAE Kernel version in the registry entry HKLM/SYSTEM/Current Control Set/Control/Session Manager > Physical Address Extension.

Another Process to identify your kernel details by using System Internals tools like WinDBG. Open a local Kernel version using debugging session type “List Module” to list the details for the kernel image.

*please be sure the symbols are present.

We can check Product Type and Product Suite under HKLM/System/Current Control Set/Control/Product Options > Product Type and Product Suite.

Kernel is purely works on the base of HAL (HAL is a layer of code that isolates the kernel, device drivers, and the rest of the Windows executive from platform-specific hardware differences).

Linux and windows use different Kernels

By changing / upgrading our operating systems we can change the kernel versions till now Windows vista have WinNT and Windows server 2008 have Lanman NT / server NT as a product ID.

We can use tools like SIPolicy and Windows Driver Kit to get more details about Kernel.

Categories: cyberstack, Forensics
  1. November 15, 2010 at 12:33 pm

    Good Description and i also have doubt about kernel which may be present in UNIX OS only ???
    one more question is what will be the difference between Kernel Mode and User Mode in operating system?

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: