读书笔记之《Windows内核原理与实现》
最近学习《Windows内核原理与实现》发现其博大精深,粗略过了一遍,很多东西比较茫然,看书之余把书中涉及的函数,结构,全局变量的所在页数总结出来,便于以后查阅。
由于半自动半手工,难免有写错的地方,如有发现还请留言通知,谢谢。
函数
函数名称
所在页数
_KeSystemStartup
149
_KiExceptionExit
341
_KiFastCallEntry
552 554
_KiServiceExit
553
_KiShutUpAssembler
321
_KiSystemCallExitBranch
553
_KiSystemService
546 552
_KiSystemServiceRepeat
552 553 555 556 561
_KiSystemStartup
547
_KiTrap??
337
_KiTrap0E
315 348 257
AllocateAdapterControl
429
BaseProcessStart
143 145
BitBlt
606
CallNamedPipe
581
CallNextHookEx
620
CancelIo
648
CancelIoEx
648
CancelSynchronousIo
648
CcAllocateInitializeBcb
490
CcAllocateWorkQueueEntry
494
CcCanIWrite
498 499
CcCopyRead
484-486 494 494
CcCopyWrite
484 486 498 499
CcCreateVacbArray
481 483
CcDeallocateBcb
490
CcDeferWrite
498
CcExtendVacbArray
481 483
CcFastCopyRead
484 486 494 494
CcFastCopyWrite
484 486 499
CcFindBcb
489
CcFlushCache
497 511
CcFreeVirtualAddress
490-493 495
CcGetBcbListHead
489
CcGetBcbListHeadLargeOffset
489
CcGetVacbMiss
485
CcGetVirtualAddress
485 486 490-493 495
CcInitializeCacheManager
89 479 483 495 497
CcInitializeCacheMap
483
CcInitializeVacbs
479
CcLazyWriteScan
496-498
CcMapAndCopy
486
CcMapAndRead
490 493
CcMapData
487 491 492 515
CcMapDataCommon
491 492
CcMapDataForOverwrite
491 492
CcMdlRead
492 494 494
CcMdlReadComplete
492
CcMdlReadComplete2
492
CcMdlWriteAbort
493
CcMdlWriteComplete
493
CcMdlWriteComplete2
493 496
CcMidRead
492
CcPerformReadAhead
495
CcPfInitializePrefetcher
89
CcPinFileData
490-492
CcPinMappedData
487 492 492
CcPinRead
487 491 492 515
CcPostDeferredWrites
497-499 499
CcPostWorkQueue
494-497
CcPrepareMdlWrite
493
CcPreparePinWrite
487 491 492 515
CcReadAhead
495
CcRegularWorkQueue
496
CcScanDpc
496
CcScheduleLazyWriteScan
496 497 497
CcScheduleReadAhead
494 495 495
CcSetDirtyInMask
486 493 496
CcSetDirtyPinnedData
487 492
CcUninitializeCacheMap
491
CcUnmapVacb
491
CcUnmapVacbArray
491
CcUnpinData
487 492
CcUnpinFileData
490
CcUnpinFileDataEx
490-492
CcWorkerThread
495-497
CcWriteBehind
497
CloaseHandle
405
CloseHandle
447 580 581
CloseServiceHandle
439
CmGetSystemDriverList
395
CmInitSystem1
67 89
CmKeyObjectType
67
CmLoadKey
69
CmpBuildHashStackAndLookupCache
71
CmpCmdHiveOpen
69
CmpCmdInit
68
CmpCreateControlSet
68
CmpCreateKeyControlBlock
70 71
CmpCreateObjectTypes
67 69
CmpCreateRegistryRoot
67 71
CmpDoOpen
71
CmpFindValueByNameFromCache
71
CmpGetValueKeyFromCache
71
CmpGetValueListFromCache
71
CmpInitHiveFromFile
69
CmpInitializeHardwareConfiguration
68
CmpInitializeHive
68
CmpInitializeHiveList
68 91
CmpInitializeSystemHive
68
CmpInsertKeyHash
70
CmpLinkHiveToMaster
68 69
CmpLoadHiveThread
69
CmpMasterHive
67
CmpOpenHiveFile
69
CmpParseKey
67 71
CmpRemoveKeyHash
70
CmpSecurityMethod
77
CmpSetNetWorkValue
68
CmpSetSystemValues
68
CmQueryValueKey
71
CommonDispatchException
337 341 257
CommonDispatchException2Args
257
ConnectNamedPipe
580
ControlService
439
CreateDesktopEx
613
CreateFile
404 438 484 499 551 579-581
CreateFileW
551
CreateHardLink
649
CreateIoCompletionProt
465 466
CreateMailslot
586
CreateNamedPipe
578 580 581
CreateProcess
143 606 611
CreateProcessW
143
CreateService
438
CreateSymbolicLink
649
CreateSystemRootLink
407
CreateThread
606
CreateToolhelp32napshot
295
CreateWindow
615
CreateWindowEx
615
DbgForwardException
341 576
DbgkInitialize
86
DbgkpSendApiMessageLpc
576
DdCreateSurface
626
DdGetDriverInfo
626 627
DeleteService
439
DeviceIoControl
431 438 447 449 525
DisconnectNamedPipe
580
DispatchMessage
616 618
DispatchMessageA
616
DispatchMessageW
616
DrvBitBlt
622
DrvCopyBits
623
DrvEnableDirectDraw
626
DrvEnableDriver
622
DrvEnablePDEV
622
DrvEnableSurface
622
DrvGetDirectDrawInfo
626
DrvLineTo
623
DrvStrokePath
623
DrvTextOut
623
DwmEnableBlurBehindWindow
627
DwmEnableComposition
627
DwmExtendFrameIntoClientArea
627
DwmRegisterThumbnail
628
DwmUnregisterThumbnail
628
DwmUpdateThumbnailProperties
628
DxgkInitialize
629
EngBitBlt
622
EngCreateDeviceSurface
623
EngDeviceIoControl
624
EngLineTo
623
EngModifySurface
623
EnterCriticalSection
303
EnumChildWindows
615
EnumDesktopWindows
614
EnumProps
615
EnumThreadWindows
615
EnumWindowStations
614
ExAcquireCacheAwarePushLockExclusive
378
ExAcquireCacheAwarePushLockShared
378
ExAcquireFastMutex
370
ExAcquireResourceExclusiveLite
