windows内核函数、结构和全局变量

最近学习《Windows内核原理与实现》发现其博大精深，粗略过了一遍，很多东西比较茫然，看书之余把书中涉及的函数，结构，全局变量的所在页数总结出来，便于以后查阅。

由于半自动半手工，难免有写错的地方，如有发现还请留言通知，谢谢。

函数

函数名称所在页数_KeSystemStartup149_KiExceptionExit341_KiFastCallEntry552 554_KiServiceExit553_KiShutUpAssembler321_KiSystemCallExitBranch553_KiSystemService546 552_KiSystemServiceRepeat552 553 555 556 561_KiSystemStartup547_KiTrap??337_KiTrap0E315 348 257AllocateAdapterControl429BaseProcessStart143 145BitBlt606CallNamedPipe581CallNextHookEx620CancelIo648CancelIoEx648CancelSynchronousIo648CcAllocateInitializeBcb490CcAllocateWorkQueueEntry494CcCanIWrite498 499CcCopyRead484-486 494 494CcCopyWrite484 486 498 499CcCreateVacbArray481 483CcDeallocateBcb490CcDeferWrite498CcExtendVacbArray481 483CcFastCopyRead484 486 494 494CcFastCopyWrite484 486 499CcFindBcb489CcFlushCache497 511CcFreeVirtualAddress490-493 495CcGetBcbListHead489CcGetBcbListHeadLargeOffset489CcGetVacbMiss485CcGetVirtualAddress485 486 490-493 495CcInitializeCacheManager89 479 483 495 497CcInitializeCacheMap483CcInitializeVacbs479CcLazyWriteScan496-498CcMapAndCopy486CcMapAndRead490 493CcMapData487 491 492 515CcMapDataCommon491 492CcMapDataForOverwrite491 492CcMdlRead492 494 494CcMdlReadComplete492CcMdlReadComplete2492CcMdlWriteAbort493CcMdlWriteComplete493CcMdlWriteComplete2493 496CcMidRead492CcPerformReadAhead495CcPfInitializePrefetcher89CcPinFileData490-492CcPinMappedData487 492 492CcPinRead487 491 492 515CcPostDeferredWrites497-499 499CcPostWorkQueue494-497CcPrepareMdlWrite493CcPreparePinWrite487 491 492 515CcReadAhead495CcRegularWorkQueue496CcScanDpc496CcScheduleLazyWriteScan496 497 497CcScheduleReadAhead494 495 495CcSetDirtyInMask486 493 496CcSetDirtyPinnedData487 492CcUninitializeCacheMap491CcUnmapVacb491CcUnmapVacbArray491CcUnpinData487 492CcUnpinFileData490CcUnpinFileDataEx490-492CcWorkerThread495-497CcWriteBehind497CloaseHandle405CloseHandle447 580 581CloseServiceHandle439CmGetSystemDriverList395CmInitSystem167 89CmKeyObjectType67CmLoadKey69CmpBuildHashStackAndLookupCache71CmpCmdHiveOpen69CmpCmdInit68CmpCreateControlSet68CmpCreateKeyControlBlock70 71CmpCreateObjectTypes67 69CmpCreateRegistryRoot67 71CmpDoOpen71CmpFindValueByNameFromCache71CmpGetValueKeyFromCache71CmpGetValueListFromCache71CmpInitHiveFromFile69CmpInitializeHardwareConfiguration68CmpInitializeHive68CmpInitializeHiveList68 91CmpInitializeSystemHive68CmpInsertKeyHash70CmpLinkHiveToMaster68 69CmpLoadHiveThread69CmpMasterHive67CmpOpenHiveFile69CmpParseKey67 71CmpRemoveKeyHash70CmpSecurityMethod77CmpSetNetWorkValue68CmpSetSystemValues68CmQueryValueKey71CommonDispatchException337 341 257CommonDispatchException2Args257ConnectNamedPipe580ControlService439CreateDesktopEx613CreateFile404 438 484 499 551 579-581CreateFileW551CreateHardLink649CreateIoCompletionProt465 466CreateMailslot586CreateNamedPipe578 580 581CreateProcess143 606 611CreateProcessW143CreateService438CreateSymbolicLink649CreateSystemRootLink407CreateThread606CreateToolhelp32napshot295CreateWindow615CreateWindowEx615DbgForwardException341 