最近学习《Windows内核原理与实现》发现其博大精深,粗略过了一遍,很多东西比较茫然,看书之余把书中涉及的函数,结构,全局变量的所在页数总结出来,便于以后查阅。
由于半自动半手工,难免有写错的地方,如有发现还请留言通知,谢谢。
函数
| 函数名称 | 所在页数 |
| _KeSystemStartup | 149 |
| _KiExceptionExit | 341 |
| _KiFastCallEntry | 552 554 |
| _KiServiceExit | 553 |
| _KiShutUpAssembler | 321 |
| _KiSystemCallExitBranch | 553 |
| _KiSystemService | 546 552 |
| _KiSystemServiceRepeat | 552 553 555 556 561 |
| _KiSystemStartup | 547 |
| _KiTrap?? | 337 |
| _KiTrap0E | 315 348 257 |
| AllocateAdapterControl | 429 |
| BaseProcessStart | 143 145 |
| BitBlt | 606 |
| CallNamedPipe | 581 |
| CallNextHookEx | 620 |
| CancelIo | 648 |
| CancelIoEx | 648 |
| CancelSynchronousIo | 648 |
| CcAllocateInitializeBcb | 490 |
| CcAllocateWorkQueueEntry | 494 |
| CcCanIWrite | 498 499 |
| CcCopyRead | 484-486 494 494 |
| CcCopyWrite | 484 486 498 499 |
| CcCreateVacbArray | 481 483 |
| CcDeallocateBcb | 490 |
| CcDeferWrite | 498 |
| CcExtendVacbArray | 481 483 |
| CcFastCopyRead | 484 486 494 494 |
| CcFastCopyWrite | 484 486 499 |
| CcFindBcb | 489 |
| CcFlushCache | 497 511 |
| CcFreeVirtualAddress | 490-493 495 |
| CcGetBcbListHead | 489 |
| CcGetBcbListHeadLargeOffset | 489 |
| CcGetVacbMiss | 485 |
| CcGetVirtualAddress | 485 486 490-493 495 |
| CcInitializeCacheManager | 89 479 483 495 497 |
| CcInitializeCacheMap | 483 |
| CcInitializeVacbs | 479 |
| CcLazyWriteScan | 496-498 |
| CcMapAndCopy | 486 |
| CcMapAndRead | 490 493 |
| CcMapData | 487 491 492 515 |
| CcMapDataCommon | 491 492 |
| CcMapDataForOverwrite | 491 492 |
| CcMdlRead | 492 494 494 |
| CcMdlReadComplete | 492 |
| CcMdlReadComplete2 | 492 |
| CcMdlWriteAbort | 493 |
| CcMdlWriteComplete | 493 |
| CcMdlWriteComplete2 | 493 496 |
| CcMidRead | 492 |
| CcPerformReadAhead | 495 |
| CcPfInitializePrefetcher | 89 |
| CcPinFileData | 490-492 |
| CcPinMappedData | 487 492 492 |
| CcPinRead | 487 491 492 515 |
| CcPostDeferredWrites | 497-499 499 |
| CcPostWorkQueue | 494-497 |
| CcPrepareMdlWrite | 493 |
| CcPreparePinWrite | 487 491 492 515 |
| CcReadAhead | 495 |
| CcRegularWorkQueue | 496 |
| CcScanDpc | 496 |
| CcScheduleLazyWriteScan | 496 497 497 |
| CcScheduleReadAhead | 494 495 495 |
| CcSetDirtyInMask | 486 493 496 |
| CcSetDirtyPinnedData | 487 492 |
| CcUninitializeCacheMap | 491 |
| CcUnmapVacb | 491 |
| CcUnmapVacbArray | 491 |
| CcUnpinData | 487 492 |
| CcUnpinFileData | 490 |
| CcUnpinFileDataEx | 490-492 |
| CcWorkerThread | 495-497 |
| CcWriteBehind | 497 |
| CloaseHandle | 405 |
| CloseHandle | 447 580 581 |
| CloseServiceHandle | 439 |
| CmGetSystemDriverList | 395 |
| CmInitSystem1 | 67 89 |
| CmKeyObjectType | 67 |
| CmLoadKey | 69 |
| CmpBuildHashStackAndLookupCache | 71 |
| CmpCmdHiveOpen | 69 |
| CmpCmdInit | 68 |
| CmpCreateControlSet | 68 |
| CmpCreateKeyControlBlock | 70 71 |
| CmpCreateObjectTypes | 67 69 |
| CmpCreateRegistryRoot | 67 71 |
| CmpDoOpen | 71 |
| CmpFindValueByNameFromCache | 71 |
| CmpGetValueKeyFromCache | 71 |
| CmpGetValueListFromCache | 71 |
| CmpInitHiveFromFile | 69 |
| CmpInitializeHardwareConfiguration | 68 |
| CmpInitializeHive | 68 |
| CmpInitializeHiveList | 68 91 |
| CmpInitializeSystemHive | 68 |
| CmpInsertKeyHash | 70 |
| CmpLinkHiveToMaster | 68 69 |
| CmpLoadHiveThread | 69 |
| CmpMasterHive | 67 |
| CmpOpenHiveFile | 69 |
| CmpParseKey | 67 71 |
| CmpRemoveKeyHash | 70 |
| CmpSecurityMethod | 77 |
| CmpSetNetWorkValue | 68 |
| CmpSetSystemValues | 68 |
| CmQueryValueKey | 71 |
| CommonDispatchException | 337 341 257 |
| CommonDispatchException2Args | 257 |
| ConnectNamedPipe | 580 |
| ControlService | 439 |
| CreateDesktopEx | 613 |
| CreateFile | 404 438 484 499 551 579-581 |
| CreateFileW | 551 |
| CreateHardLink | 649 |
| CreateIoCompletionProt | 465 466 |
| CreateMailslot | 586 |
| CreateNamedPipe | 578 580 581 |
| CreateProcess | 143 606 611 |
| CreateProcessW | 143 |
| CreateService | 438 |
| CreateSymbolicLink | 649 |
| CreateSystemRootLink | 407 |
| CreateThread | 606 |
| CreateToolhelp32napshot | 295 |
| CreateWindow | 615 |
| CreateWindowEx | 615 |
| DbgForwardException | 341 576 |
| DbgkInitialize | 86 |
| DbgkpSendApiMessageLpc | 576 |
| DdCreateSurface | 626 |
| DdGetDriverInfo | 626 627 |
| DeleteService | 439 |
| DeviceIoControl | 431 438 447 449 525 |
| DisconnectNamedPipe | 580 |
| DispatchMessage | 616 618 |
| DispatchMessageA | 616 |
| DispatchMessageW | 616 |
| DrvBitBlt | 622 |
| DrvCopyBits | 623 |
| DrvEnableDirectDraw | 626 |
| DrvEnableDriver | 622 |
| DrvEnablePDEV | 622 |
| DrvEnableSurface | 622 |
| DrvGetDirectDrawInfo | 626 |
| DrvLineTo | 623 |
| DrvStrokePath | 623 |
| DrvTextOut | 623 |
| DwmEnableBlurBehindWindow | 627 |
| DwmEnableComposition | 627 |
| DwmExtendFrameIntoClientArea | 627 |
| DwmRegisterThumbnail | 628 |
| DwmUnregisterThumbnail | 628 |
| DwmUpdateThumbnailProperties | 628 |
| DxgkInitialize | 629 |
| EngBitBlt | 622 |
| EngCreateDeviceSurface | 623 |
| EngDeviceIoControl | 624 |
| EngLineTo | 623 |
| EngModifySurface | 623 |
| EnterCriticalSection | 303 |
| EnumChildWindows | 615 |
| EnumDesktopWindows | 614 |
| EnumProps | 615 |
| EnumThreadWindows | 615 |
| EnumWindowStations | 614 |
| ExAcquireCacheAwarePushLockExclusive | 378 |
| ExAcquireCacheAwarePushLockShared | 378 |
