The Windows operating system provides several base mechanisms that kernel-mode components such as the executive, the kernel, and device drivers use. This chapter explains the following system mechanisms and describes how they are used:
Trap dispatching, including interrupts, deferred procedure calls (DPCs), asynchronous procedure calls (APCs), exception dispatching, and system service dispatching
The executive object manager
Synchronization, including spinlocks, kernel dispatcher objects, how waits are implemented, as well as user-mode-specific synchronization primitives that avoid trips to kernel mode (unlike typical dispatcher objects)
System worker threads
Miscellaneous mechanisms such as Windows global flags
Advanced Local Procedure Calls (ALPCs)
Kernel event tracing
Wow64
User-mode debugging
The image loader
Hypervisor (Hyper-V)
Kernel Transaction Manager (KTM)
Kernel Patch Protection (KPP)
Code integrity