371 372
ExAcquireResourceSharedLite
371 372
ExAcquireSpinLockExclusive
351
ExAcquireSpinLockShared
351
ExAdjustLookasideDepth
293
ExAllocateCacheAwarePushLock
378
ExAllocatePoolWithQuotaTag
445
ExAllocatePoolWithTag
45 218 220 223 245 445
ExCreateHandle
134 141
ExCreateHandleTable
131
ExDeleteResourceLite
371 373
ExfAcquirePushLockExclusive
376
ExfAcquirePushLockShared
376
ExFreeCacheAwarePushLock
378
ExFreePoolWithTag
45 218 222 223
ExfReleasePushLockExclusive
376 377
ExfReleasePushLockShared
376 377
ExfWakePushLock
377
ExInitializePoolDescriptor
218
ExInitializePushLock
376
ExInitializeResourceLite
371 372
ExInitSystem
86
ExInitSystemPhase2
89
ExInterlockedCompareExchange64
345
ExMapHandleToPointerEx
134
ExpAllocateHandleTable
131
ExpAllocateHandleTableEntry
132
ExpAllocateHandleTableEntrySlow
131
ExpFreeHandleTableEntry
132
ExpInitializeExecutive
86 149 195 556
ExpInitializePushLocks
376
ExpInsertPoolTrackerInline
223
ExpLookupHandleTableEntry
134
ExpRemovePoolTrackerInline
223
ExpWaitForResource
372
ExQueueWorkItem
366 36 495
ExReleaseCacheAwarePushLockExclusive
378
ExReleaseCacheAwarePushLockShared
378
ExReleaseFastMutex
370
ExReleaseResourceLite
371-373
ExReleaseSpinLockExclusive
351
ExReleaseSpinLockShared
351
ExTryAcquireSpinLockExclusive
351
FatCommonCreate
534
FatCommonRead
534
FatCommonWrite
534
FatCreateNewDirectory
534
FatCreateNewFile
534
FatFsdRead
534
FatFsdWrite
534
FatInitializeVcb
533
FatMountVolume
533
FatPagingFileIo
534
FindWindow
615
FindWindowEx
615
FltRegisterFilter
527 529
FltStartFiltering
527 528
FsRtlCheckLookForReadAccess
522
FsRtlCheckLookForWriteAccess
522
FsRtlInitSystem
89
FsRtlProcessFileLock
521
FsRtlRegisterFileSystemFilterCallbacks
522
FsRtlRegisterUncProvider
522 578
GetCurrentProcess
606
GetcurrentProcessId
606
GetMailslotInfo
586
GetMessage
616
GetPerformanceInfo
295
GetQueuedCompletionStatus
466
GlobaMemoryStatusEx
295
HalInitializeProcessor
316 86 88
HalInitPnpDriver
393
HalInitSystem
86 88
HalQueryRealTimeClock
89
HalRequestSoftwareInterrupt
327 328 334
HalStartNextProcessor
87
Heap32First
295
Heap32Next
295
HwVidInitialize
624
InbvUpdateProgressBar
90
InitializeGre
607
InitializePool
205 214 218
InitialTab
141
InterlockedAnd
345
InterlockedCompareExchange
345
InterlockedCompareExchange64
345 346
InterlockedCompareExchangePointer
377
InterlockedDecrement
345
InterlockedExchange
345
InterlockedExchangeAdd
345
InterlockedIncrement
300 345
InterlockedOr
345
InterlockedPopEntrySList
346-348
InterlockedPushEntrySList
346-348 445
InterlockedXor
345
IoAcquireCancelSpinLock
460
IoAllocateDriverObjectExtension
502 503
IoAllocateIrp
449 451
IoAllocateMdl
453 454 492
IoAssignDriveLetters
394
IoAsynchronousPageWrite
281 282 484 486
IoAttachDevice
403
IoAttachDeviceToDeviceStack
403 433 436
IoAttachDeviceToDeviceStackSafe
403
IoBuildAsynchronousFsdRequest
451
IoBuildDeviceIoControlRequst
451
IoBuildSynchronousFsdRequest
451
IoCallDriver
407 446 447 449 451-453 455-458 460 462 463 582 622
IoCancelIrp
429 460
IoCancelThreadIo
460
IoCompleteRequest
429 456 457 459 461 463 465
IoConnectInterrupt
322
IoCopyCurrentIrpStackLocationToNext
446 463
IoCreateDevice
400 402 428 436 438 509 533
IoCreateDriver
397 401
IoCreateFile
406 447 581 586
IoCreateObjectTypes
393
IoCreateSymbolicLink
438
IoDisconnectInterrupt
322
IoEnumerateDeviceObjectList
524
IofCallDriver
449
IoFreeMdl
454 493 493
IoGetAttachedDevice
442 510
IoGetDmaAdapter
429
IoGetRelatedDeviceObject
442
IoInitializeDpcRequest
326
IoInitializeTimer
430
IoInitSystem
89 90 393 394 396 445
IoInvalidateDeviceRelations
413 431 433
IoInvalidateDeviceState
413
IopAcquireFileObjectLock
455
IoPagedRead
484 486
IoPageRead
263
IopAllocateIrpMustSucceed
449
IopAllocateIrpPrivate
445 451 460
IopCallDriverReinitializationRoutines
393
IopCheckBackupRestorePrivilege
81
IopCheckVpbMounted
507 520
IopCloseFile
448
IopCompleteRequest
453 458-460 464 466 467 648
IopCreateFile
447 455 510 520 581 586
IopCreateObjectTypes
407 465
IopCreateRootDirectories
393
IopCreateVpb
509
IopDecrementDeviceObjectRef
408
IopDeleteDevice
408
IopDeleteFile
408 448 449
IopDequeueThreadIrp
459 460
IopDestroyDeviceNode
408
IopDisassociateThreadIrp
460
IopDoNameTransmogrify
506
IopDropIrp
458
IopfCallDriver
446 449
