The kernel file itself is ntoskrnl.exe. It is located in C:\Windows\System32.
If you view the properties of the file, you can look on the Details tab to see the true version number running. You can see other versions of the kernel on your system under C:\Windows\winsxs\amd64_microsoft-windows-os-kernel* and C:\Windows\winsxs\x86_microsoft-windows-os-kernel*. My current kernel, for example, on Win 7 x64 is 6.1.7601.17592. 6.1 indicates Windows 7. 7601 indicates SP1 (RTM lists 7600). The final number is the current revision. If your system has multiple processors or multiple cores in the processor, the details panel will also show that the original file name is ntkrnlmp.exe. The "mp" here means "multiple processors". At one point Windows used different kernels for a system if it had one or more than one processor. I don't know if this is still the case and the internal filename is still kept this way for historic reasons, or if the single processor core version still exists. I don't have a single core system to test on, currently.
In the WinSXS directory, my system currently has quite a few revisions of the kernel (most from the RTM version of Windows 7): 6.1.7600.16385, 6.1.7600.16539, 6.1.7600.16617, 6.1.7600.16695, 6.1.7600.16792, 6.1.7600.20655, 6.1.7600.20738, 6.1.7600.20826, 6.1.7600.20941, 6.1.7601.17514, 6.1.7601.17592, 6.1.7601.21701.
You notice that my system is not using the highest version of the kernel on the system (6.1.7601.17592 vs 6.1.7601.21701). However, it is using the version which was the last one to be digitally signed so even though the final version number is lower, the file is newer. I'm not sure how MS determines what that final version number is going to be.
Answer from Bacon Bits on Stack ExchangeThe kernel file itself is ntoskrnl.exe. It is located in C:\Windows\System32.
If you view the properties of the file, you can look on the Details tab to see the true version number running. You can see other versions of the kernel on your system under C:\Windows\winsxs\amd64_microsoft-windows-os-kernel* and C:\Windows\winsxs\x86_microsoft-windows-os-kernel*. My current kernel, for example, on Win 7 x64 is 6.1.7601.17592. 6.1 indicates Windows 7. 7601 indicates SP1 (RTM lists 7600). The final number is the current revision. If your system has multiple processors or multiple cores in the processor, the details panel will also show that the original file name is ntkrnlmp.exe. The "mp" here means "multiple processors". At one point Windows used different kernels for a system if it had one or more than one processor. I don't know if this is still the case and the internal filename is still kept this way for historic reasons, or if the single processor core version still exists. I don't have a single core system to test on, currently.
In the WinSXS directory, my system currently has quite a few revisions of the kernel (most from the RTM version of Windows 7): 6.1.7600.16385, 6.1.7600.16539, 6.1.7600.16617, 6.1.7600.16695, 6.1.7600.16792, 6.1.7600.20655, 6.1.7600.20738, 6.1.7600.20826, 6.1.7600.20941, 6.1.7601.17514, 6.1.7601.17592, 6.1.7601.21701.
You notice that my system is not using the highest version of the kernel on the system (6.1.7601.17592 vs 6.1.7601.21701). However, it is using the version which was the last one to be digitally signed so even though the final version number is lower, the file is newer. I'm not sure how MS determines what that final version number is going to be.
Well, it tends to be Microsoft Windows Version [6.1.7601] for windows 7 - the main change should be the numbers which are MajorVersion.MinorVersion.Build. Vista was 6.0.xxxx, and XP was 5.1.2600 for SP3.
You can find this with the 'ver' command
Videos
I’m primarily a macOS user. But I’m taking a software engineering program at college.
I’m just amazed that Microsoft hasn’t rewritten the whole thing.
Edit: I meant “of windows,” not “is windows.” But I can’t change the title.
Hey,
Quick question, do y'all think Microsoft will use a new Windows NT version such as Windows NT 12 or will they reuse Windows NT 10 like they did with Windows 11?
Ngl I think reusing NT 10 would be a good idea for compatibility with older computers/programs and people still on Windows 10/11 will be able to use Windows 12 apps as well probably. Also it works really great still and gets updated regularly so I have no idea if Microsoft will keep it or not...
The Windows NT branch of windows has a Hybrid Kernel. It's neither a monolithic kernel where all services run in kernel mode or a Micro kernel where everything runs in user space. This provides a balance between the protection gained from a microkernel and the performance that can be seen in a monolithis kernel (as there are fewer user/kernel mode context switches).
As an example, device drivers and the Hardware Abstraction layer run in kernel node but the Workstation service runs in user mode. The wikipedia article on Hybrid Kernels has a good overview.
The Windows Internals book gives an explanation for the hybrid approach
... The Carnegie Mellon University Mach operating system, a contemporary example of a microkernel architecture, implements a minimal kernel that comprises thread scheduling, message passing, virtual memory, and device drivers. Everything else, including various APIs, file systems, and networking, runs in user mode. However, commercial implementations of the Mach microkernel operating system typically run at least all file system, networking, and memory management code in kernel mode. The reason is simple: the pure microkernel design is commercially impractical because it’s too inefficient.
According to Wikipedia it's a Hybrid kernel. Which may or may not be just marketing speak for about the same as a monolithic one. The graphic on the latter page does make some things clearer, though.
Most importantly, almost no program on Windows uses the kernel API directly. And the complete Windows API subsystem resides in user space which is a rather large part of the OS as we see it. And in more recent versions Microsoft began to pull more and more device drivers from kernel space into user space (which is especially a good idea with certain drivers, such as for video cards which are probably as complex as an operating system on their own).