576DbgkInitialize86DbgkpSendApiMessageLpc576DdCreateSurface626DdGetDriverInfo626 627DeleteService439DeviceIoControl431 438 447 449 525DisconnectNamedPipe580DispatchMessage616 618DispatchMessageA616DispatchMessageW616DrvBitBlt622DrvCopyBits623DrvEnableDirectDraw626DrvEnableDriver622DrvEnablePDEV622DrvEnableSurface622DrvGetDirectDrawInfo626DrvLineTo623DrvStrokePath623DrvTextOut623DwmEnableBlurBehindWindow627DwmEnableComposition627DwmExtendFrameIntoClientArea627DwmRegisterThumbnail628DwmUnregisterThumbnail628DwmUpdateThumbnailProperties628DxgkInitialize629EngBitBlt622EngCreateDeviceSurface623EngDeviceIoControl624EngLineTo623EngModifySurface623EnterCriticalSection303EnumChildWindows615EnumDesktopWindows614EnumProps615EnumThreadWindows615EnumWindowStations614ExAcquireCacheAwarePushLockExclusive378ExAcquireCacheAwarePushLockShared378ExAcquireFastMutex370ExAcquireResourceExclusiveLite371 372ExAcquireResourceSharedLite371 372ExAcquireSpinLockExclusive351ExAcquireSpinLockShared351ExAdjustLookasideDepth293ExAllocateCacheAwarePushLock378ExAllocatePoolWithQuotaTag445ExAllocatePoolWithTag45 218 220 223 245 445ExCreateHandle134 141ExCreateHandleTable131ExDeleteResourceLite371 373ExfAcquirePushLockExclusive376ExfAcquirePushLockShared376ExFreeCacheAwarePushLock378ExFreePoolWithTag45 218 222 223ExfReleasePushLockExclusive376 377ExfReleasePushLockShared376 377ExfWakePushLock377ExInitializePoolDescriptor218ExInitializePushLock376ExInitializeResourceLite371 372ExInitSystem86ExInitSystemPhase289ExInterlockedCompareExchange64345ExMapHandleToPointerEx134ExpAllocateHandleTable131ExpAllocateHandleTableEntry132ExpAllocateHandleTableEntrySlow131ExpFreeHandleTableEntry132ExpInitializeExecutive86 149 195 556ExpInitializePushLocks376ExpInsertPoolTrackerInline223ExpLookupHandleTableEntry134ExpRemovePoolTrackerInline223ExpWaitForResource372ExQueueWorkItem366 36 495ExReleaseCacheAwarePushLockExclusive378ExReleaseCacheAwarePushLockShared378ExReleaseFastMutex370ExReleaseResourceLite371-373ExReleaseSpinLockExclusive351ExReleaseSpinLockShared351ExTryAcquireSpinLockExclusive351FatCommonCreate534FatCommonRead534FatCommonWrite534FatCreateNewDirectory534FatCreateNewFile534FatFsdRead534FatFsdWrite534FatInitializeVcb533FatMountVolume533FatPagingFileIo534FindWindow615FindWindowEx615FltRegisterFilter527 529FltStartFiltering527 528FsRtlCheckLookForReadAccess522FsRtlCheckLookForWriteAccess522FsRtlInitSystem89FsRtlProcessFileLock521FsRtlRegisterFileSystemFilterCallbacks522FsRtlRegisterUncProvider522 578GetCurrentProcess606GetcurrentProcessId606GetMailslotInfo586GetMessage616GetPerformanceInfo295GetQueuedCompletionStatus466GlobaMemoryStatusEx295HalInitializeProcessor316 86 88HalInitPnpDriver393HalInitSystem86 88HalQueryRealTimeClock89HalRequestSoftwareInterrupt327 328 334HalStartNextProcessor87Heap32First295Heap32Next295HwVidInitialize624InbvUpdateProgressBar90InitializeGre607InitializePool205 214 