Program run in either program mode or kernel mode. The terms derive from RISC microprocessors which had either user mode or privileged mode. The i386 architecture has 4 levels of privilege but to maintain compatibility, only ring 0 (privileged / kernel mode) and ring 3 ( user mode) are used. Windows 2000 is based on Windows NT and cares the same architecture.

The distinction is important. Program errors in processes running in User mode should not be able to crash NT, that is, case a BSOD, Stop error. Only device drivers and other kernel level programs cause Stop errors. If on occurs, not focus on that user level application.

Kernel pool corruption has been difficult to debug in Windows NT because typically the system crashes before you can find the culprit. Kernel Special Pool was included in NT 4.0 SP4 which can be used to find these problems. Kernel Special Pool catches problems associated with pool corruption, and it catches them early enough so that you can fix them. Kernel Special Pool works on both the checked and free versions of the operating system. Use Kernel Special Pool only during debugging. This article describes how the Kernel Special Pool works: Q192486