In Windows NT, the schedulable unit is the thread. Processes serve as a container of threads, and also as an abstraction that defines what virtual memory map is active (and some other things).

All operating systems need to keep this information available. At different times, different components of the operating system could need to search for a process that matches a specific characteristic, or would need to assess all active processes.

So, how do we store this information? Why not a gigantic array in memory? Well, how big is that array going to be? Are we comfortable limiting the number of active processes to the size of this array? What happens if we can’t grow the array? Are we prepared to reserve all that memory up front to keep track of the processes? In the low process use case, isn’t that a lot of wasted memory?

So we can keep them on a linked list.

There are some occasions in NT where we care about process context but not thread context. One of those is I/O completion. When an I/O operation is handled asynchronously by the operating system, the eventual completion of that I/O could be in a process context that is different from the requesting process context. So, we need some records and information about the originating process so that we can “attach” to this process. “Attaching” to the process swaps us into the appropriate context with the appropriate user-mode memory available. We don’t care about thread context, we care about process context, so this works.