218InitialTab141InterlockedAnd345InterlockedCompareExchange345InterlockedCompareExchange64345 346InterlockedCompareExchangePointer377InterlockedDecrement345InterlockedExchange345InterlockedExchangeAdd345InterlockedIncrement300 345InterlockedOr345InterlockedPopEntrySList346-348InterlockedPushEntrySList346-348 445InterlockedXor345IoAcquireCancelSpinLock460IoAllocateDriverObjectExtension502 503IoAllocateIrp449 451IoAllocateMdl453 454 492IoAssignDriveLetters394IoAsynchronousPageWrite281 282 484 486IoAttachDevice403IoAttachDeviceToDeviceStack403 433 436IoAttachDeviceToDeviceStackSafe403IoBuildAsynchronousFsdRequest451IoBuildDeviceIoControlRequst451IoBuildSynchronousFsdRequest451IoCallDriver407 446 447 449 451-453 455-458 460 462 463 582 622IoCancelIrp429 460IoCancelThreadIo460IoCompleteRequest429 456 457 459 461 463 465IoConnectInterrupt322IoCopyCurrentIrpStackLocationToNext446 463IoCreateDevice400 402 428 436 438 509 533IoCreateDriver397 401IoCreateFile406 447 581 586IoCreateObjectTypes393IoCreateSymbolicLink438IoDisconnectInterrupt322IoEnumerateDeviceObjectList524IofCallDriver449IoFreeMdl454 493 493IoGetAttachedDevice442 510IoGetDmaAdapter429IoGetRelatedDeviceObject442IoInitializeDpcRequest326IoInitializeTimer430IoInitSystem89 90 393 394 396 445IoInvalidateDeviceRelations413 431 433IoInvalidateDeviceState413IopAcquireFileObjectLock455IoPagedRead484 486IoPageRead263IopAllocateIrpMustSucceed449IopAllocateIrpPrivate445 451 460IopCallDriverReinitializationRoutines393IopCheckBackupRestorePrivilege81IopCheckVpbMounted507 520IopCloseFile448IopCompleteRequest453 458-460 464 466 467 648IopCreateFile447 455 510 520 581 586IopCreateObjectTypes407 465IopCreateRootDirectories393IopCreateVpb509IopDecrementDeviceObjectRef408IopDeleteDevice408IopDeleteFile408 448 449IopDequeueThreadIrp459 460IopDestroyDeviceNode408IopDisassociateThreadIrp460IopDoNameTransmogrify506IopDropIrp458IopfCallDriver446 449IopfCompleteRequest457 458 464IopFreeIrp445IopGetDriverNameFromKeyNode514IopGetSetSecurityObject77IopInitializeBootDrivers393 394 396 413 519IopInitializeBuiltinDriver394-396 413 428IopInitializeIrp445 446IopInitializePlugPlayServices393IopInitializeSystemDrivers393 395 396 413IopInsertRemoveDevice402IopInvalidDeviceRequest401 448IopLoadDriver395 396 401 428 439 514IopLoadFileSystemDriver508IopLoadUnloadDriver397 428 439IopMountInitializeVpb508IopMountVolume507-509 520 520IopParseDevice407 447 448 455 484 506 510 520 582 587IopProtectSystemPartition393IopQueueThreadIrp459IopReadyDeviceObjects394IopReassignSystemRoot393IopReleaseFileObjectLock455IopSynchronousServiceTail450 451 455 458 460IopTimerDispatch430IopUnloadDriver428IopXxxControlFile450 452 453IoQueueWorkItem366 36IoReadPartitionTable501 502IoReadPartitionTableEx501 502IoRegisterDeviceInterface433 503IoRegisterDriverReinitialization429IoRegisterFileSystem475 507 508 519 520 582IoRegisterFsRegistration507IoRegisterFsRegistrationChange524IoRegisterPlugPlayNotification503 