| ExAcquireFastMutex | 370 |
| ExAcquireResourceExclusiveLite | 371 372 |
| ExAcquireResourceSharedLite | 371 372 |
| ExAcquireSpinLockExclusive | 351 |
| ExAcquireSpinLockShared | 351 |
| ExAdjustLookasideDepth | 293 |
| ExAllocateCacheAwarePushLock | 378 |
| ExAllocatePoolWithQuotaTag | 445 |
| ExAllocatePoolWithTag | 45 218 220 223 245 445 |
| ExCreateHandle | 134 141 |
| ExCreateHandleTable | 131 |
| ExDeleteResourceLite | 371 373 |
| ExfAcquirePushLockExclusive | 376 |
| ExfAcquirePushLockShared | 376 |
| ExFreeCacheAwarePushLock | 378 |
| ExFreePoolWithTag | 45 218 222 223 |
| ExfReleasePushLockExclusive | 376 377 |
| ExfReleasePushLockShared | 376 377 |
| ExfWakePushLock | 377 |
| ExInitializePoolDescriptor | 218 |
| ExInitializePushLock | 376 |
| ExInitializeResourceLite | 371 372 |
| ExInitSystem | 86 |
| ExInitSystemPhase2 | 89 |
| ExInterlockedCompareExchange64 | 345 |
| ExMapHandleToPointerEx | 134 |
| ExpAllocateHandleTable | 131 |
| ExpAllocateHandleTableEntry | 132 |
| ExpAllocateHandleTableEntrySlow | 131 |
| ExpFreeHandleTableEntry | 132 |
| ExpInitializeExecutive | 86 149 195 556 |
| ExpInitializePushLocks | 376 |
| ExpInsertPoolTrackerInline | 223 |
| ExpLookupHandleTableEntry | 134 |
| ExpRemovePoolTrackerInline | 223 |
| ExpWaitForResource | 372 |
| ExQueueWorkItem | 366 36 495 |
| ExReleaseCacheAwarePushLockExclusive | 378 |
| ExReleaseCacheAwarePushLockShared | 378 |
| ExReleaseFastMutex | 370 |
| ExReleaseResourceLite | 371-373 |
| ExReleaseSpinLockExclusive | 351 |
| ExReleaseSpinLockShared | 351 |
| ExTryAcquireSpinLockExclusive | 351 |
| FatCommonCreate | 534 |
| FatCommonRead | 534 |
| FatCommonWrite | 534 |
| FatCreateNewDirectory | 534 |
| FatCreateNewFile | 534 |
| FatFsdRead | 534 |
| FatFsdWrite | 534 |
| FatInitializeVcb | 533 |
| FatMountVolume | 533 |
| FatPagingFileIo | 534 |
| FindWindow | 615 |
| FindWindowEx | 615 |
| FltRegisterFilter | 527 529 |
| FltStartFiltering | 527 528 |
| FsRtlCheckLookForReadAccess | 522 |
| FsRtlCheckLookForWriteAccess | 522 |
| FsRtlInitSystem | 89 |
| FsRtlProcessFileLock | 521 |
| FsRtlRegisterFileSystemFilterCallbacks | 522 |
| FsRtlRegisterUncProvider | 522 578 |
| GetCurrentProcess | 606 |
| GetcurrentProcessId | 606 |
| GetMailslotInfo | 586 |
| GetMessage | 616 |
| GetPerformanceInfo | 295 |
| GetQueuedCompletionStatus | 466 |
| GlobaMemoryStatusEx | 295 |
| HalInitializeProcessor | 316 86 88 |
| HalInitPnpDriver | 393 |
| HalInitSystem | 86 88 |
| HalQueryRealTimeClock | 89 |
| HalRequestSoftwareInterrupt | 327 328 334 |
| HalStartNextProcessor | 87 |
| Heap32First | 295 |
| Heap32Next | 295 |
| HwVidInitialize | 624 |
| InbvUpdateProgressBar | 90 |
| InitializeGre | 607 |
| InitializePool | 205 214 218 |
| InitialTab | 141 |
| InterlockedAnd | 345 |
| InterlockedCompareExchange | 345 |
| InterlockedCompareExchange64 | 345 346 |
| InterlockedCompareExchangePointer | 377 |
| InterlockedDecrement | 345 |
| InterlockedExchange | 345 |
| InterlockedExchangeAdd | 345 |
| InterlockedIncrement | 300 345 |
| InterlockedOr | 345 |
| InterlockedPopEntrySList | 346-348 |
| InterlockedPushEntrySList | 346-348 445 |
| InterlockedXor | 345 |
| IoAcquireCancelSpinLock | 460 |
| IoAllocateDriverObjectExtension | 502 503 |
| IoAllocateIrp | 449 451 |
| IoAllocateMdl | 453 454 492 |
| IoAssignDriveLetters | 394 |
| IoAsynchronousPageWrite | 281 282 484 486 |
| IoAttachDevice | 403 |
| IoAttachDeviceToDeviceStack | 403 433 436 |
| IoAttachDeviceToDeviceStackSafe | 403 |
| IoBuildAsynchronousFsdRequest | 451 |
| IoBuildDeviceIoControlRequst | 451 |
| IoBuildSynchronousFsdRequest | 451 |
| IoCallDriver | 407 446 447 449 451-453 455-458 460 462 463 582 622 |
| IoCancelIrp | 429 460 |
| IoCancelThreadIo | 460 |
| IoCompleteRequest | 429 456 457 459 461 463 465 |
| IoConnectInterrupt | 322 |
| IoCopyCurrentIrpStackLocationToNext | 446 463 |
| IoCreateDevice | 400 402 428 436 438 509 533 |
| IoCreateDriver | 397 401 |
| IoCreateFile | 406 447 581 586 |
| IoCreateObjectTypes | 393 |
| IoCreateSymbolicLink | 438 |
| IoDisconnectInterrupt | 322 |
| IoEnumerateDeviceObjectList | 524 |
| IofCallDriver | 449 |
| IoFreeMdl | 454 493 493 |
| IoGetAttachedDevice | 442 510 |
| IoGetDmaAdapter | 429 |
| IoGetRelatedDeviceObject | 442 |
| IoInitializeDpcRequest | 326 |
| IoInitializeTimer | 430 |
| IoInitSystem | 89 90 393 394 396 445 |
| IoInvalidateDeviceRelations | 413 431 433 |
| IoInvalidateDeviceState | 413 |
| IopAcquireFileObjectLock | 455 |
| IoPagedRead | 484 486 |
| IoPageRead | 263 |
| IopAllocateIrpMustSucceed | 449 |
| IopAllocateIrpPrivate | 445 451 460 |
| IopCallDriverReinitializationRoutines | 393 |
| IopCheckBackupRestorePrivilege | 81 |
| IopCheckVpbMounted | 507 520 |
| IopCloseFile | 448 |
| IopCompleteRequest | 453 458-460 464 466 467 648 |
| IopCreateFile | 447 455 510 520 581 586 |
| IopCreateObjectTypes | 407 465 |
| IopCreateRootDirectories | 393 |
| IopCreateVpb | 509 |
| IopDecrementDeviceObjectRef | 408 |
| IopDeleteDevice | 408 |
| IopDeleteFile | 408 448 449 |
| IopDequeueThreadIrp | 459 460 |
| IopDestroyDeviceNode | 408 |
| IopDisassociateThreadIrp | 460 |
| IopDoNameTransmogrify | 506 |
| IopDropIrp | 458 |
