The Windows 10 operating system contains tons of system files that are part of the main operating system. End users are often executed in Task Manager or against Blue Screen of Death. Today, we explain about three of these system files – Ntoskrnl.exe, Ntkrnlpa.exe, and Win32k.sys.
Ntoskrnl.exe, Ntkrnlpa.exe, Win32k.sys are system files that make it easy to run the Windows operating system.
1) What is ntoskrnl.exe
NT-OS-Kernel = Ntoskrnl.exe.
It's the core of the operating system that does and controls almost everything.
Windows will not work without this or it will go into panic mode if it thinks the system has a problem. It is worth noting that this file was last selected in the Windows 10 boot process. It will load registry settings, additional drivers, and then pass control to the system management process.
He is responsible for hardware virtualization, processes and memory management. If you have seen BSOD where there is mention of Ntoskrnl.exe and is related to memory. In addition to this file, there are three other kernel files that work with ntoskrnl.exe. They are ntkrnlmp.exe, ntkrnlpa.exe and ntkrpamp.exe.
Lily: NTOSKRNL.exe high CPU, memory, and disk usage.
2) What is ntkrnlpa.exe
New Technology Core Process Allocator = NTKrnlPA.
Similar to Ntoskrnl.exe, Ntkrnlpa.exe is part of the kernel file list. When Windows starts, these programs are loaded into the RAM to start the startup.
This is related to process allocation. It has access to system resources, hardware and memory area, limited to other programs.
3) What is win32k.sys
Win32 Subsystem = win32k.sys.
After the boot process is complete and the drivers are loaded, Windows starts the session manager to switch to user mode. There is a Session Manager subsystem that loads the kernel mode side of the Win32 subsystem, that is, win32k.sys. It includes the Win32 API DLLs (kernel32.dll, user32.dll, gdi32.dll) and the Win32 subsystem process (csrss.exe).
- kernel32.dll: dynamic link library for Windows
- user32.dll: it contains the functions of the Windows API related to the Windows user interface
- gdi32.dll: It hosts functions for Windows GDI (Graphical Device Interface)
- csrss.exe: Client Server Run Process
All these files, Ntoskrnl.exe, Ntkrnlpa.exe, Win32k. Sys files are located in the directory System32 folder. If you also find them somewhere else, it is best to run your virus scan.