 |
John Carrona Windows Expert - Consumer |
| Most Popular Pages: BSOD Index Driver Reference Hard Drive Diagnostics Memory Diagnostics |
Quick
Links to the different sections: Family BSOD Registry Diagnostics Boot Memory Windows Misc |
|
John Carrona Windows Expert - Consumer |
| Most Popular Pages: BSOD Index Driver Reference Hard Drive Diagnostics Memory Diagnostics |
Quick
Links to the different sections: Family BSOD Registry Diagnostics Boot Memory Windows Misc |
Extracted
from Windows Internals v5, pg 73 & 74
This is the most commonly used one's. There is more
discussion in the article "Inside the Native API" from Sysinternals.
This is for the stuff after the ! in the stack trace.
Variations:
- The first letter of the prefix followed by an "i" (for internal)
indicates an internal kernel function.
- The full prefix followed by a "p" (for private) indicates an internal
process support function
Alpc -
Advanced Local Inter-Process Communication
Cc -
Common Cache
Cm -
Configuration manager
Dbgk -
Debugging Framework for User-Mode
Em -
Errata Manager
Etx - Event
Tracing for Windows
Ex -
Executive Support Routines
FsRtl - File
System Driver Run-Time Library
Hal -
Hardware Abstraction Layer
Hvl -
Hypervisor Library
Io - I/O
Manager
Kd -
Kernel Debugger
Ke - Kernel
Lsa - Local
Security Authority
Mm -
Memory Manager
Nt - NT
System Services
Ob -
Object Manager
Pf -
Prefetcher
Po - Power
Manager
Pp - PnP
Manager
Ps -
Process Support
Rtl -
Run-Time Library
Se -
Security
Tm -
Transaction Manager
Vf -
Verifier
Whea -
Windows Hardware Error Architecture
Wmi -
WIndows Management Instrumentation
Wdi -
Windows Diagnostic Infrastructure
Zw -
Mirror entry point for system services