Kernel Services and Applications - Cox Project

For : Windows NT

by : je.saist

Kernels, Services and Applications

Trying to understand many of the errors that may be encountered within technicial support also may require an understanding of how the operating system works. As in Unix, Linux, and BSD Operating Systems there are multiple levels at which programs run in the Windows Enviroment. For the sake of simplicity we can consider Windows NT operating systems to have 3 different run levels, which are the kernel, services, and applications.

  1. Top = Kernel and Drivers
  2. Middle = Services
  3. Bottom = Applications

At the top level is the Windows Kernel, the actual Operating System. The kernel itself is hidden from the users, however users can still encounter a message that an error was caused in kernel32.dll. In such a case the Windows Kernel itself is either damaged, or there is another serious problem with the computer.

Driver issues are also held in the top level for simplicity; their purpose is to allow the kernel to tell the hardware what to do. Windows Drivers are typically in the .dll format, which stands for Driver Link Library. A Driver Link Library is simply a set of commands that sets the inputs and outputs of the various devices used in a computer system. Errors that occur in .dll files also indicate severe operating system problems and likely need to be reinstalled.


In the middle are the services, which like the kernel are typically hidden from the user. You can show the customer the services in Windows NT based systems by:

  1. clicking on start
  2. click on control panel
  3. make sure that the control panel is in classic view
  4. Click on the icon that says Administrative tools
  5. Click on the icon that says Services

The thing is with services is that the user has no direct control over them outside of the services box. Many anti-virus, spyware, adware, and firewall security programs run at the service level. The problem is that a program running at the service level removes itself from user control, even from those logged in as an Administrator. While it is possible to terminate certain running services, doing so could destablize the system or cause a kernel32.dll error if the user is not aware of what they are disabling. Security programs that register with Windows as a service should be avoided as they will cause problems at a later date.


Exposed directly to the user at the bottom level are applications. These are items like Mozilla FireFox, Open Office, GIMP, Opera, and Mozilla Thunderbird. Users have direct control over applications and can terminate them at will. Programs that run as an application can usually be terminated without causing kernel32.dll errors, or causing other system problems.


Many problems that a user can encounter come from the complex relationship of the windows components. Applications can start and register services without the users direct approval. Services can start and run applications without the users direct approval. The kernel and drivers can be corrupted by errored Service data, and the services in turn can be corrupted by badly written drivers or badly written kernel patches. As mentioned many security applications run at a dual level, both as an application and as a service, such as Norton Internet Security. Problems can arise from this in items such as checking mail. A Firewall that causes a 0x800ccc0D error can be turned off from the Windows desktop, but unless the service itself is terminated the firewall will for all intents and purposes be running.


Other programs complicate the matters even further, such as Internet Explorer itself. As a standalone browser IE is proven to be the worst product available. However, the Internet Explorer code base is intigrated into such products as Microsoft Office Outlook, Microsoft Outlook Express, and Microsoft Frontpage. Thus each of the succeeding products inherits the problems and flaws that Internet Explorer contains. Chief among these in Windows NT systems is the integration of Internet Explorer into the operating system. Internet Explorer does not just run at the application or service level, it runs at all 3 levels. Thus exploits that use Internet Explorer by default have adminstrator accesss to the rest of the computer. This is also why pop-up blockers, spyware blockers, and adware blockers are inheirently useless when using Internet Explorer. While it is possible to stop the pop-ups from being seen, it is impossible to stop the code that the pop-ups contain from being executed. Internet Explorer also extends itself into the FileSystem as it is the FileSystem browser. In what may come as a shock to some, My Computer is simply Internet Explorer with a localized skin to mimic the file browser system from earlier Microsoft Windows systems.


The relationships between the kernel level, the services level, and the application level is why so many problems fall outside of the capability of Cox Communications to troubleshoot. While we assist with some application level installs, such as our Security Software, and while we can assist in some driver level problems, such as USB drivers, we don't have full blanket access to the entire Operating System.

Hopefully this will explain some of the errors that you may encounter.


take me back to the guides

Document made with Nvu