IopfCompleteRequest
457 458 464
IopFreeIrp
445
IopGetDriverNameFromKeyNode
514
IopGetSetSecurityObject
77
IopInitializeBootDrivers
393 394 396 413 519
IopInitializeBuiltinDriver
394-396 413 428
IopInitializeIrp
445 446
IopInitializePlugPlayServices
393
IopInitializeSystemDrivers
393 395 396 413
IopInsertRemoveDevice
402
IopInvalidDeviceRequest
401 448
IopLoadDriver
395 396 401 428 439 514
IopLoadFileSystemDriver
508
IopLoadUnloadDriver
397 428 439
IopMountInitializeVpb
508
IopMountVolume
507-509 520 520
IopParseDevice
407 447 448 455 484 506 510 520 582 587
IopProtectSystemPartition
393
IopQueueThreadIrp
459
IopReadyDeviceObjects
394
IopReassignSystemRoot
393
IopReleaseFileObjectLock
455
IopSynchronousServiceTail
450 451 455 458 460
IopTimerDispatch
430
IopUnloadDriver
428
IopXxxControlFile
450 452 453
IoQueueWorkItem
366 36
IoReadPartitionTable
501 502
IoReadPartitionTableEx
501 502
IoRegisterDeviceInterface
433 503
IoRegisterDriverReinitialization
429
IoRegisterFileSystem
475 507 508 519 520 582
IoRegisterFsRegistration
507
IoRegisterFsRegistrationChange
524
IoRegisterPlugPlayNotification
503 617
IoReleaseCancelSpinLock
460
IoReportDetectedDevice
413
IoRequestComplete
446
IoRequestDeviceEject
431
IoRequestDpc
326
IoSetCancelRoutine
429 460
IoSetCompletionRoutine
429 444 458 463
IoSetIoCompletion
468
IoSkipCurrentIrpStackLocation
446 463 464
IoStartTimer
430
IoStopTimer
430
IoSynchronousInvalidateDeviceRelations
413
IoSynchronousPageWrite
486
IoUnregisterFileSystem
508
IsRectEmpty
606
KdDebuggerInitialize1
89
KeAcquireGuardedMutex
370
KeAcquireInStackQueuedSpinLock
353
KeAcquireInterruptSpinLock
457
KeAcquireQueuedSpinLock
353
KeAcquireQueuedSpinLockAtDpcLevel
353
KeAcquireQueuedSpinLockRaiseToSynch
353
KeAcquireSpinLock
350
KeAcquireSpinLockAtDpcLevel
350
KeAcquireSpinLockForDpc
350
KeAcquireSpinLockRaiseToSynch
350
KeAddSystemServiceTable
562 563 607
KeAttachProcess
47 136 232
KeBalanceSetManager
208 282 292 445
KeBoostProirityThread
153
KeBugCheck
90
KeBugKeBugCheckEx
260
KeCancelTimer
367
KeClearEvent
362
KeClearTimer
367
KeConnectInterrupt
321 322
KeContextFromKframes
340
KeDeferredReadyThread
369
KeDelayExecution
467
KeDelayExecutionThread
357 358 160 161 166 167
KeDetachProcess
332 136 232 233
KeDisconnectInterrupt
322 323
KeFlushEntireTb
215
KeFlushMultipleTb
215
KeFlushSingleTb
215
KeFreezeAllThreads
117
KeGetCurrentThread
135
Kei386EoiHelper
322 341
KeInitializeApc
333 336
KeInitializeDpc
324 326
KeInitializeEvent
362
KeInitializeGate
369
KeInitializeGuardedMutex
370
KeInitializeInterrupt
321 322
KeInitializeMutant
363
KeInitializeProcess
138 149
KeInitializeQueue
365 466 467
KeInitializeSemaphore
364
KeInitializeSpinLock
350
KeInitializeThread
149
KeInitializeTimer
367
KeInitializeTimerEx
367
KeInitSystem
323
KeInitThread
117 141 144 145 149 561
KeInsertHeadQueue
365
KeInsertQueue
365 466 467 467
KeInsertQueueApc
333 336 153
KeInsertQueueDpc
324-326 345 368
KeLeaveCriticalRegion
335
KeLeaveGuardedRegion
335
KeLowerIrql
319
KePulseEvent
362 153
KeRaiseIrql
319
KeRaiseIrqlToDpcLevel
344
KeRaiseIrqlToSynchLevel
344
KeReadyThread
142 157
KeReleaseGuardedMutex
370
KeReleaseInStackQueuedSpinLock
353
KeReleaseinterruptSpinLock
457
KeReleaseMutant
359 363 364 368 153 161
KeReleaseMutex
364
KeReleaseQueuedSpinLock
353
KeReleaseQueuedSpinLockFromDpcLevel
353
KeReleaseSemaphore
359 364 368 372 153 161 571 573
KeReleaseSpinLcokForDpc
350
KeReleaseSpinLock
350
KeReleaseSpinLockFromDpcLevel
350
KeRemoveQueue
365 366 161 167 466 467
KeRemoveQueueApc
336
KeRemoveQueueDpc
324 325
KeRemoveSystemServiceTable
562
KeResetEvent
362
KeResumeThread
117
KeRevertToUserAffinityThread
159
KeRundownQueue
365
KeRundownThread
363
KeSetAffinityThread
117
KeSetBasePriorityThread
151
KeSetEvent
359 362 363 368 153 161 499
KeSetEventBoostPriority
363 373 156
KeSetPriorityAndQuantumProcess
151
KeSetProcess
366 153
KeSetSystemAffinityThread
117 159
KeSetSystemTime
89
KeSetTargetProcessorDpc
324
KeSetTimer
367
KeSetTimerEx
367
KeSignalGateBoostPriority
369 162
KeStackAttachProcess
47
KeStartAllProcessors
87 88 89
KeStartThread
141 149
KeSuspendThread
117 142
KeSwapProcessOrStack
162 208 282
KeSwitchKernelStack
561 609
KeSynchronizeExecution
429 457
KeTerminateThread
367 148 153 154 167
KeTestAlertThread