| IopfCallDriver | 446 449 |
| IopfCompleteRequest | 457 458 464 |
| IopFreeIrp | 445 |
| IopGetDriverNameFromKeyNode | 514 |
| IopGetSetSecurityObject | 77 |
| IopInitializeBootDrivers | 393 394 396 413 519 |
| IopInitializeBuiltinDriver | 394-396 413 428 |
| IopInitializeIrp | 445 446 |
| IopInitializePlugPlayServices | 393 |
| IopInitializeSystemDrivers | 393 395 396 413 |
| IopInsertRemoveDevice | 402 |
| IopInvalidDeviceRequest | 401 448 |
| IopLoadDriver | 395 396 401 428 439 514 |
| IopLoadFileSystemDriver | 508 |
| IopLoadUnloadDriver | 397 428 439 |
| IopMountInitializeVpb | 508 |
| IopMountVolume | 507-509 520 520 |
| IopParseDevice | 407 447 448 455 484 506 510 520 582 587 |
| IopProtectSystemPartition | 393 |
| IopQueueThreadIrp | 459 |
| IopReadyDeviceObjects | 394 |
| IopReassignSystemRoot | 393 |
| IopReleaseFileObjectLock | 455 |
| IopSynchronousServiceTail | 450 451 455 458 460 |
| IopTimerDispatch | 430 |
| IopUnloadDriver | 428 |
| IopXxxControlFile | 450 452 453 |
| IoQueueWorkItem | 366 36 |
| IoReadPartitionTable | 501 502 |
| IoReadPartitionTableEx | 501 502 |
| IoRegisterDeviceInterface | 433 503 |
| IoRegisterDriverReinitialization | 429 |
| IoRegisterFileSystem | 475 507 508 519 520 582 |
| IoRegisterFsRegistration | 507 |
| IoRegisterFsRegistrationChange | 524 |
| IoRegisterPlugPlayNotification | 503 617 |
| IoReleaseCancelSpinLock | 460 |
| IoReportDetectedDevice | 413 |
| IoRequestComplete | 446 |
| IoRequestDeviceEject | 431 |
| IoRequestDpc | 326 |
| IoSetCancelRoutine | 429 460 |
| IoSetCompletionRoutine | 429 444 458 463 |
| IoSetIoCompletion | 468 |
| IoSkipCurrentIrpStackLocation | 446 463 464 |
| IoStartTimer | 430 |
| IoStopTimer | 430 |
| IoSynchronousInvalidateDeviceRelations | 413 |
| IoSynchronousPageWrite | 486 |
| IoUnregisterFileSystem | 508 |
| IsRectEmpty | 606 |
| KdDebuggerInitialize1 | 89 |
| KeAcquireGuardedMutex | 370 |
| KeAcquireInStackQueuedSpinLock | 353 |
| KeAcquireInterruptSpinLock | 457 |
| KeAcquireQueuedSpinLock | 353 |
| KeAcquireQueuedSpinLockAtDpcLevel | 353 |
| KeAcquireQueuedSpinLockRaiseToSynch | 353 |
| KeAcquireSpinLock | 350 |
| KeAcquireSpinLockAtDpcLevel | 350 |
| KeAcquireSpinLockForDpc | 350 |
| KeAcquireSpinLockRaiseToSynch | 350 |
| KeAddSystemServiceTable | 562 563 607 |
| KeAttachProcess | 47 136 232 |
| KeBalanceSetManager | 208 282 292 445 |
| KeBoostProirityThread | 153 |
| KeBugCheck | 90 |
| KeBugKeBugCheckEx | 260 |
| KeCancelTimer | 367 |
| KeClearEvent | 362 |
| KeClearTimer | 367 |
| KeConnectInterrupt | 321 322 |
| KeContextFromKframes | 340 |
| KeDeferredReadyThread | 369 |
| KeDelayExecution | 467 |
| KeDelayExecutionThread | 357 358 160 161 166 167 |
| KeDetachProcess | 332 136 232 233 |
| KeDisconnectInterrupt | 322 323 |
| KeFlushEntireTb | 215 |
| KeFlushMultipleTb | 215 |
| KeFlushSingleTb | 215 |
| KeFreezeAllThreads | 117 |
| KeGetCurrentThread | 135 |
| Kei386EoiHelper | 322 341 |
| KeInitializeApc | 333 336 |
| KeInitializeDpc | 324 326 |
| KeInitializeEvent | 362 |
| KeInitializeGate | 369 |
| KeInitializeGuardedMutex | 370 |
| KeInitializeInterrupt | 321 322 |
| KeInitializeMutant | 363 |
| KeInitializeProcess | 138 149 |
| KeInitializeQueue | 365 466 467 |
| KeInitializeSemaphore | 364 |
| KeInitializeSpinLock | 350 |
| KeInitializeThread | 149 |
| KeInitializeTimer | 367 |
| KeInitializeTimerEx | 367 |
| KeInitSystem | 323 |
| KeInitThread | 117 141 144 145 149 561 |
| KeInsertHeadQueue | 365 |
| KeInsertQueue | 365 466 467 467 |
| KeInsertQueueApc | 333 336 153 |
| KeInsertQueueDpc | 324-326 345 368 |
| KeLeaveCriticalRegion | 335 |
| KeLeaveGuardedRegion | 335 |
| KeLowerIrql | 319 |
| KePulseEvent | 362 153 |
| KeRaiseIrql | 319 |
| KeRaiseIrqlToDpcLevel | 344 |
| KeRaiseIrqlToSynchLevel | 344 |
| KeReadyThread | 142 157 |
| KeReleaseGuardedMutex | 370 |
| KeReleaseInStackQueuedSpinLock | 353 |
| KeReleaseinterruptSpinLock | 457 |
| KeReleaseMutant | 359 363 364 368 153 161 |
| KeReleaseMutex | 364 |
| KeReleaseQueuedSpinLock | 353 |
| KeReleaseQueuedSpinLockFromDpcLevel | 353 |
| KeReleaseSemaphore | 359 364 368 372 153 161 571 573 |
| KeReleaseSpinLcokForDpc | 350 |
| KeReleaseSpinLock | 350 |
| KeReleaseSpinLockFromDpcLevel | 350 |
| KeRemoveQueue | 365 366 161 167 466 467 |
| KeRemoveQueueApc | 336 |
| KeRemoveQueueDpc | 324 325 |
| KeRemoveSystemServiceTable | 562 |
| KeResetEvent | 362 |
| KeResumeThread | 117 |
| KeRevertToUserAffinityThread | 159 |
| KeRundownQueue | 365 |
| KeRundownThread | 363 |
| KeSetAffinityThread | 117 |
| KeSetBasePriorityThread | 151 |
| KeSetEvent | 359 362 363 368 153 161 499 |
| KeSetEventBoostPriority | 363 373 156 |
| KeSetPriorityAndQuantumProcess | 151 |
| KeSetProcess | 366 153 |
| KeSetSystemAffinityThread | 117 159 |
| KeSetSystemTime | 89 |
| KeSetTargetProcessorDpc | 324 |
| KeSetTimer | 367 |
| KeSetTimerEx | 367 |
| KeSignalGateBoostPriority | 369 162 |
| KeStackAttachProcess | 47 |
| KeStartAllProcessors | 87 88 89 |
| KeStartThread | 141 149 |
| KeSuspendThread | 117 142 |
| KeSwapProcessOrStack | 162 208 282 |
| KeSwitchKernelStack | 561 609 |
| KeSynchronizeExecution | 429 457 |
| KeTerminateThread | 367 148 153 154 167 |
| KeTestAlertThread | 335 |
