The kernel memory contains the operating system and the device drivers. The following screenshot shows the user-space and kernel space components. In this section, we will  mainly focus on the kernel space components:

The kernel memory consists of the following key components:

• hal.dll: The hardware abstraction layer (HAL) is implemented in the loadable kernel module hal.dll. HAL isolates the operating system from the hardware; it implements functions to support different hardware platforms (mostly chipsets). It primarily provides services to the Windows executive, kernel, and kernel mode device drivers. The kernel mode device drivers invoke functions exposed by hal.dll to interact with the hardware, instead of directly communicating with the hardware.
• ntoskrnl.exe: This binary is the core component of the Windows operating system known as kernel image. The ntoskrnl.exe binary provides two types of functionality: the executive and the kernel. The executive implements functions called system service routines, which are callable by user-mode applications via a controlled mechanism. The executive also implements major operating system components, such as the memory manager, I/O manager, object manager, process/thread manager, and so on. The kernel implements low-level operating system services and exposes sets of routines, which are built upon by the executive to provide high-level services.
• Win32K.sys: This kernel mode driver implements UI and graphics device interface (GDI) services, which are used to render graphics on output devices (such as monitors). It exposes functions for GUI applications.