The Process Manager is the operating system component that creates and deletes processes and tracks process objects and thread objects. It also provides a standard set of services for creating and using threads and processes in a particular subsystem environment.
Beyond that, the Process Manager does little to dictate rules about threads and processes. Instead, the Windows NT design allows for robust environment subsystems that can define specific rules about threads and processes. For example, the Process Manager does not impose any hierarchy or grouping rules for processes, nor does it enforce any parent/child relationships.
A process is an application program or modular part of a program. The operating system sees a process as an address space, a set of objects, and a set of threads that run in the context of the process. The process object specifies the virtual address space mapping for the thread and accumulates thread run time.
A process object:
A process object must be initialized before any thread objects that list that process as their parent can be initialized.
A thread is most the basic schedulable entity in the system. It has its own set of registers, its own kernel stack, a thread environment block, and user stack in the address space of its process.
The Windows NT Process Manager works with the Security Reference Monitor and the Virtual Memory Manager to provide interprocess protection. Each process is assigned a security access token, called the primary token of the process. This token is used by Windows NT access-validation routines when threads in the process reference protected objects. For more information about how Windows NT uses security access tokens, see Chapter 6, "Windows NT Security."