https://msdn.microsoft.com/zh-cn/library/windows/hardware/ff554836
The processor in the computer running Windows has two different modes: User mode and kernel mode. Depending on the type of code running on the processor, the processor switches between two modes. The application runs in user mode, and the core operating system components run in kernel mode. Multiple drivers run in the kernel mode, but some drivers run in user mode.
When you start a user-mode application, Windows creates a "process"for the application. The process provides a dedicated "virtual address space" and a dedicated "handle table"for the application. Because the application's virtual address space is private, an application cannot change data that belongs to other applications. Each application runs in isolation, and if an application is corrupted, the damage is limited to that application. Other applications and operating systems are not affected by this corruption.
The virtual address space of a user-mode application is limited in addition to the private space. A processor that is running in user mode cannot access the virtual address reserved for that operating system. Restricting the virtual address space of a user-mode application prevents application changes and may damage critical operating system data.
All code running in kernel mode shares a single virtual address space. This means that the kernel-mode driver does not separate from the other drivers and the operating system itself. If the kernel-mode driver unexpectedly writes the wrong virtual address, data that is part of the operating system or other drivers may be corrupted. If the kernel-mode driver is corrupted, the entire operating system is corrupted.
This figure illustrates the communication between a user-mode component and a kernel-mode component.
Actually read here, we will think, then the virtual address space is how to allocate it? Take a look at the next section.
User mode and kernel mode