617IoReleaseCancelSpinLock460IoReportDetectedDevice413IoRequestComplete446IoRequestDeviceEject431IoRequestDpc326IoSetCancelRoutine429 460IoSetCompletionRoutine429 444 458 463IoSetIoCompletion468IoSkipCurrentIrpStackLocation446 463 464IoStartTimer430IoStopTimer430IoSynchronousInvalidateDeviceRelations413IoSynchronousPageWrite486IoUnregisterFileSystem508IsRectEmpty606KdDebuggerInitialize189KeAcquireGuardedMutex370KeAcquireInStackQueuedSpinLock353KeAcquireInterruptSpinLock457KeAcquireQueuedSpinLock353KeAcquireQueuedSpinLockAtDpcLevel353KeAcquireQueuedSpinLockRaiseToSynch353KeAcquireSpinLock350KeAcquireSpinLockAtDpcLevel350KeAcquireSpinLockForDpc350KeAcquireSpinLockRaiseToSynch350KeAddSystemServiceTable562 563 607KeAttachProcess47 136 232KeBalanceSetManager208 282 292 445KeBoostProirityThread153KeBugCheck90KeBugKeBugCheckEx260KeCancelTimer367KeClearEvent362KeClearTimer367KeConnectInterrupt321 322KeContextFromKframes340KeDeferredReadyThread369KeDelayExecution467KeDelayExecutionThread357 358 160 161 166 167KeDetachProcess332 136 232 233KeDisconnectInterrupt322 323KeFlushEntireTb215KeFlushMultipleTb215KeFlushSingleTb215KeFreezeAllThreads117KeGetCurrentThread135Kei386EoiHelper322 341KeInitializeApc333 336KeInitializeDpc324 326KeInitializeEvent362KeInitializeGate369KeInitializeGuardedMutex370KeInitializeInterrupt321 322KeInitializeMutant363KeInitializeProcess138 149KeInitializeQueue365 466 467KeInitializeSemaphore364KeInitializeSpinLock350KeInitializeThread149KeInitializeTimer367KeInitializeTimerEx367KeInitSystem323KeInitThread117 141 144 145 149 561KeInsertHeadQueue365KeInsertQueue365 466 467 467KeInsertQueueApc333 336 153KeInsertQueueDpc324-326 345 368KeLeaveCriticalRegion335KeLeaveGuardedRegion335KeLowerIrql319KePulseEvent362 153KeRaiseIrql319KeRaiseIrqlToDpcLevel344KeRaiseIrqlToSynchLevel344KeReadyThread142 157KeReleaseGuardedMutex370KeReleaseInStackQueuedSpinLock353KeReleaseinterruptSpinLock457KeReleaseMutant359 363 364 368 153 161KeReleaseMutex364KeReleaseQueuedSpinLock353KeReleaseQueuedSpinLockFromDpcLevel353KeReleaseSemaphore359 364 368 372 153 161 571 573KeReleaseSpinLcokForDpc350KeReleaseSpinLock350KeReleaseSpinLockFromDpcLevel350KeRemoveQueue365 366 161 167 466 467KeRemoveQueueApc336KeRemoveQueueDpc324 325KeRemoveSystemServiceTable562KeResetEvent362KeResumeThread117KeRevertToUserAffinityThread159KeRundownQueue365KeRundownThread363KeSetAffinityThread117KeSetBasePriorityThread151KeSetEvent359 362 363 368 153 161 499KeSetEventBoostPriority363 373 156KeSetPriorityAndQuantumProcess151KeSetProcess366 153KeSetSystemAffinityThread117 159KeSetSystemTime89KeSetTargetProcessorDpc324KeSetTimer367KeSetTimerEx367KeSignalGateBoostPriority369 162KeStackAttachProcess47KeStartAllProcessors87 88 89KeStartThread141 149KeSuspendThread117 142KeSwapProcessOrStack162 208 282KeSwitchKernelStack561 609KeSynchronizeExecution429 457KeTerminateThread367 148 153 154 