Kernel drivers are programs written based on the Windows NT API (and not the Win32 subsystem API) and run in kernel mode on the underlying hardware. This means that the driver should be able to deal with switching virtual memory contexts between processes and should be written in such a way that it is incredibly stable, because kernel drivers start in kernel mode, if it crashes, it resets the entire system. Kernel drivers are unsuitable for anything other than hardware devices because they need administrative access to install or run, and also because they remove the security that the kernel usually provides to programs that crash, namely that they crash themselves, not the whole system.
Shortly speaking:
- Drivers use native API, not Win32 API
- - , .
- , .
- .
- .
- . .
- , (IRQL).