335
KeTestForWaitersQueuedSpinLock
353
KeTestSpinLock
350
KeTryToAcquireQueuedSpinLock
353
KeTryToAcquireQueuedSpinLockAtRaisedIrql
353
KeTryToAcquireQueuedSpinLockRaiseToSynch
353
KeTryToAcquireSpinLock
350
KeTryToAcquireSpinLockAtDpcLevel
350
KeUpdateRunTime
327 164 168
KeUpdateSystemTime
327-330
KeUserApcDispatcher
335
KeUserCallbackDispatcher
620
KeUserExceptionDispather
340
KeUserModeCallback
619 620
KeWaitForGate
369 375 162 167
KeWaitForMultipleObjects
357-359 361 364 379 114 160 161 166 167 467
KeWaitForSingleObject
357 358 364 372 114 160 161 166 167 451 467
KfLowerIrql
319
KfRaiseIrql
319
KiAccquireSpinLock
349
KiAcquireFastMutex
370
KiActivateWaiterQueue
366 369 161 467
KiAdjustIrpCredits
293 445
KiAdjustQuantumThread
159
KiAttachProcess
167
KiBarrierWait
86 87 88
KiCallUserMode
619 620
KiChainedDispatch
321
KiChainedDispatch2ndLvl
321
KiCheckForKernelApcDelivery
335
KiCheckForSListAddress
348
KiClearIdleSummary
165
KiCompleteTimer
368
KiComputeNewPriority
151 168
KiComputeTimerTableIndex
328-330
KiConnectVectorAndInterruptObject
321
KiDebugRoutine
341
KiDeferredReadyThread
369 153 157 158 164 165 168
KiDeliverApc
334 335 341
KiDispatchException
337-341 576
KiDispatchInterrupt
325 326 328 168
KiEnableFastSyscallReturn
553
KiExecuteDpc
323 324
KiExitDispatcher
344 365 169
KiFastSystemCall
551 552 554 564
KiFastSystemCallRet
552 554
KiFindReadyThread
158 159 166
KiFloatingDispatch
321
KiGetVectorInfo
321
KiIdleLoop
325
KiIdleSchedule
150 159
KiInitializeContextThread
141 144
KiInitializeDpc
324
KiInitializeKernel
86 88 149 195
KiInitializeMutext
363
KiInitializeUserApc
335
KiInitProcessor
87
KiInitProcessorState
87
KiInitSpinLocks
352 353
KiInitSystem
556
KiInsertDeferredReadyList
334 114 157 158 162
KiInsertOrSignalTimer
367 368 161
KiInsertQueue
365 156 161
KiInsertQueueApc
333 334
KiInsertQueueDpc
329
KiInsertTimerTable
328 329
KiInSwapKernelStacks
283 284
KiInSwapProcesses
108 157 283 284
KiInterruptDispatch
321 325
KiInterruptDispatch2ndLvl
321
KiIntSystemCall
551 552 554
KiIsKernelStackSwappable
162
KiLoadFastSyscallMachineSpecificRegisters
552
KiOutSwapKernelStacks
162 283
KiOutSwapProcesses
157 283
KiProcessDeferredReadyList
326 114 169
KiProcessTimerDpcTable
329
KiQuantumEnd
326 159 168
KiRaiseException
341
KiReadyThread
334 354 359 360 365 108 155-157 284
KiReleaseSpinLock
349
KiRestoreFastSyscallReturnState
553
KiRetireDpcList
325 326 328 329 168
KiScanReadyQueues
153
KiSelectNextThread
165
KiSelectReadyThread
158 159 166 168
KiServiceExit
551
KiSetIdleSummary
165
KiSetPriorityThread
159
KiSignalTimer
367 368
KiSuspendThread
117
KiSwapContext
167-169
KiSwapThread
335 358 359 369 378 161 165-167 169
KiSystemService
143 551 564
KiSystemStartup
315 316 85-88 195
KiThreadStartup
144 145
KiTimerExpiration
329 368
KiUnlinkThread
360 467
KiUnwaitThread
334 354 359 360 156 157 161 467
KiUserApcDispatcher
335
KiUserExceptionDispatcher
340 341
KiWaitSatisfyAny
364
KiWaitSatisfyMutant
364
KiWaitSatisfyOther
364
KiWaitTest
359 362 364 161
KiWaitTestSynchronizationObject
359 363 367 368 161
KiWaitTestWithoutSideEffects
359 362 366-368 161
LdrInitializeThunk
145 146
LeaveCriticalSection
303
LineTo
623
LpcExitThread
575
LpcInitSystem
89 568
LpcpAcquireLpcpLock
575
LpcpAcquireLpcpLockByThread
575
LpcpAllocateFromPortZone
574
LpcpClosePort
575
LpcpCreatePort
570
LpcpDeletePort
575
LpcpDestroyPortQueue
575
LpcpFreeToPortZone
574
LpcpGenerateMessageId
575
LpcpMoveMessage
574
LpcpReleaseLpcpLock
575
LpcRequestPort
574
LpcRequestWaitReplyPort
574
LpcRequestWaitReplyPortEx
574 576
LsaLogonUser
93
LsaLookupAuthenticationPackage
93
MiAddMdlTracker
122
MiAgeWorkingSet
289
MiAllocatePagesForMdl
280
MiAllocatePoolPages
210-216 220 222
MiAllocateVad
233
MiAllowWorkingSetExpansion
233
MiAllowWorkingSetExpension
482
MiBuildPagedPool
199 213 218
MiChargeCommitment
230
MiChargeCommitmentCantExpand
216
MiCheckForUserStackOverflow
261
MiCheckPdeForPagedPool
259
MiCheckSystemPteProtection
259
MiCheckSystemTrimEndCriteria
290
MiCheckVirtualAddress
260 551
MiCloneProcessAddressSpace
120 233
MiCompleteProtoPteFault
263 265
MiComputeSystemTrimCriteria
288 289
MiCopyOnWrite
260 261 264
MiCreateBitMap
214
MiCreateDataFileMap
242 243 247 264
MiCreateImageFileMap
242 243 246 247 264