167KeTestAlertThread335KeTestForWaitersQueuedSpinLock353KeTestSpinLock350KeTryToAcquireQueuedSpinLock353KeTryToAcquireQueuedSpinLockAtRaisedIrql353KeTryToAcquireQueuedSpinLockRaiseToSynch353KeTryToAcquireSpinLock350KeTryToAcquireSpinLockAtDpcLevel350KeUpdateRunTime327 164 168KeUpdateSystemTime327-330KeUserApcDispatcher335KeUserCallbackDispatcher620KeUserExceptionDispather340KeUserModeCallback619 620KeWaitForGate369 375 162 167KeWaitForMultipleObjects357-359 361 364 379 114 160 161 166 167 467KeWaitForSingleObject357 358 364 372 114 160 161 166 167 451 467KfLowerIrql319KfRaiseIrql319KiAccquireSpinLock349KiAcquireFastMutex370KiActivateWaiterQueue366 369 161 467KiAdjustIrpCredits293 445KiAdjustQuantumThread159KiAttachProcess167KiBarrierWait86 87 88KiCallUserMode619 620KiChainedDispatch321KiChainedDispatch2ndLvl321KiCheckForKernelApcDelivery335KiCheckForSListAddress348KiClearIdleSummary165KiCompleteTimer368KiComputeNewPriority151 168KiComputeTimerTableIndex328-330KiConnectVectorAndInterruptObject321KiDebugRoutine341KiDeferredReadyThread369 153 157 158 164 165 168KiDeliverApc334 335 341KiDispatchException337-341 576KiDispatchInterrupt325 326 328 168KiEnableFastSyscallReturn553KiExecuteDpc323 324KiExitDispatcher344 365 169KiFastSystemCall551 552 554 564KiFastSystemCallRet552 554KiFindReadyThread158 159 166KiFloatingDispatch321KiGetVectorInfo321KiIdleLoop325KiIdleSchedule150 159KiInitializeContextThread141 144KiInitializeDpc324KiInitializeKernel86 88 149 195KiInitializeMutext363KiInitializeUserApc335KiInitProcessor87KiInitProcessorState87KiInitSpinLocks352 353KiInitSystem556KiInsertDeferredReadyList334 114 157 158 162KiInsertOrSignalTimer367 368 161KiInsertQueue365 156 161KiInsertQueueApc333 334KiInsertQueueDpc329KiInsertTimerTable328 329KiInSwapKernelStacks283 284KiInSwapProcesses108 157 283 284KiInterruptDispatch321 325KiInterruptDispatch2ndLvl321KiIntSystemCall551 552 554KiIsKernelStackSwappable162KiLoadFastSyscallMachineSpecificRegisters552KiOutSwapKernelStacks162 283KiOutSwapProcesses157 283KiProcessDeferredReadyList326 114 169KiProcessTimerDpcTable329KiQuantumEnd326 159 168KiRaiseException341KiReadyThread334 354 359 360 365 108 155-157 284KiReleaseSpinLock349KiRestoreFastSyscallReturnState553KiRetireDpcList325 326 328 329 168KiScanReadyQueues153KiSelectNextThread165KiSelectReadyThread158 159 166 168KiServiceExit551KiSetIdleSummary165KiSetPriorityThread159KiSignalTimer367 368KiSuspendThread117KiSwapContext167-169KiSwapThread335 358 359 369 378 161 165-167 169KiSystemService143 551 564KiSystemStartup315 316 85-88 195KiThreadStartup144 145KiTimerExpiration329 368KiUnlinkThread360 467KiUnwaitThread334 354 359 360 156 157 161 467KiUserApcDispatcher335KiUserExceptionDispatcher340 341KiWaitSatisfyAny364KiWaitSatisfyMutant364KiWaitSatisfyOther364KiWaitTest359 362 364 161KiWaitTestSynchronizationObject359 363 367 368 161KiWaitTestWithoutSideEffects359 362 366-368 161LdrInitializeThunk145 146LeaveCriticalSection303LineTo623LpcExitThread575LpcInitSystem89 