| KeTestForWaitersQueuedSpinLock | 353 |
| KeTestSpinLock | 350 |
| KeTryToAcquireQueuedSpinLock | 353 |
| KeTryToAcquireQueuedSpinLockAtRaisedIrql | 353 |
| KeTryToAcquireQueuedSpinLockRaiseToSynch | 353 |
| KeTryToAcquireSpinLock | 350 |
| KeTryToAcquireSpinLockAtDpcLevel | 350 |
| KeUpdateRunTime | 327 164 168 |
| KeUpdateSystemTime | 327-330 |
| KeUserApcDispatcher | 335 |
| KeUserCallbackDispatcher | 620 |
| KeUserExceptionDispather | 340 |
| KeUserModeCallback | 619 620 |
| KeWaitForGate | 369 375 162 167 |
| KeWaitForMultipleObjects | 357-359 361 364 379 114 160 161 166 167 467 |
| KeWaitForSingleObject | 357 358 364 372 114 160 161 166 167 451 467 |
| KfLowerIrql | 319 |
| KfRaiseIrql | 319 |
| KiAccquireSpinLock | 349 |
| KiAcquireFastMutex | 370 |
| KiActivateWaiterQueue | 366 369 161 467 |
| KiAdjustIrpCredits | 293 445 |
| KiAdjustQuantumThread | 159 |
| KiAttachProcess | 167 |
| KiBarrierWait | 86 87 88 |
| KiCallUserMode | 619 620 |
| KiChainedDispatch | 321 |
| KiChainedDispatch2ndLvl | 321 |
| KiCheckForKernelApcDelivery | 335 |
| KiCheckForSListAddress | 348 |
| KiClearIdleSummary | 165 |
| KiCompleteTimer | 368 |
| KiComputeNewPriority | 151 168 |
| KiComputeTimerTableIndex | 328-330 |
| KiConnectVectorAndInterruptObject | 321 |
| KiDebugRoutine | 341 |
| KiDeferredReadyThread | 369 153 157 158 164 165 168 |
| KiDeliverApc | 334 335 341 |
| KiDispatchException | 337-341 576 |
| KiDispatchInterrupt | 325 326 328 168 |
| KiEnableFastSyscallReturn | 553 |
| KiExecuteDpc | 323 324 |
| KiExitDispatcher | 344 365 169 |
| KiFastSystemCall | 551 552 554 564 |
| KiFastSystemCallRet | 552 554 |
| KiFindReadyThread | 158 159 166 |
| KiFloatingDispatch | 321 |
| KiGetVectorInfo | 321 |
| KiIdleLoop | 325 |
| KiIdleSchedule | 150 159 |
| KiInitializeContextThread | 141 144 |
| KiInitializeDpc | 324 |
| KiInitializeKernel | 86 88 149 195 |
| KiInitializeMutext | 363 |
| KiInitializeUserApc | 335 |
| KiInitProcessor | 87 |
| KiInitProcessorState | 87 |
| KiInitSpinLocks | 352 353 |
| KiInitSystem | 556 |
| KiInsertDeferredReadyList | 334 114 157 158 162 |
| KiInsertOrSignalTimer | 367 368 161 |
| KiInsertQueue | 365 156 161 |
| KiInsertQueueApc | 333 334 |
| KiInsertQueueDpc | 329 |
| KiInsertTimerTable | 328 329 |
| KiInSwapKernelStacks | 283 284 |
| KiInSwapProcesses | 108 157 283 284 |
| KiInterruptDispatch | 321 325 |
| KiInterruptDispatch2ndLvl | 321 |
| KiIntSystemCall | 551 552 554 |
| KiIsKernelStackSwappable | 162 |
| KiLoadFastSyscallMachineSpecificRegisters | 552 |
| KiOutSwapKernelStacks | 162 283 |
| KiOutSwapProcesses | 157 283 |
| KiProcessDeferredReadyList | 326 114 169 |
| KiProcessTimerDpcTable | 329 |
| KiQuantumEnd | 326 159 168 |
| KiRaiseException | 341 |
| KiReadyThread | 334 354 359 360 365 108 155-157 284 |
| KiReleaseSpinLock | 349 |
| KiRestoreFastSyscallReturnState | 553 |
| KiRetireDpcList | 325 326 328 329 168 |
| KiScanReadyQueues | 153 |
| KiSelectNextThread | 165 |
| KiSelectReadyThread | 158 159 166 168 |
| KiServiceExit | 551 |
| KiSetIdleSummary | 165 |
| KiSetPriorityThread | 159 |
| KiSignalTimer | 367 368 |
| KiSuspendThread | 117 |
| KiSwapContext | 167-169 |
| KiSwapThread | 335 358 359 369 378 161 165-167 169 |
| KiSystemService | 143 551 564 |
| KiSystemStartup | 315 316 85-88 195 |
| KiThreadStartup | 144 145 |
| KiTimerExpiration | 329 368 |
| KiUnlinkThread | 360 467 |
| KiUnwaitThread | 334 354 359 360 156 157 161 467 |
| KiUserApcDispatcher | 335 |
| KiUserExceptionDispatcher | 340 341 |
| KiWaitSatisfyAny | 364 |
| KiWaitSatisfyMutant | 364 |
| KiWaitSatisfyOther | 364 |
| KiWaitTest | 359 362 364 161 |
| KiWaitTestSynchronizationObject | 359 363 367 368 161 |
| KiWaitTestWithoutSideEffects | 359 362 366-368 161 |
| LdrInitializeThunk | 145 146 |
| LeaveCriticalSection | 303 |
| LineTo | 623 |
| LpcExitThread | 575 |
| LpcInitSystem | 89 568 |
| LpcpAcquireLpcpLock | 575 |
| LpcpAcquireLpcpLockByThread | 575 |
| LpcpAllocateFromPortZone | 574 |
| LpcpClosePort | 575 |
| LpcpCreatePort | 570 |
| LpcpDeletePort | 575 |
| LpcpDestroyPortQueue | 575 |
| LpcpFreeToPortZone | 574 |
| LpcpGenerateMessageId | 575 |
| LpcpMoveMessage | 574 |
| LpcpReleaseLpcpLock | 575 |
| LpcRequestPort | 574 |
| LpcRequestWaitReplyPort | 574 |
| LpcRequestWaitReplyPortEx | 574 576 |
| LsaLogonUser | 93 |
| LsaLookupAuthenticationPackage | 93 |
| MiAddMdlTracker | 122 |
| MiAgeWorkingSet | 289 |
| MiAllocatePagesForMdl | 280 |
| MiAllocatePoolPages | 210-216 220 222 |
| MiAllocateVad | 233 |
| MiAllowWorkingSetExpansion | 233 |
| MiAllowWorkingSetExpension | 482 |
| MiBuildPagedPool | 199 213 218 |
| MiChargeCommitment | 230 |
| MiChargeCommitmentCantExpand | 216 |
| MiCheckForUserStackOverflow | 261 |
| MiCheckPdeForPagedPool | 259 |
| MiCheckSystemPteProtection | 259 |
| MiCheckSystemTrimEndCriteria | 290 |
| MiCheckVirtualAddress | 260 551 |
| MiCloneProcessAddressSpace | 120 233 |
| MiCompleteProtoPteFault | 263 265 |
| MiComputeSystemTrimCriteria | 288 289 |
| MiCopyOnWrite | 260 261 264 |
| MiCreateBitMap | 214 |
| MiCreateDataFileMap | 242 243 247 264 |
| MiCreateImageFileMap | 242 243 246 247 264 |
| MiCreatePagingFileMap | 242-246 264 |
| MiDecrementReferenceCount | 281 |