MiCreatePagingFileMap
242-246 264
MiDecrementReferenceCount
281
MiDecrementShareCount
274 283
MiDeletePte
274
MiDeleteSystemPageableVm
216
MiDeleteVirtualAddress
240 249 273 274
MiDetermineTrimAmount
289 290
MiDispatchFault
260-263
MiEnablePagingOfDriverAtInit
208
MiEnablePagingTheExecutive
208
MiFeedSysPtePool
227
MiFillWsleHash
292
MiFindEmptyAddre***ange
239 240 246 247
MiFindEmptyAddre***angeDown
246 247
MiFindEmptyAddre***angeInTree
240
MiFindNodeOrParent
238
MiFreeMdlTracker
122
MiFreeNonPagedPool
212
MiFreePoolPages
210 212 214-216 222 223
MiFreeWsleList
274 290
MiGatherMappedPages
281 282
MiGatherPagefilePages
281 282
MiGetVirtualAddressMappedByPte
202
MiHighPagedPoolThreshold
214
MiInitializeCopyOnWritePfn
265
MiInitializeLoadedModuleList
199
MiInitializeMemoryEvents
208 285
MiInitializeNonPagedPool
204 209 210 218
MiInitializeNonPagedPoolThresholds
204 209
MiInitializeSessionIds
208
MiInitializeSessionWsSupport
208
MiInitializeSystemCache
199 482
MiInitializeSystemPtes
205 226
MiInitializeWorkingSetList
232
MiInitMachineDependent
139 196 198 200 205-209 217 226 275
MiInPageSingleKernelStack
284
MiInsertFrontModifiedNoWrite
277
MiInsertImageSectionObject
246
MiInsertNode
238 239
MiInsertPageInFreeList
273 276
MiInsertPageInList
276-278
MiInsertStandbyListAtFront
276
MiInsertVad
239 248
MiInsertVadCharges
239 240 248
MiInsertZeroListAtBack
276
MiLocateWsle
292
MiLowPagedPoolThreshold
214
MiMakeOutswappedPageResident
284
MiMakeProtectionMask
264 265
MiMapBBTMemory
207
MiMappedPageWriter
282
MiMapViewOfDataSection
245-247
MiMapViewOfImageSection
245 247
MiMapViewOfPhysicalSection
245 249
MiModifiedPageWriter
274 280
MiModifiedPageWriterTimerDispatch
281
MiModifiedPageWriterWorker
280-282
MiniportSend
600
MiOutPageSingleKernelStack
283
MiProcessWorkingSets
274 287 289 290
MiRearrangeWorkingSetExpansionList
288
MiReleaseSystemPtes
226-228
MiReloadBootLoadedDrivers
198
MiRemoveAnyPage
262 264 265 273-275 278
MiRemoveMappedView
249
MiRemoveNode
238 239
MiRemovePageByColor
278
MiRemovePageFromList
276-278
MiRemoveVad
239
MiRemoveWorkingSetPages
274 290
MiRemoveWsle
290 482
MiRemoveZeroPage
262 265 274 275 278
MiReserveAlignedSystemPtes
227
MiReserveSystemPtes
226-228
MiResolveDemandZeroFault
260-262 273
MiResolveMappedFileFault
263 494
MiResolvePageFileFault
262 263 273
MiResolveProtoPteFault
262 263
MiResolveTransitionFault
262 272
MiRestoreTransitionPte
277
MiReturnCommitment
216
MiReturnPageTablePageCommitment
239 240
MiSectionInitialization
207 249
MiSessionAddProcess
230 231
MiSessionWideInitializeAddresses
208
MiStartZeroPageWorkers
208
MiTrimWorkingSet
274 289 291
MiUnlinkFreeOrZeroedPage
276
MiUnlinkPageFromList
262 264 265 272 277
MiUnmapLargePages
200
MiUnmapViewOfSection
249
MiUpdateMdlTracker
122
MiUpdateSystemPdes
232
MiUpdateWsle
482
MiWriteComplete
281 282
MiWriteProtectSystemImage
208
MiZeroPhysicalPage
278
MmAccessFault
257 259 261 263
MmAllocatePagesForMdl
279
MmAllocatePagesForMdlEx
279 280
MmAllocateSpecialPool
223
MmCheckCachedPageState
495
MmCopyToCachedPage
486
MmCreateKernelStack
609
MmCreateProcessAddressSpace
229 231 239 287
MmCreateSection
241 242 244 246 247 264 483
MmEnableModifiedWriteOfSection
277 491
MmExtendSection
483
MmFlushSection
486 493 497
MmFreePagesByColor
275
MmFreePagesFromMdl
279 280
MmGetSystemAddressForMdlSafe
454
MmInitializeHandBuiltProcess2
232
MmInitializeMemoryLimits
198
MmInitializeProcessAddressSpace
138 229 231 233 234 236
MmInitSystem
86 89 90 139 196-200 206 207 213 248 276 280 285
MmInPageKernelStack
284
MmIsMemoryAvailable
288
MmLoadSystemImage
396 607
MmMapViewInSystemCache
485
MmMapViewOfSection
233 245-247 249
MmOutPageKernelStack
162 283
MmOutSwapProcess
283 284
MmPageEntireDriver
607
MmProbeAndLockPages
454 492 493
MmResetPageFaultReadAhead
494
MmSavePageFaultReadAhead
494
MmSetAddre***angeModified
486 491
MmSetPageFaultReadAhead
493 494
MmUnloadSystemImage
408
MmUnlockPages
454 458 492 493 493
MmUnmapViewInSystemCache
485 491
MmWorkingSetManager
274 288 293
MmZeroPageThread
86 273 275
Module32First
295
Module32Next
295
MsFsdCreateMailslot
587
NdisAllocatePacket
600
NdisMIndicateReceivePacket
600
NdisMRegisterMiniport
601
NdisSend
600
NtAcceptConnectPort
572 573
NtAcceptPort
567
NtAllocateVirtualMemory