568LpcpAcquireLpcpLock575LpcpAcquireLpcpLockByThread575LpcpAllocateFromPortZone574LpcpClosePort575LpcpCreatePort570LpcpDeletePort575LpcpDestroyPortQueue575LpcpFreeToPortZone574LpcpGenerateMessageId575LpcpMoveMessage574LpcpReleaseLpcpLock575LpcRequestPort574LpcRequestWaitReplyPort574LpcRequestWaitReplyPortEx574 576LsaLogonUser93LsaLookupAuthenticationPackage93MiAddMdlTracker122MiAgeWorkingSet289MiAllocatePagesForMdl280MiAllocatePoolPages210-216 220 222MiAllocateVad233MiAllowWorkingSetExpansion233MiAllowWorkingSetExpension482MiBuildPagedPool199 213 218MiChargeCommitment230MiChargeCommitmentCantExpand216MiCheckForUserStackOverflow261MiCheckPdeForPagedPool259MiCheckSystemPteProtection259MiCheckSystemTrimEndCriteria290MiCheckVirtualAddress260 551MiCloneProcessAddressSpace120 233MiCompleteProtoPteFault263 265MiComputeSystemTrimCriteria288 289MiCopyOnWrite260 261 264MiCreateBitMap214MiCreateDataFileMap242 243 247 264MiCreateImageFileMap242 243 246 247 264MiCreatePagingFileMap242-246 264MiDecrementReferenceCount281MiDecrementShareCount274 283MiDeletePte274MiDeleteSystemPageableVm216MiDeleteVirtualAddress240 249 273 274MiDetermineTrimAmount289 290MiDispatchFault260-263MiEnablePagingOfDriverAtInit208MiEnablePagingTheExecutive208MiFeedSysPtePool227MiFillWsleHash292MiFindEmptyAddressRange239 240 246 247MiFindEmptyAddressRangeDown246 247MiFindEmptyAddressRangeInTree240MiFindNodeOrParent238MiFreeMdlTracker122MiFreeNonPagedPool212MiFreePoolPages210 212 214-216 222 223MiFreeWsleList274 290MiGatherMappedPages281 282MiGatherPagefilePages281 282MiGetVirtualAddressMappedByPte202MiHighPagedPoolThreshold214MiInitializeCopyOnWritePfn265MiInitializeLoadedModuleList199MiInitializeMemoryEvents208 285MiInitializeNonPagedPool204 209 210 218MiInitializeNonPagedPoolThresholds204 209MiInitializeSessionIds208MiInitializeSessionWsSupport208MiInitializeSystemCache199 482MiInitializeSystemPtes205 226MiInitializeWorkingSetList232MiInitMachineDependent139 196 198 200 205-209 217 226 275MiInPageSingleKernelStack284MiInsertFrontModifiedNoWrite277MiInsertImageSectionObject246MiInsertNode238 239MiInsertPageInFreeList273 276MiInsertPageInList276-278MiInsertStandbyListAtFront276MiInsertVad239 248MiInsertVadCharges239 240 248MiInsertZeroListAtBack276MiLocateWsle292MiLowPagedPoolThreshold214MiMakeOutswappedPageResident284MiMakeProtectionMask264 265MiMapBBTMemory207MiMappedPageWriter282MiMapViewOfDataSection245-247MiMapViewOfImageSection245 247MiMapViewOfPhysicalSection245 249MiModifiedPageWriter274 280MiModifiedPageWriterTimerDispatch281MiModifiedPageWriterWorker280-282MiniportSend600MiOutPageSingleKernelStack283MiProcessWorkingSets274 287 289 290MiRearrangeWorkingSetExpansionList288MiReleaseSystemPtes226-228MiReloadBootLoadedDrivers198MiRemoveAnyPage262 264 265 273-275 278MiRemoveMappedView249MiRemoveNode238 239MiRemovePageByColor278MiRemovePageFromList276-278MiRemoveVad239MiRemoveWorkingSetPages274 290MiRemoveWsle290 482MiRemoveZeroPage262 265 274 275 278MiReserveAlignedSystemPtes227MiReserveSystemPtes226-228MiResolveDemandZeroFault260-262 