| MiDecrementShareCount | 274 283 |
| MiDeletePte | 274 |
| MiDeleteSystemPageableVm | 216 |
| MiDeleteVirtualAddress | 240 249 273 274 |
| MiDetermineTrimAmount | 289 290 |
| MiDispatchFault | 260-263 |
| MiEnablePagingOfDriverAtInit | 208 |
| MiEnablePagingTheExecutive | 208 |
| MiFeedSysPtePool | 227 |
| MiFillWsleHash | 292 |
| MiFindEmptyAddressRange | 239 240 246 247 |
| MiFindEmptyAddressRangeDown | 246 247 |
| MiFindEmptyAddressRangeInTree | 240 |
| MiFindNodeOrParent | 238 |
| MiFreeMdlTracker | 122 |
| MiFreeNonPagedPool | 212 |
| MiFreePoolPages | 210 212 214-216 222 223 |
| MiFreeWsleList | 274 290 |
| MiGatherMappedPages | 281 282 |
| MiGatherPagefilePages | 281 282 |
| MiGetVirtualAddressMappedByPte | 202 |
| MiHighPagedPoolThreshold | 214 |
| MiInitializeCopyOnWritePfn | 265 |
| MiInitializeLoadedModuleList | 199 |
| MiInitializeMemoryEvents | 208 285 |
| MiInitializeNonPagedPool | 204 209 210 218 |
| MiInitializeNonPagedPoolThresholds | 204 209 |
| MiInitializeSessionIds | 208 |
| MiInitializeSessionWsSupport | 208 |
| MiInitializeSystemCache | 199 482 |
| MiInitializeSystemPtes | 205 226 |
| MiInitializeWorkingSetList | 232 |
| MiInitMachineDependent | 139 196 198 200 205-209 217 226 275 |
| MiInPageSingleKernelStack | 284 |
| MiInsertFrontModifiedNoWrite | 277 |
| MiInsertImageSectionObject | 246 |
| MiInsertNode | 238 239 |
| MiInsertPageInFreeList | 273 276 |
| MiInsertPageInList | 276-278 |
| MiInsertStandbyListAtFront | 276 |
| MiInsertVad | 239 248 |
| MiInsertVadCharges | 239 240 248 |
| MiInsertZeroListAtBack | 276 |
| MiLocateWsle | 292 |
| MiLowPagedPoolThreshold | 214 |
| MiMakeOutswappedPageResident | 284 |
| MiMakeProtectionMask | 264 265 |
| MiMapBBTMemory | 207 |
| MiMappedPageWriter | 282 |
| MiMapViewOfDataSection | 245-247 |
| MiMapViewOfImageSection | 245 247 |
| MiMapViewOfPhysicalSection | 245 249 |
| MiModifiedPageWriter | 274 280 |
| MiModifiedPageWriterTimerDispatch | 281 |
| MiModifiedPageWriterWorker | 280-282 |
| MiniportSend | 600 |
| MiOutPageSingleKernelStack | 283 |
| MiProcessWorkingSets | 274 287 289 290 |
| MiRearrangeWorkingSetExpansionList | 288 |
| MiReleaseSystemPtes | 226-228 |
| MiReloadBootLoadedDrivers | 198 |
| MiRemoveAnyPage | 262 264 265 273-275 278 |
| MiRemoveMappedView | 249 |
| MiRemoveNode | 238 239 |
| MiRemovePageByColor | 278 |
| MiRemovePageFromList | 276-278 |
| MiRemoveVad | 239 |
| MiRemoveWorkingSetPages | 274 290 |
| MiRemoveWsle | 290 482 |
| MiRemoveZeroPage | 262 265 274 275 278 |
| MiReserveAlignedSystemPtes | 227 |
| MiReserveSystemPtes | 226-228 |
| MiResolveDemandZeroFault | 260-262 273 |
| MiResolveMappedFileFault | 263 494 |
| MiResolvePageFileFault | 262 263 273 |
| MiResolveProtoPteFault | 262 263 |
| MiResolveTransitionFault | 262 272 |
| MiRestoreTransitionPte | 277 |
| MiReturnCommitment | 216 |
| MiReturnPageTablePageCommitment | 239 240 |
| MiSectionInitialization | 207 249 |
| MiSessionAddProcess | 230 231 |
| MiSessionWideInitializeAddresses | 208 |
| MiStartZeroPageWorkers | 208 |
| MiTrimWorkingSet | 274 289 291 |
| MiUnlinkFreeOrZeroedPage | 276 |
| MiUnlinkPageFromList | 262 264 265 272 277 |
| MiUnmapLargePages | 200 |
| MiUnmapViewOfSection | 249 |
| MiUpdateMdlTracker | 122 |
| MiUpdateSystemPdes | 232 |
| MiUpdateWsle | 482 |
| MiWriteComplete | 281 282 |
| MiWriteProtectSystemImage | 208 |
| MiZeroPhysicalPage | 278 |
| MmAccessFault | 257 259 261 263 |
| MmAllocatePagesForMdl | 279 |
| MmAllocatePagesForMdlEx | 279 280 |
| MmAllocateSpecialPool | 223 |
| MmCheckCachedPageState | 495 |
| MmCopyToCachedPage | 486 |
| MmCreateKernelStack | 609 |
| MmCreateProcessAddressSpace | 229 231 239 287 |
| MmCreateSection | 241 242 244 246 247 264 483 |
| MmEnableModifiedWriteOfSection | 277 491 |
| MmExtendSection | 483 |
| MmFlushSection | 486 493 497 |
| MmFreePagesByColor | 275 |
| MmFreePagesFromMdl | 279 280 |
| MmGetSystemAddressForMdlSafe | 454 |
| MmInitializeHandBuiltProcess2 | 232 |
| MmInitializeMemoryLimits | 198 |
| MmInitializeProcessAddressSpace | 138 229 231 233 234 236 |
| MmInitSystem | 86 89 90 139 196-200 206 207 213 248 276 280 285 |
| MmInPageKernelStack | 284 |
| MmIsMemoryAvailable | 288 |
| MmLoadSystemImage | 396 607 |
| MmMapViewInSystemCache | 485 |
| MmMapViewOfSection | 233 245-247 249 |
| MmOutPageKernelStack | 162 283 |
| MmOutSwapProcess | 283 284 |
| MmPageEntireDriver | 607 |
| MmProbeAndLockPages | 454 492 493 |
| MmResetPageFaultReadAhead | 494 |
| MmSavePageFaultReadAhead | 494 |
| MmSetAddressRangeModified | 486 491 |
| MmSetPageFaultReadAhead | 493 494 |
| MmUnloadSystemImage | 408 |
| MmUnlockPages | 454 458 492 493 493 |
| MmUnmapViewInSystemCache | 485 491 |
| MmWorkingSetManager | 274 288 293 |
| MmZeroPageThread | 86 273 275 |
| Module32First | 295 |
| Module32Next | 295 |
| MsFsdCreateMailslot | 587 |
| NdisAllocatePacket | 600 |
| NdisMIndicateReceivePacket | 600 |
| NdisMRegisterMiniport | 601 |
| NdisSend | 600 |
| NtAcceptConnectPort | 572 573 |
| NtAcceptPort | 567 |
| NtAllocateVirtualMemory | 240 249 |
| NtCallbackReturn | 620 |
| NtClose | 447 448 |
| NtCompleteConnectPort | 567 572 573 |
| NtConnectPort | 567 571 |
| NtCreateDirectoryObject | 58 |
| NtCreateFile | 404 406 447 455 510 517 545 551 552 554 555 563 583 587 594 595 |
| NtCreateIoCompletion | 465-467 |
| NtCreateKey | 68 72 |
| NtCreateMailslotFile | 406 585 586 588 594 |
| NtCreateNamedPipe | 583 |
| NtCreateNamedPipeFile | 406 578 581 586 594 |
| NtCreatePagingFile | 24 |
| NtCreatePort | 567 569 570 |
| NtCreateProcess | 21 136 143 |
| NtCreateProcessEx | 136 143 137 |
| NtCreateSection | 264 |
| NtCreateThread | 139 |
| NtCreateWaitablePort | 567 569 570 |
| NtDeleteKey | 72 |
| NtDeleteValueKey | 72 |
| NtDeviceIoControlFile | 31 447 449-455 525 594 595 |
| NtEnumerateKey | 72 |
| NtFlushBuffersFile | 451 |
| NtFlushKey | 72 |
| NtFreeVirtualMemory | 240 274 |
| NtFsControlFile | 450 451 |
| NtGdiBitBlt | 606 |
| NtGdiLineTo | 623 |
| NtInitializeRegistry | 68 72 91 |
| NtLinstenPort | 567 570 |
| NtLoadDriver | 396 397 |
| NtLoadKey | 69 72 |
| NtLockFile | 451 |
| NtMapViewOfSection | 245 |
| NtNotifyChangeDirectoryFile | 451 |
| NtNotifyChangeKey | 72 |
| NtNotifyChangeMultipleKeys | 72 |
| NtOpenFile | 21 |
| NtOpenKey | 70-72 |
| NtPowerInformation | 418 |
| NtPulseEvent | 153 |
| NtQueryDirectoryFile | 451 |
| NtQueryEaFile | 451 |
| NtQueryInformationProcess | 124 |
| NtQueryKey | 72 |
| NtQueryQuotaInformationFile | 451 |
| NtQueryValueKey | 70 72 |
| NtQueryVolumeInformationFile | 451 |
| NtQueueApcThread | 336 |
| NtRaiseException | 341 |
| NtReadFile | 31 124 407 449 451-453 455 457 459 484 511 583 595 606 |
| NtReadFileScatter | 451 |
| NtReleaseKeyedEvent | 153 |
| NtReleaseMutant | 153 |
| NtReleaseSemaphore | 153 |
| NtRemoveIoCompletion | 466 467 |
| NtReplaceKey | 72 |
| NtReplyPort | 567 574 |
| NtReplyWaitReceivePort | 567 570 574 |
| NtReplyWaitReceivePortEx | 567 571 574 |
| NtReplyWaitReplyPort | 567 574 |
| NtRequestPort | 567 574 |
| NtRequestWaitReplyPort | 567 574 |
| NtRestoreKey | 72 |
| NtResumeThread | 140 |
| NtSaveKey | 72 |
| NtSecureConnectPort | 567 571 572 |
| NtSetCompletion | 468 |
| NtSetEaFile | 451 |
| NtSetEvent | 153 |
| NtSetEventBoostPriority | 153 |
| NtSetInformationFile | 466 467 |
| NtSetInformationProcess | 152 |
| NtSetIoCompletion | 467 |
| NtSetQuotaInformationFile | 451 |
| NtSetSystemInformation | 607 |
| NtSetTimer | 21 |
| NtSetValueKey | 72 |
| NtSetVolumeInformationFile | 451 |
| NtSignalAndWaitForSingleObject | 153 |
| NtSuspendThread | 379 |
| NtTerminateProcess | 148 |
| NtTerminateThread | 146 |
| NtUnlockFile | 451 |
| NtUnmapViewOfSection | 249 |
| NtUserCreateDesktop | 611 |
| NtUserCreateWindowEx | 615 |
| NtUserCreateWindowStation | 611 |
| NtUserDispatchMessage | 618 |
| NtUserGetMessage | 563 618 |
| NtUserPostMessage | 606 618 |
| NtUserPostThreadMessage | 618 |
| NtVdmControl | 121 |
| NtWaitForKeyedEvent | 153 |
| NtWriteFile | 31 124 407 449 451 452 455 459 484 511 583 594 595 606 |
| NtWriteFileGather | 451 |
| NtYieldExecution | 159 |
| ObCheckObjectAccess | 77 78 |
| ObCreateObject | 56-58 138 141 242 397 400 406 407 569-571 582 |
| ObCreateObjectType | 55 |
| ObDereferenceObject | 61 134 408 |
| ObfDereferenceObject | 448 |
| ObGetObjectSecurity | 77 |
| ObInitSystem | 86 89 407 |
| ObInsertObject | 59 134 142 397 400 569 |
| ObOpenObjectByName | 59 69-71 406 447 455 510 581 586 |
| ObpAllocateObject | 58 60 |
| ObpAuditObjectAccess | 134 |
| ObpCloseHandle | 134 448 |
| ObpCloseHandleTableEntry | 134 448 |
| ObpCreateHandle | 134 |
| ObpDecrementHandleCount | 61 134 448 |
| ObpDeleteDirectoryEntry | 59 |
| ObpFreeObject | 58 |
| ObpIncrementHandleCount | 61 |
| ObpInsertDirectoryEntry | 59 |
| ObpLookupDirectoryEntry | 59 60 406 407 510 |
| ObpLookupObjectName | 59 60 70 71 129 406 407 510 581 582 586 587 |
| ObpParseSymbolicLink | 582 |
| ObpRemoveObjectRoutine | 448 |
| ObReferenceObjectByHandle | 60 71 78 133 134 137 138 450 |
| ObReferenceObjectByName | 59 608 |
| ObReferenceObjectByPointer | 61 134 |
| OpbLookObjectName | 455 |
| OpenSCManager | 438 |
| OpenService | 438 |
| PeekMessage | 618 |
| Phase1Initialization | 86 |
| Phase1InitializationDiscard | 323 67 86-88 149 196 393 418 479 |
| PipCallDriverAddDevice | 435 436 |
| PoCallDriver | 421 |
| PoInitDriverServices | 393 394 |
| PoInitSystem | 88 90 418 |
| PoRequestPowerIrp | 421 422 |
| PoSetPowerState | 420 |
| PostMessage | 606 |
| PostQueuedCompletionStatus | 468 |
| PpInitSystem | 86 89 |
| PpLastGoodDoBootProcessing | 393 |
| ProbeForRead | 454 |
| ProBeForWrite | 454 |
| ProbeForWrite | 21 |
| PsChangeQuantumTable | 164 |
| PsConvertToGuiThread | 561 609 |
| PsCreateSystemProcess | 137 |
| PsCreateSystemThread | 36 140 149 |
| PsEsablishWin32Callouts | 607 608 |
| PsExitSpecialApc | 147 |
| PsGetCurrentProcess | 333 135 |
| PsGetCurrentThread | 135 |
| PsInitSystem | 86 90 148 149 |
| PsLocateSystemDll | 393 |
| PsLookupProcessByProcessId | 135 |
| PsLookupProcessThreadByCid | 135 |
| PsLookupThreadByThreadId | 135 |
| PsMapSystemDll | 233 |
| PspChargeQuota | 119 |
| PspComputeQuantumAndPriority | 139 152 164 |
| PspCreateProcess | 47 58 134 137 139 142 143 164 229 231 232 576 |
| PspCreateThread | 47 58 140 141 144 145 157 |
| PspExitApcRundown | 147 |
| PspExitNormalApc | 147 |
| PspExitThread | 147 148 366 367 460 575 575 |
| PspInitializeProcessSecurity | 138 |
