Ki 和 Ke 前缀的意义是什么
What is the significance of the Ki and Ke prefixes
我在 Windows 中遇到过这些内核模式函数,想知道它们的前缀代表什么?谢谢
主要前缀的描述显示在下面的 table 中(摘自 Windows Internals 书和 http://bsodtutorials.blogspot.com/2013/10/windows-api-function-prefixes.html)。这些前缀的变体用于内部函数 - 前缀的第一个字母加上 i(例如 Ki = "Kernel Internal")或完整前缀后跟 p(例如Psp = "内部流程支持").
Prefix
Component
Alpc
Advanced Local Inter-Process Communication
Cc
Common Cache
Cm
Configuration Manager
Dbg
Kernel debug support
Dbgk
Debugging Framework for User-Mode
Em
Errata Manager
Etw
Event Tracing for Windows
Ex
Executive support routines
FsRtl
File System driver Run-Time Library
Hal
Hardware Abstraction Layer
Hv
Hive Library
Hvl
Hypervisor Library
Io
I/O Manager
Kd
Kernel Debugger
Ke
Kernel
Kse
Kernel Shim Engine
Lsa
Local Security Authority
Mm
Memory Manager
Nt
NT System Services (accessible from user mode through system calls)
Ob
Object Manager
Pf
Prefetcher
Po
Power Manager
PoFx
Power Framework
Pp
PnP Manager
Ppm
Processor Power Manager
Ps
Process Support
Rtl
Run-time Library
Se
Security Reference Monitor
Sm
Store Manager
Tm
Transaction Manager
Ttm
Terminal Timeout Manager
Vf
Verifier (Driver Verifier)
Whea
Windows Hardware Error Architecture
Wmi
Windows Management Instrumentation
Wdi
Windows Diagnostic Infrastructure
Zw
Similar to NT, but sets access mode to Kernel, which in turn eliminates any parameter validation.
我在 Windows 中遇到过这些内核模式函数,想知道它们的前缀代表什么?谢谢
主要前缀的描述显示在下面的 table 中(摘自 Windows Internals 书和 http://bsodtutorials.blogspot.com/2013/10/windows-api-function-prefixes.html)。这些前缀的变体用于内部函数 - 前缀的第一个字母加上 i(例如 Ki = "Kernel Internal")或完整前缀后跟 p(例如Psp = "内部流程支持").
| Prefix | Component |
|---|---|
| Alpc | Advanced Local Inter-Process Communication |
| Cc | Common Cache |
| Cm | Configuration Manager |
| Dbg | Kernel debug support |
| Dbgk | Debugging Framework for User-Mode |
| Em | Errata Manager |
| Etw | Event Tracing for Windows |
| Ex | Executive support routines |
| FsRtl | File System driver Run-Time Library |
| Hal | Hardware Abstraction Layer |
| Hv | Hive Library |
| Hvl | Hypervisor Library |
| Io | I/O Manager |
| Kd | Kernel Debugger |
| Ke | Kernel |
| Kse | Kernel Shim Engine |
| Lsa | Local Security Authority |
| Mm | Memory Manager |
| Nt | NT System Services (accessible from user mode through system calls) |
| Ob | Object Manager |
| Pf | Prefetcher |
| Po | Power Manager |
| PoFx | Power Framework |
| Pp | PnP Manager |
| Ppm | Processor Power Manager |
| Ps | Process Support |
| Rtl | Run-time Library |
| Se | Security Reference Monitor |
| Sm | Store Manager |
| Tm | Transaction Manager |
| Ttm | Terminal Timeout Manager |
| Vf | Verifier (Driver Verifier) |
| Whea | Windows Hardware Error Architecture |
| Wmi | Windows Management Instrumentation |
| Wdi | Windows Diagnostic Infrastructure |
| Zw | Similar to NT, but sets access mode to Kernel, which in turn eliminates any parameter validation. |