273MiResolveMappedFileFault263 494MiResolvePageFileFault262 263 273MiResolveProtoPteFault262 263MiResolveTransitionFault262 272MiRestoreTransitionPte277MiReturnCommitment216MiReturnPageTablePageCommitment239 240MiSectionInitialization207 249MiSessionAddProcess230 231MiSessionWideInitializeAddresses208MiStartZeroPageWorkers208MiTrimWorkingSet274 289 291MiUnlinkFreeOrZeroedPage276MiUnlinkPageFromList262 264 265 272 277MiUnmapLargePages200MiUnmapViewOfSection249MiUpdateMdlTracker122MiUpdateSystemPdes232MiUpdateWsle482MiWriteComplete281 282MiWriteProtectSystemImage208MiZeroPhysicalPage278MmAccessFault257 259 261 263MmAllocatePagesForMdl279MmAllocatePagesForMdlEx279 280MmAllocateSpecialPool223MmCheckCachedPageState495MmCopyToCachedPage486MmCreateKernelStack609MmCreateProcessAddressSpace229 231 239 287MmCreateSection241 242 244 246 247 264 483MmEnableModifiedWriteOfSection277 491MmExtendSection483MmFlushSection486 493 497MmFreePagesByColor275MmFreePagesFromMdl279 280MmGetSystemAddressForMdlSafe454MmInitializeHandBuiltProcess2232MmInitializeMemoryLimits198MmInitializeProcessAddressSpace138 229 231 233 234 236MmInitSystem86 89 90 139 196-200 206 207 213 248 276 280 285MmInPageKernelStack284MmIsMemoryAvailable288MmLoadSystemImage396 607MmMapViewInSystemCache485MmMapViewOfSection233 245-247 249MmOutPageKernelStack162 283MmOutSwapProcess283 284MmPageEntireDriver607MmProbeAndLockPages454 492 493MmResetPageFaultReadAhead494MmSavePageFaultReadAhead494MmSetAddressRangeModified486 491MmSetPageFaultReadAhead493 494MmUnloadSystemImage408MmUnlockPages454 458 492 493 493MmUnmapViewInSystemCache485 491MmWorkingSetManager274 288 293MmZeroPageThread86 273 275Module32First295Module32Next295MsFsdCreateMailslot587NdisAllocatePacket600NdisMIndicateReceivePacket600NdisMRegisterMiniport601NdisSend600NtAcceptConnectPort572 573NtAcceptPort567NtAllocateVirtualMemory240 249NtCallbackReturn620NtClose447 448NtCompleteConnectPort567 572 573NtConnectPort567 571NtCreateDirectoryObject58NtCreateFile404 406 447 455 510 517 545 551 552 554 555 563 583 587 594 595NtCreateIoCompletion465-467NtCreateKey68 72NtCreateMailslotFile406 585 586 588 594NtCreateNamedPipe583NtCreateNamedPipeFile406 578 581 586 594NtCreatePagingFile24NtCreatePort567 569 570NtCreateProcess21 136 143NtCreateProcessEx136 143 137NtCreateSection264NtCreateThread139NtCreateWaitablePort567 569 570NtDeleteKey72NtDeleteValueKey72NtDeviceIoControlFile31 447 449-455 525 594 595NtEnumerateKey72NtFlushBuffersFile451NtFlushKey72NtFreeVirtualMemory240 274NtFsControlFile450 451NtGdiBitBlt606NtGdiLineTo623NtInitializeRegistry68 72 91NtLinstenPort567 570NtLoadDriver396 397NtLoadKey69 72NtLockFile451NtMapViewOfSection245NtNotifyChangeDirectoryFile451NtNotifyChangeKey72NtNotifyChangeMultipleKeys72NtOpenFile21NtOpenKey70-72NtPowerInformation418NtPulseEvent153NtQueryDirectoryFile451NtQueryEaFile451NtQueryInformationProcess124NtQueryKey72NtQueryQuotaInformationFile451NtQueryValueKey70 