【发布时间】:2021-05-29 05:10:21
【问题描述】:
我在 Windows 中遇到过这些内核模式函数,想知道它们的前缀代表什么?谢谢
【问题讨论】:
【发布时间】:2021-05-29 05:10:21
【问题描述】:
主要前缀的描述如下表所示(取自 Windows Internals 书籍和http://bsodtutorials.blogspot.com/2013/10/windows-api-function-prefixes.html)。这些前缀的变体用于内部函数——前缀的第一个字母加上i(例如Ki = "Kernel Internal")或完整的前缀后跟p(例如Psp = "Process支持内部”)。
| Prefix | Component |
|---|---|
| Alpc | Advanced Local Inter-Process Communication |
| Cc | Common Cache |
| Cm | Configuration Manager |
| Dbg | Kernel debug support |
| Dbgk | Debugging Framework for User-Mode |
| Em | Errata Manager |
| Etw | Event Tracing for Windows |
| Ex | Executive support routines |
| FsRtl | File System driver Run-Time Library |
| Hal | Hardware Abstraction Layer |
| Hv | Hive Library |
| Hvl | Hypervisor Library |
| Io | I/O Manager |
| Kd | Kernel Debugger |
| Ke | Kernel |
| Kse | Kernel Shim Engine |
| Lsa | Local Security Authority |
| Mm | Memory Manager |
| Nt | NT System Services (accessible from user mode through system calls) |
| Ob | Object Manager |
| Pf | Prefetcher |
| Po | Power Manager |
| PoFx | Power Framework |
| Pp | PnP Manager |
| Ppm | Processor Power Manager |
| Ps | Process Support |
| Rtl | Run-time Library |
| Se | Security Reference Monitor |
| Sm | Store Manager |
| Tm | Transaction Manager |
| Ttm | Terminal Timeout Manager |
| Vf | Verifier (Driver Verifier) |
| Whea | Windows Hardware Error Architecture |
| Wmi | Windows Management Instrumentation |
| Wdi | Windows Diagnostic Infrastructure |
| Zw | Similar to NT, but sets access mode to Kernel, which in turn eliminates any parameter validation. |
【讨论】: