Kernel 101 - writing a simple Windows NT device driver. In Windows NT systems, a kernel-level device driver gives user programs unrestricted access to memory, hardware, and CPU privileged instructions. By definition, device drivers operate in kernel mode. As stated by Larry Stevenson and Nancy Altholz ( Rootkits For Dummies ): "Installing a driver is a legal route that user programs take to get into the
kernel, but it is also one that blackhat rootkit authors have maliciously
exploited to infect computers with rootkits".