ntoskrnl.exe (and ntkrnlpa.exe on systems with Physical Address Extension support) is the kernel image for the family of Microsoft Windows NT operating systems. It provides the Microkernel and Executive layers of the Windows NT kernel space, and is responsible for various system services such as hardware virtualisation, process and memory management, etc., thus making it a fundamental part of the system. It contains the Cache Manager, the Executive, the Kernel, the Security Reference Monitor, the Memory Manager, and the Scheduler, among other things.(from wikipedia)
Typically speaking though, the functions found in ntoskrnl can be found in ntdll.
- Export Listing
- Kernel pool
- Memory management in the Windows XP kernel
- Memory Protection constants