Process vs Thread
A process is an object representing a running process. It consists of metadata, code, memory, and handles which are used by the threads to execute the code in the process. Each thread has its own stack memory within the process which is used to handle operations.
Virtual Memory vs Physical Memory
Each process has their own virtual memory. A 32-bit process has a virtual memory with an address space of 2GB which can be extended to 3GB using LARGEADDRESSAWARE. A 64-bit process has a virtual memory with an address space of 8TB.
The virtual memory is separated in pages where each page is 4096 bytes. Each pages are also mapped to the physical memory or disk space. Multiple of pages from different processes can be mapped to the same physical memory location as that will save a-lot of memory space.
System Calls
When a Windows API function like CreateFile is called from kernel32.dll it actually calls the NtCreateFile from ntdll.dll. The NTDLL loads the syscall number to the EAX register and then performs a syscall / sysenter to switch the thread from user-mode to kernel-mode to perform the CreateFile operation requested in user-mode.
Handles and Objects
A handle in a process allows the user-mode client to communicate and interact with the kernel. The handle can be viewed as a reference to the kernel object while the kernel object is the one that allows us to perform operations on the system.
A better way of explaining Handles and Objects is through symbolic links, device objects, and driver objects. When a handle is opened using the symbolic link, the kernel returns a handle referencing the device object (kernel object). The device object can then be used to perform operations on the system using the driver object.