240 249
NtCallbackReturn
620
NtClose
447 448
NtCompleteConnectPort
567 572 573
NtConnectPort
567 571
NtCreateDirectoryObject
58
NtCreateFile
404 406 447 455 510 517 545 551 552 554 555 563 583 587 594 595
NtCreateIoCompletion
465-467
NtCreateKey
68 72
NtCreateMailslotFile
406 585 586 588 594
NtCreateNamedPipe
583
NtCreateNamedPipeFile
406 578 581 586 594
NtCreatePagingFile
24
NtCreatePort
567 569 570
NtCreateProcess
21 136 143
NtCreateProcessEx
136 143 137
NtCreateSection
264
NtCreateThread
139
NtCreateWaitablePort
567 569 570
NtDeleteKey
72
NtDeleteValueKey
72
NtDeviceIoControlFile
31 447 449-455 525 594 595
NtEnumerateKey
72
NtFlushBuffersFile
451
NtFlushKey
72
NtFreeVirtualMemory
240 274
NtFsControlFile
450 451
NtGdiBitBlt
606
NtGdiLineTo
623
NtInitializeRegistry
68 72 91
NtLinstenPort
567 570
NtLoadDriver
396 397
NtLoadKey
69 72
NtLockFile
451
NtMapViewOfSection
245
NtNotifyChangeDirectoryFile
451
NtNotifyChangeKey
72
NtNotifyChangeMultipleKeys
72
NtOpenFile
21
NtOpenKey
70-72
NtPowerInformation
418
NtPulseEvent
153
NtQueryDirectoryFile
451
NtQueryEaFile
451
NtQueryInformationProcess
124
NtQueryKey
72
NtQueryQuotaInformationFile
451
NtQueryValueKey
70 72
NtQueryVolumeInformationFile
451
NtQueueApcThread
336
NtRaiseException
341
NtReadFile
31 124 407 449 451-453 455 457 459 484 511 583 595 606
NtReadFileScatter
451
NtReleaseKeyedEvent
153
NtReleaseMutant
153
NtReleaseSemaphore
153
NtRemoveIoCompletion
466 467
NtReplaceKey
72
NtReplyPort
567 574
NtReplyWaitReceivePort
567 570 574
NtReplyWaitReceivePortEx
567 571 574
NtReplyWaitReplyPort
567 574
NtRequestPort
567 574
NtRequestWaitReplyPort
567 574
NtRestoreKey
72
NtResumeThread
140
NtSaveKey
72
NtSecureConnectPort
567 571 572
NtSetCompletion
468
NtSetEaFile
451
NtSetEvent
153
NtSetEventBoostPriority
153
NtSetInformationFile
466 467
NtSetInformationProcess
152
NtSetIoCompletion
467
NtSetQuotaInformationFile
451
NtSetSystemInformation
607
NtSetTimer
21
NtSetValueKey
72
NtSetVolumeInformationFile
451
NtSignalAndWaitForSingleObject
153
NtSuspendThread
379
NtTerminateProcess
148
NtTerminateThread
146
NtUnlockFile
451
NtUnmapViewOfSection
249
NtUserCreateDesktop
611
NtUserCreateWindowEx
615
NtUserCreateWindowStation
611
NtUserDispatchMessage
618
NtUserGetMessage
563 618
NtUserPostMessage
606 618
NtUserPostThreadMessage
618
NtVdmControl
121
NtWaitForKeyedEvent
153
NtWriteFile
31 124 407 449 451 452 455 459 484 511 583 594 595 606
NtWriteFileGather
451
NtYieldExecution
159
ObCheckObjectAccess
77 78
ObCreateObject
56-58 138 141 242 397 400 406 407 569-571 582
ObCreateObjectType
55
ObDereferenceObject
61 134 408
ObfDereferenceObject
448
ObGetObjectSecurity
77
ObInitSystem
86 89 407
ObInsertObject
59 134 142 397 400 569
ObOpenObjectByName
59 69-71 406 447 455 510 581 586
ObpAllocateObject
58 60
ObpAuditObjectAccess
134
ObpCloseHandle
134 448
ObpCloseHandleTableEntry
134 448
ObpCreateHandle
134
ObpDecrementHandleCount
61 134 448
ObpDeleteDirectoryEntry
59
ObpFreeObject
58
ObpIncrementHandleCount
61
ObpInsertDirectoryEntry
59
ObpLookupDirectoryEntry
59 60 406 407 510
ObpLookupObjectName
59 60 70 71 129 406 407 510 581 582 586 587
ObpParseSymbolicLink
582
ObpRemoveObjectRoutine
448
ObReferenceObjectByHandle
60 71 78 133 134 137 138 450
ObReferenceObjectByName
59 608
ObReferenceObjectByPointer
61 134
OpbLookObjectName
455
OpenSCManager
438
OpenService
438
PeekMessage
618
Phase1Initialization
86
Phase1InitializationDiscard
323 67 86-88 149 196 393 418 479
PipCallDriverAddDevice
435 436
PoCallDriver
421
PoInitDriverServices
393 394
PoInitSystem
88 90 418
PoRequestPowerIrp
421 422
PoSetPowerState
420
PostMessage
606
PostQueuedCompletionStatus
468
PpInitSystem
86 89
PpLastGoodDoBootProcessing
393
ProbeForRead
454
ProBeForWrite
454
ProbeForWrite
21
PsChangeQuantumTable
164
PsConvertToGuiThread
561 609
PsCreateSystemProcess
137
PsCreateSystemThread
36 140 149
PsEsablishWin32Callouts
607 608
PsExitSpecialApc
147
PsGetCurrentProcess
333 135
PsGetCurrentThread
135
PsInitSystem
86 90 148 149
PsLocateSystemDll
393
PsLookupProcessByProcessId
135
PsLookupProcessThreadByCid
135
PsLookupThreadByThreadId
135
PsMapSystemDll
233
PspChargeQuota
119
PspComputeQuantumAndPriority
139 152 164
PspCreateProcess
47 58 134 137 139 142 143 164 229 231 232 576
