How can I determine which version of Ntoskrnl.exe I'm using?

A. In the FAQ "What files are different between the single and multiprocessor versions of Windows XP and later?" I discussed the different files that are used as the source for Ntoskrnl.exe. To check which version of Ntoskrnl.exe is on your system, you can use one of the following options: - Option 1. Start Windows Explorer and navigate to the C:\Windows\system32 folder (%systemroot%\system32). Right-click ntoskrnl.exe and select Properties. Click the Version tab and select the "Original File name" option. This option displays the original name of the ntoskrnl.exe. The figure shows an example of a multiprocessor system because it's using what was ntkrnlmp.exe). - Option 2. When Windows is installed a setup.log file is created in the repair folder of the installation target (e.g., C:\Windows\repair). Open this file and search for ntoskrnl.exe. You'll see an entry detailing which file was used as, shown in this example:

\WINDOWS\system32\ntoskrnl.exe = "ntkrnlmp.exe","21c534"

- Option 3. When Windows starts, an event ID 6009 is written to the System log that states whether the system is multiprocessor or uniprocessor. It also shows whether it's the free (retail) or checked (debug) build type as the following sample event shows:

Event Type:        Information
Event Source:      EventLog
Event Category:    None
Event ID:          6009
Date:              10/17/2005
Time:              5:54:54 PM
User:              N/A
Computer:          THANOS
Microsoft (R) Windows (R) 5.01. 2600 Service Pack 2 Multiprocessor Free.
Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.