The Process Manager is the component that tracks two types of objects — process objects and thread objects. A process is defined as an address space, a set of objects (resources) visible to the process, and a set of threads that run in the context of the process. A thread is most the basic schedulable entity in the system. It has its own set of registers, its own Kernel stack, a thread environment block, and user stack in the address space of its process.
The Process Manager is the Windows NT component that manages the creation and deletion of processes. It provides a standard set of services for creating and using threads and processes in the context of a particular subsystem environment. Beyond that, the Process Manager does little to dictate rules about threads and processes. Instead, the Windows NT design allows for robust environment subsystems that can define specific rules about threads and processes.
The Process Manager does not impose any hierarchy or grouping rules for processes, nor does it enforce any parent/child relationships.
The Windows NT process model works in conjunction with the security model and the Virtual Memory Manager to provide interprocess protection. Each process is assigned a security access token, called the primary token of the process. This token is used by the Windows NT access-validation routines when threads in the process reference protected objects. For more information about how Windows NT uses security access tokens, see Chapter 2, "Windows NT Security Model."