PspCreateThread
47 58 140 141 144 145 157
PspExitApcRundown
147
PspExitNormalApc
147
PspExitThread
147 148 366 367 460 575 575
PspInitializeProcessSecurity
138
PspInitializeSystemDll
149
PspInitPhase0
86 137 149 164
PspInitPhase1
149
PspLockThreadSecurityExclusive
128
PspLockThreadSecurityShared
128
PspLookupKernelUserEntryPoints
149 552
PspQueueApcSpecialApc
336
PspTerminateThreadByPointer
146-148
PspUserThreadStartup
145
PspW32ProcessCallout
609
PspW32ThreadCallout
609
PsSetProcessWin32Process
609
PsSetThreadWin32Thread
609
PsTerminateProcess
148
PsTerminateSystemThread
146
PsWatchWorkingSet
121
PtInRect
606
RaiseException
341
RawCreate
520
RawFileSystemControl
520
RawInitialize
519 520
RawMountVolume
508 509 520
RawReadWriteDeivceControl
520
ReadFile
404 580 606
ReadFileEx
335 404 459 580
RtlCreateUserProcess
90
RtlDispatchException
340 341
RtlFindClearBitsAndSet
214 215
SeAccessCheck
78
SeCreateAccessStateEx
142
SeInitSystem
86
SeMakeAnonymousLogonToken
81
SeMakeAnonymousLogonTokenNoEveryone
81
SeMakeSystemToken
81
SepAccessCheck
78
SepMaximumAccessCheck
78
SepNormalAccessCheck
78
SepPrivilegeCheck
79
SePrivilegeCheck
79
SepVariableInitialization
80
SeRmInitPhase1
90
SeSinglePrivilegeCheck
81
SetMailslotInfo
586
SetNamedPipeHandleState
581
SetProcessWindowStation
611
SetThreadDesktop
611
SetWindowHookEx
618
SmpLoadDataFromRegistry
92
StartService
438
SwapContext
74 169 170 326 547
Thread32First
295
Thread32Next
295
TransactNamedPipe
581
TranslateMessage
616
UnhookWindowsHookEx
618
VideoPortGetProcAddress
625
VideoPortInitialize
625
VideoPortMapMemory
624
VirtualAlloc
45 235 240
VirtualAllocEx
45 235 240
VirtualFree
45 235 240
VirtualFreeEx
45 235 240
VirtualLock
235
VirtualUnlock
235
VirutalLock
491
WaitNamedPipe
580
Win32UserInitialize
607
WMIInitialize
393 394
WmipAllocateTraceBufferPool
74
WmipStartLogger
74
WmiTraceContextSwap
74
WriteFile
404 580 606
WriteFileEx
335 404 459 580
XxAcquireFastMutex
370
XxReleaseFastMutex
370
ZwAcceptConnectPort
576
ZwCompletePort
576
ZwConnectPort
577
ZwOpenKey
70
ZwQueryValueKey
70 72
ZwWaitForSingleObject
90
结构
结构名称
页数
_BCB
487
_DEVICE_CAPABILITIES
418
_DEVICE_OBJECT
401
_DEVOBJ_EXTENSION
402
_DISPATCH_HEADER
355
_DRIVER_EXTENSION
401
_DRIVER_OBJECT
400
_EPROCESS
118
_ERESOURCE
370
_ETHREAD
125
_EX_PUSH_LOCK
373
_EXCEPTION_RECORD
337
_FAST_IO_DISPATCH
452
_FILE_OBJECT
405
_FLT_OPERATION_REGISTRATION
528
_FLT_REGISTRATION
528
_HANDLE_TABLE
130
_HANDLE_TABLE_ENTRY
132
_IO_STACK_LOCATION
442
_IRP
440
_KAPC
331
_KAPC_STATE
332
_KDPC
324
_KINTERRUPT
320
_KMUTANT
363
_KPRCB
158
_KPROCESS
107
_KQUEUE
364
_KSERVICE_TABLE_DESCRIPTOR
555
_KTHREAD
110
_KTIMER
328
_KTIMER_TABLE_ENTRY
328
_KTRAP_FRAME
339
_KWAIT_BLOCK
355
_LOADER_PARAMTER_BLOCK
84
_LPCP_MESSAGE
569
_LPCP_PORT_OBJECT
567
_LUID_AND_ATTRIBUTES
79
_MDL
279
_MM_AVL_TABLE
236
_MM_PAGED_POOL_INFO
213
_MMADDRESS_NODE
236
_MMCOLOR_TABLES
275
_MMFREE_POOL_ENTRY
210
_MMLISTS
270
_MMPFN
266
_MMPFNENTRY
269
_MMPFNLIST
270
_MMPTE
256
_MMPTE_HARDWARE
252
_MMPTE_LIST
224
_MMPTE_PROTOTYPE
256
_MMPTE_SOFTWARE
254
_MMPTE_TRANSITION
254
_MMSUPPORT
287
_MMVAD
236
_MMWSL
286
_MMWSLE
287
_MMWSLE_HASH
291
_MMWSLENTRY
286
_OBJECT_HEADER
54
_OBJECT_TYPE
54
_OBJECT_TYPE_INITIALIZER
55
_PERFINFO_GROUPMASK
73
_PERFINFO_TRACE_HEADER
630
_POOL_DESCRIPTOR
216
_POOL_HEADER
219
_SECTION
241
_SINGLE_LIST_ENTRY
346
_SLIST_HEADER
346
_VACB
479
_VPB
509
_WIN32_CALLOUTS_FPNS
608
MSG
616
全局变量
变量名称
页数
_IDT
316
_KeTickCount
327 328
CcDeferredWrites
496 498
CcDirtyPageTarget
497
CcDirtyPageThreshold
498
CcExpressWorkQueue
494 495 497
CcIdleWorkerThreadList
495
CcRegularWorkQueue
495 497
CcTotalDirtyPages
497 498
CcTwilightLookasideList
494
CcVacbFreeList
479 491
CcVacbLru
479
CcVacbs
479
CmKeyObjectType
55 67 70
DbgkDebugObjectType
55
ExCallbackObjectType
55
ExCriticalWorkerThreads
495
ExDesktopObjectType
55
ExEventObjectType
55
ExEventPairObjectType
55
ExMutantObjectType
55
ExpKeyedEventObjectTpye
55
ExpNonPagedPoolDescriptor
217
ExpNumberOfNonPagedPools
217
ExpNumberOfPagedPools
217
ExpPagedPoolDescriptor
217 218
ExpPoolFlags
223
ExProfileObjectType
55
ExpSystemResourcesList
371
ExSemaphoreObjectType
55
ExTimerObjectType
55
ExWindowStationObjectType
55
InitializationPhase
85
IoAdapterObject
55
