In the previous section, we saw how virtual memory is divided into user-space (process memory) and kernel space (kernel memory). The user-space contains code (such as executable and DLL) that runs with restricted access, known as the user mode. In other words, the executable or DLL code that runs in the user space cannot access anything in the kernel space or directly interact with the hardware. The kernel space contains the kernel itself (ntoskrnl.exe) and the device drivers. The code running in the kernel space executes with a high privilege, known as kernel mode, and it can access both the user-space and the kernel space. By providing the kernel with a high privilege level, the operating system ensures that ...