| PspInitializeSystemDll | 149 |
| PspInitPhase0 | 86 137 149 164 |
| PspInitPhase1 | 149 |
| PspLockThreadSecurityExclusive | 128 |
| PspLockThreadSecurityShared | 128 |
| PspLookupKernelUserEntryPoints | 149 552 |
| PspQueueApcSpecialApc | 336 |
| PspTerminateThreadByPointer | 146-148 |
| PspUserThreadStartup | 145 |
| PspW32ProcessCallout | 609 |
| PspW32ThreadCallout | 609 |
| PsSetProcessWin32Process | 609 |
| PsSetThreadWin32Thread | 609 |
| PsTerminateProcess | 148 |
| PsTerminateSystemThread | 146 |
| PsWatchWorkingSet | 121 |
| PtInRect | 606 |
| RaiseException | 341 |
| RawCreate | 520 |
| RawFileSystemControl | 520 |
| RawInitialize | 519 520 |
| RawMountVolume | 508 509 520 |
| RawReadWriteDeivceControl | 520 |
| ReadFile | 404 580 606 |
| ReadFileEx | 335 404 459 580 |
| RtlCreateUserProcess | 90 |
| RtlDispatchException | 340 341 |
| RtlFindClearBitsAndSet | 214 215 |
| SeAccessCheck | 78 |
| SeCreateAccessStateEx | 142 |
| SeInitSystem | 86 |
| SeMakeAnonymousLogonToken | 81 |
| SeMakeAnonymousLogonTokenNoEveryone | 81 |
| SeMakeSystemToken | 81 |
| SepAccessCheck | 78 |
| SepMaximumAccessCheck | 78 |
| SepNormalAccessCheck | 78 |
| SepPrivilegeCheck | 79 |
| SePrivilegeCheck | 79 |
| SepVariableInitialization | 80 |
| SeRmInitPhase1 | 90 |
| SeSinglePrivilegeCheck | 81 |
| SetMailslotInfo | 586 |
| SetNamedPipeHandleState | 581 |
| SetProcessWindowStation | 611 |
| SetThreadDesktop | 611 |
| SetWindowHookEx | 618 |
| SmpLoadDataFromRegistry | 92 |
| StartService | 438 |
| SwapContext | 74 169 170 326 547 |
| Thread32First | 295 |
| Thread32Next | 295 |
| TransactNamedPipe | 581 |
| TranslateMessage | 616 |
| UnhookWindowsHookEx | 618 |
| VideoPortGetProcAddress | 625 |
| VideoPortInitialize | 625 |
| VideoPortMapMemory | 624 |
| VirtualAlloc | 45 235 240 |
| VirtualAllocEx | 45 235 240 |
| VirtualFree | 45 235 240 |
| VirtualFreeEx | 45 235 240 |
| VirtualLock | 235 |
| VirtualUnlock | 235 |
| VirutalLock | 491 |
| WaitNamedPipe | 580 |
| Win32UserInitialize | 607 |
| WMIInitialize | 393 394 |
| WmipAllocateTraceBufferPool | 74 |
| WmipStartLogger | 74 |
| WmiTraceContextSwap | 74 |
| WriteFile | 404 580 606 |
| WriteFileEx | 335 404 459 580 |
| XxAcquireFastMutex | 370 |
| XxReleaseFastMutex | 370 |
| ZwAcceptConnectPort | 576 |
| ZwCompletePort | 576 |
| ZwConnectPort | 577 |
| ZwOpenKey | 70 |
| ZwQueryValueKey | 70 72 |
| ZwWaitForSingleObject | 90 |
结构
| 结构名称 | 页数 |
| _BCB | 487 |
| _DEVICE_CAPABILITIES | 418 |
| _DEVICE_OBJECT | 401 |
| _DEVOBJ_EXTENSION | 402 |
| _DISPATCH_HEADER | 355 |
| _DRIVER_EXTENSION | 401 |
| _DRIVER_OBJECT | 400 |
| _EPROCESS | 118 |
| _ERESOURCE | 370 |
| _ETHREAD | 125 |
| _EX_PUSH_LOCK | 373 |
| _EXCEPTION_RECORD | 337 |
| _FAST_IO_DISPATCH | 452 |
| _FILE_OBJECT | 405 |
| _FLT_OPERATION_REGISTRATION | 528 |
| _FLT_REGISTRATION | 528 |
| _HANDLE_TABLE | 130 |
| _HANDLE_TABLE_ENTRY | 132 |
| _IO_STACK_LOCATION | 442 |
| _IRP | 440 |
| _KAPC | 331 |
| _KAPC_STATE | 332 |
| _KDPC | 324 |
| _KINTERRUPT | 320 |
| _KMUTANT | 363 |
| _KPRCB | 158 |
| _KPROCESS | 107 |
| _KQUEUE | 364 |
| _KSERVICE_TABLE_DESCRIPTOR | 555 |
| _KTHREAD | 110 |
| _KTIMER | 328 |
| _KTIMER_TABLE_ENTRY | 328 |
| _KTRAP_FRAME | 339 |
| _KWAIT_BLOCK | 355 |
| _LOADER_PARAMTER_BLOCK | 84 |
| _LPCP_MESSAGE | 569 |
| _LPCP_PORT_OBJECT | 567 |
| _LUID_AND_ATTRIBUTES | 79 |
| _MDL | 279 |
| _MM_AVL_TABLE | 236 |
| _MM_PAGED_POOL_INFO | 213 |
| _MMADDRESS_NODE | 236 |
| _MMCOLOR_TABLES | 275 |
| _MMFREE_POOL_ENTRY | 210 |
| _MMLISTS | 270 |
| _MMPFN | 266 |
| _MMPFNENTRY | 269 |
| _MMPFNLIST | 270 |
| _MMPTE | 256 |
| _MMPTE_HARDWARE | 252 |
| _MMPTE_LIST | 224 |
| _MMPTE_PROTOTYPE | 256 |
| _MMPTE_SOFTWARE | 254 |
| _MMPTE_TRANSITION | 254 |
| _MMSUPPORT | 287 |
| _MMVAD | 236 |
| _MMWSL | 286 |
| _MMWSLE | 287 |
| _MMWSLE_HASH | 291 |
| _MMWSLENTRY | 286 |
| _OBJECT_HEADER | 54 |
| _OBJECT_TYPE | 54 |
| _OBJECT_TYPE_INITIALIZER | 55 |
| _PERFINFO_GROUPMASK | 73 |
| _PERFINFO_TRACE_HEADER | 630 |
| _POOL_DESCRIPTOR | 216 |
| _POOL_HEADER | 219 |
| _SECTION | 241 |
| _SINGLE_LIST_ENTRY | 346 |
| _SLIST_HEADER | 346 |
| _VACB | 479 |
| _VPB | 509 |
| _WIN32_CALLOUTS_FPNS | 608 |
| MSG | 616 |
全局变量
| 变量名称 | 页数 |
| _IDT | 316 |
| _KeTickCount | 327 328 |
| CcDeferredWrites | 496 498 |
| CcDirtyPageTarget | 497 |
| CcDirtyPageThreshold | 498 |
| CcExpressWorkQueue | 494 495 497 |
| CcIdleWorkerThreadList | 495 |
| CcRegularWorkQueue | 495 497 |
| CcTotalDirtyPages | 497 498 |
| CcTwilightLookasideList | 494 |
| CcVacbFreeList | 479 491 |
| CcVacbLru | 479 |
| CcVacbs | 479 |
| CmKeyObjectType | 55 67 70 |
| DbgkDebugObjectType | 55 |
| ExCallbackObjectType | 55 |
| ExCriticalWorkerThreads | 495 |
| ExDesktopObjectType | 55 |
| ExEventObjectType | 55 |
| ExEventPairObjectType | 55 |
| ExMutantObjectType | 55 |
| ExpKeyedEventObjectTpye | 55 |
| ExpNonPagedPoolDescriptor | 217 |
| ExpNumberOfNonPagedPools | 217 |
| ExpNumberOfPagedPools | 217 |
| ExpPagedPoolDescriptor | 217 218 |
| ExpPoolFlags | 223 |
| ExProfileObjectType | 55 |
| ExpSystemResourcesList | 371 |
| ExSemaphoreObjectType | 55 |
| ExTimerObjectType | 55 |
| ExWindowStationObjectType | 55 |
| InitializationPhase | 85 |