IoCompletionObjectType
55 465
IoControllerObjectType
55
IoDeviceHandlerObjectType
55
IoDeviceObjectType
55
IoFileObjectType
55
IopCdRomFileSystemQueueHead
507
IopDiskFileSystemQueueHead
507
IopNetworkFileSystemQueueHead
507
IopTapeFileSystemQueueHead
507
IRQL
317
KeActiveProcessors
137
KeServiceDescriptorTable
116 555 561 562 564 589
KeServiceDescriptorTableShadow
116 561 562 564 589 607 609
KiIdleSummary
165
KiProcessInSwapListHead
284
KiProcessorBlock
165
KiProcessOutSwapListHead
109 283
KiProfileListHead
108
KiStackInSwapListHead
114
KiTimerTableListHead
328 329
LargeSystemCache
477
LdrInitializeThunk
145
LpcPortObjectType
55
LpcWaitablePortObjectType
55
MaximumSystemCacheSize
199
MiEndOfInitialPoolFrame
210
MiFullyInitialized
208
MiInitializeSystemCache
478
MiLowPagedPoolEvent
215
MiLowPagedPoolThreshold
215
MiMaximumSystemCacheSizeExtra
206 207
MiMaximumWorkingSet
291
MinimumWorkingSetSize
230
MiNonPagedPoolSListHead
212
MiNonPagedPoolSListMaximum
212
MiSessionImageEnd
198 207
MiSessionImageStart
198
MiSessionPoolEnd
198
MiSessionPoolStart
198 207 213
MiSessionSpaceWs
198 207
MiSessionViewStart
198
MiStartOfInitialPoolFrame
210
MiSystemCacheEndExtra
477
MiSystemCacheStartExtra
206 207 477
MiSystemPteNBHead
225 226 228
MiSystemPteSListHead
226
MiSystemViewStart
198 207 206 476
MiUseMaximumSystemSpace
204
MiUseMaximumSystemSpaceEnd
204
MmAllocationFragment
248
MmAvailablePages
285
MmCodeClusterSize
199
MmDataClusterSize
199
MmDisablePagingExecutive
214
MmFirstFreeSystemCache
478
MmFirstFreeSystemPte
226-228
MmFreedExpansionPoolMaximum
199
MmFreePageListHead
276 278
MmHighestPhysicalPage
200
MmHighestUserAddress
196 207
MmHighMemoryThreshold
285
MmHyperSpaceEnd
207
MmInPageSupportMinimum
199
MmLargeSystemCache
476
MmLowestPhysicalPage
200
MmLowMemoryThreshold
285
MmMaximumDeadKernelStacks
199
MmMaximumNonPagedPoolInBytes
200 201
MmMaximumWorkingSetSize
199 287
MmModifiedNoWirtePageListHead
491
MmModifiedPageListHead
277 281
MmModifiedPageMaximum
199 280
MmModifiedWriteClusterSize
281
MmNonPagedPoolEnd
201 202 207 210
MmNonPagedPoolEnd0
207 210 476
MmNonPagedPoolExpansionStart
206 207 224 210
MmNonPagedPoolFreeListHead
210 211
MmNonPagedPoolStart
201 206 207 210 476
MmNonPagedSystemStart
201 202 205 206 213 224
MmNumberOfPhysicalPages
200 207
MmNumberOfSystemPtes
197
MmPagedPoolEnd
207 213
MmPagedPoolInfo
213 214
MmPagedPoolPage
482
MmPagedPoolStart
197 206 207 213 476
MmPfnDatabase
206 207
MmPlentyFreePages
288
MmProcessCommit
230
MmProcessList
124 230
MmReadClusterSize
199
MmResidentAvailablePages
199
MmSecondaryColorMask
200
MmSecondaryColors
200
MmSectionObjectType
55
MmSessionBase
198 206 207
MmSessionImageSize
198 207
MmSessionSpace
213 214 231
MmSessionViewSize
198
MmSharedUserDataPte
207 551
MmSizeOfNonPagedPoolInBytes
200 201 210
MmSizeOfPagedPoolInBytes
197 213
MmSizeOfSystemCacheInPages
199 477
MmStandbyPageListByPriority
276 277
MmStandbyPageListHead
276 277
MmSysPteIndex
225
MmSysPteListBySizeCount
226 227
MmSysPteMinimumFree
226 227
MmSysPteTables
225
MmSystemCacheEnd
199 476
MmSystemCachePage
482
MmSystemCacheStart
197 206 207 476
MmSystemCacheWorkingSetList
199 206 207 476 482
MmSystemCacheWs
481
MmSystemCacheWsMinimum
199
MmSystemCodePage
482
MmSystemDriverPage
482
MmSystemPagePtes
234
MmSystemPteBase
207
MmSystemPtesEnd
226
MmSystemPtesStart
226
MmSystemRangeStart
196 207
MmSystemViewSize
198
MmTotalCommitLimit
199
MmTotalCommitLimitMaximum
199
MmTotalFreeSystemPtes
226
MmUserProbeAddress
196 207
MmWorkingSetExpansionHead
288-290 482
MmWorkingSetList
207 234 286
MmZeroedPageListHead
276 278
MxPfnAllocation
200
NonPagedPoolDescriptor
217 218
ObpDeviceMapObjectType
55
ObpDirectoryObjectType
55 58
ObpKernelHandleTable
133
ObpRootDirectoryObject
58 407
ObpTypeObjectType
55
PerfGlobalGroupMask
74
pIoAllocateIrp
445
PoolVector
217 219
PopCapabilities
418
PopPolicy
418
PsActiveProcessHead
119 139
PsInitialSystemProcess
137-139
PsJobType
55
PsLoadedModuleList
395
PsMaximumWorkingSet
137
PspCidTable
134
PspForegroundQuantum
164
PspInitialSystemProcessHandle
137
PspPriorityTable
152
PsProcessType
55 138
PspSystemDll
145
PsThreadType
55
PsWatchEnabled
121
SeTokenObjectType
55
SystemTraceControlGuid
73
WmipGuidObjectType
55
SepRmState
576
手机扫一扫
移动阅读更方便
你可能感兴趣的文章