| IoAdapterObject | 55 |
| IoCompletionObjectType | 55 465 |
| IoControllerObjectType | 55 |
| IoDeviceHandlerObjectType | 55 |
| IoDeviceObjectType | 55 |
| IoFileObjectType | 55 |
| IopCdRomFileSystemQueueHead | 507 |
| IopDiskFileSystemQueueHead | 507 |
| IopNetworkFileSystemQueueHead | 507 |
| IopTapeFileSystemQueueHead | 507 |
| IRQL | 317 |
| KeActiveProcessors | 137 |
| KeServiceDescriptorTable | 116 555 561 562 564 589 |
| KeServiceDescriptorTableShadow | 116 561 562 564 589 607 609 |
| KiIdleSummary | 165 |
| KiProcessInSwapListHead | 284 |
| KiProcessorBlock | 165 |
| KiProcessOutSwapListHead | 109 283 |
| KiProfileListHead | 108 |
| KiStackInSwapListHead | 114 |
| KiTimerTableListHead | 328 329 |
| LargeSystemCache | 477 |
| LdrInitializeThunk | 145 |
| LpcPortObjectType | 55 |
| LpcWaitablePortObjectType | 55 |
| MaximumSystemCacheSize | 199 |
| MiEndOfInitialPoolFrame | 210 |
| MiFullyInitialized | 208 |
| MiInitializeSystemCache | 478 |
| MiLowPagedPoolEvent | 215 |
| MiLowPagedPoolThreshold | 215 |
| MiMaximumSystemCacheSizeExtra | 206 207 |
| MiMaximumWorkingSet | 291 |
| MinimumWorkingSetSize | 230 |
| MiNonPagedPoolSListHead | 212 |
| MiNonPagedPoolSListMaximum | 212 |
| MiSessionImageEnd | 198 207 |
| MiSessionImageStart | 198 |
| MiSessionPoolEnd | 198 |
| MiSessionPoolStart | 198 207 213 |
| MiSessionSpaceWs | 198 207 |
| MiSessionViewStart | 198 |
| MiStartOfInitialPoolFrame | 210 |
| MiSystemCacheEndExtra | 477 |
| MiSystemCacheStartExtra | 206 207 477 |
| MiSystemPteNBHead | 225 226 228 |
| MiSystemPteSListHead | 226 |
| MiSystemViewStart | 198 207 206 476 |
| MiUseMaximumSystemSpace | 204 |
| MiUseMaximumSystemSpaceEnd | 204 |
| MmAllocationFragment | 248 |
| MmAvailablePages | 285 |
| MmCodeClusterSize | 199 |
| MmDataClusterSize | 199 |
| MmDisablePagingExecutive | 214 |
| MmFirstFreeSystemCache | 478 |
| MmFirstFreeSystemPte | 226-228 |
| MmFreedExpansionPoolMaximum | 199 |
| MmFreePageListHead | 276 278 |
| MmHighestPhysicalPage | 200 |
| MmHighestUserAddress | 196 207 |
| MmHighMemoryThreshold | 285 |
| MmHyperSpaceEnd | 207 |
| MmInPageSupportMinimum | 199 |
| MmLargeSystemCache | 476 |
| MmLowestPhysicalPage | 200 |
| MmLowMemoryThreshold | 285 |
| MmMaximumDeadKernelStacks | 199 |
| MmMaximumNonPagedPoolInBytes | 200 201 |
| MmMaximumWorkingSetSize | 199 287 |
| MmModifiedNoWirtePageListHead | 491 |
| MmModifiedPageListHead | 277 281 |
| MmModifiedPageMaximum | 199 280 |
| MmModifiedWriteClusterSize | 281 |
| MmNonPagedPoolEnd | 201 202 207 210 |
| MmNonPagedPoolEnd0 | 207 210 476 |
| MmNonPagedPoolExpansionStart | 206 207 224 210 |
| MmNonPagedPoolFreeListHead | 210 211 |
| MmNonPagedPoolStart | 201 206 207 210 476 |
| MmNonPagedSystemStart | 201 202 205 206 213 224 |
| MmNumberOfPhysicalPages | 200 207 |
| MmNumberOfSystemPtes | 197 |
| MmPagedPoolEnd | 207 213 |
| MmPagedPoolInfo | 213 214 |
| MmPagedPoolPage | 482 |
| MmPagedPoolStart | 197 206 207 213 476 |
| MmPfnDatabase | 206 207 |
| MmPlentyFreePages | 288 |
| MmProcessCommit | 230 |
| MmProcessList | 124 230 |
| MmReadClusterSize | 199 |
| MmResidentAvailablePages | 199 |
| MmSecondaryColorMask | 200 |
| MmSecondaryColors | 200 |
| MmSectionObjectType | 55 |
| MmSessionBase | 198 206 207 |
| MmSessionImageSize | 198 207 |
| MmSessionSpace | 213 214 231 |
| MmSessionViewSize | 198 |
| MmSharedUserDataPte | 207 551 |
| MmSizeOfNonPagedPoolInBytes | 200 201 210 |
| MmSizeOfPagedPoolInBytes | 197 213 |
| MmSizeOfSystemCacheInPages | 199 477 |
| MmStandbyPageListByPriority | 276 277 |
| MmStandbyPageListHead | 276 277 |
| MmSysPteIndex | 225 |
| MmSysPteListBySizeCount | 226 227 |
| MmSysPteMinimumFree | 226 227 |
| MmSysPteTables | 225 |
| MmSystemCacheEnd | 199 476 |
| MmSystemCachePage | 482 |
| MmSystemCacheStart | 197 206 207 476 |
| MmSystemCacheWorkingSetList | 199 206 207 476 482 |
| MmSystemCacheWs | 481 |
| MmSystemCacheWsMinimum | 199 |
| MmSystemCodePage | 482 |
| MmSystemDriverPage | 482 |
| MmSystemPagePtes | 234 |
| MmSystemPteBase | 207 |
| MmSystemPtesEnd | 226 |
| MmSystemPtesStart | 226 |
| MmSystemRangeStart | 196 207 |
| MmSystemViewSize | 198 |
| MmTotalCommitLimit | 199 |
| MmTotalCommitLimitMaximum | 199 |
| MmTotalFreeSystemPtes | 226 |
| MmUserProbeAddress | 196 207 |
| MmWorkingSetExpansionHead | 288-290 482 |
| MmWorkingSetList | 207 234 286 |
| MmZeroedPageListHead | 276 278 |
| MxPfnAllocation | 200 |
| NonPagedPoolDescriptor | 217 218 |
| ObpDeviceMapObjectType | 55 |
| ObpDirectoryObjectType | 55 58 |
| ObpKernelHandleTable | 133 |
| ObpRootDirectoryObject | 58 407 |
| ObpTypeObjectType | 55 |
| PerfGlobalGroupMask | 74 |
| pIoAllocateIrp | 445 |
| PoolVector | 217 219 |
| PopCapabilities | 418 |
| PopPolicy | 418 |
| PsActiveProcessHead | 119 139 |
| PsInitialSystemProcess | 137-139 |
| PsJobType | 55 |
| PsLoadedModuleList | 395 |
| PsMaximumWorkingSet | 137 |
| PspCidTable | 134 |
| PspForegroundQuantum | 164 |
| PspInitialSystemProcessHandle | 137 |
| PspPriorityTable | 152 |
| PsProcessType | 55 138 |
| PspSystemDll | 145 |
| PsThreadType | 55 |
| PsWatchEnabled | 121 |
| SeTokenObjectType | 55 |
| SystemTraceControlGuid | 73 |
| WmipGuidObjectType | 55 |
| SepRmState | 576 |