72NtQueryVolumeInformationFile451NtQueueApcThread336NtRaiseException341NtReadFile31 124 407 449 451-453 455 457 459 484 511 583 595 606NtReadFileScatter451NtReleaseKeyedEvent153NtReleaseMutant153NtReleaseSemaphore153NtRemoveIoCompletion466 467NtReplaceKey72NtReplyPort567 574NtReplyWaitReceivePort567 570 574NtReplyWaitReceivePortEx567 571 574NtReplyWaitReplyPort567 574NtRequestPort567 574NtRequestWaitReplyPort567 574NtRestoreKey72NtResumeThread140NtSaveKey72NtSecureConnectPort567 571 572NtSetCompletion468NtSetEaFile451NtSetEvent153NtSetEventBoostPriority153NtSetInformationFile466 467NtSetInformationProcess152NtSetIoCompletion467NtSetQuotaInformationFile451NtSetSystemInformation607NtSetTimer21NtSetValueKey72NtSetVolumeInformationFile451NtSignalAndWaitForSingleObject153NtSuspendThread379NtTerminateProcess148NtTerminateThread146NtUnlockFile451NtUnmapViewOfSection249NtUserCreateDesktop611NtUserCreateWindowEx615NtUserCreateWindowStation611NtUserDispatchMessage618NtUserGetMessage563 618NtUserPostMessage606 618NtUserPostThreadMessage618NtVdmControl121NtWaitForKeyedEvent153NtWriteFile31 124 407 449 451 452 455 459 484 511 583 594 595 606NtWriteFileGather451NtYieldExecution159ObCheckObjectAccess77 78ObCreateObject56-58 138 141 242 397 400 406 407 569-571 582ObCreateObjectType55ObDereferenceObject61 134 408ObfDereferenceObject448ObGetObjectSecurity77ObInitSystem86 89 407ObInsertObject59 134 142 397 400 569ObOpenObjectByName59 69-71 406 447 455 510 581 586ObpAllocateObject58 60ObpAuditObjectAccess134ObpCloseHandle134 448ObpCloseHandleTableEntry134 448ObpCreateHandle134ObpDecrementHandleCount61 134 448ObpDeleteDirectoryEntry59ObpFreeObject58ObpIncrementHandleCount61ObpInsertDirectoryEntry59ObpLookupDirectoryEntry59 60 406 407 510ObpLookupObjectName59 60 70 71 129 406 407 510 581 582 586 587ObpParseSymbolicLink582ObpRemoveObjectRoutine448ObReferenceObjectByHandle60 71 78 133 134 137 138 450ObReferenceObjectByName59 608ObReferenceObjectByPointer61 134OpbLookObjectName455OpenSCManager438OpenService438PeekMessage618Phase1Initialization86Phase1InitializationDiscard323 67 86-88 149 196 393 418 479PipCallDriverAddDevice435 436PoCallDriver421PoInitDriverServices393 394PoInitSystem88 90 418PoRequestPowerIrp421 422PoSetPowerState420PostMessage606PostQueuedCompletionStatus468PpInitSystem86 89PpLastGoodDoBootProcessing393ProbeForRead454ProBeForWrite454ProbeForWrite 21PsChangeQuantumTable164PsConvertToGuiThread561 609PsCreateSystemProcess137PsCreateSystemThread36 140 149PsEsablishWin32Callouts607 608PsExitSpecialApc147PsGetCurrentProcess333 135PsGetCurrentThread135PsInitSystem86 90 148 149PsLocateSystemDll393PsLookupProcessByProcessId135PsLookupProcessThreadByCid135PsLookupThreadByThreadId135PsMapSystemDll233PspChargeQuota119PspComputeQuantumAndPriority139 152 164PspCreateProcess47 58 134 137 139 142 143 164 229 231 232 576PspCreateThread47 58 140 141 144 145 157PspExitApcRundown147PspExitNormalApc147PspExitThread147 148 366 367 460 575 575PspInitializeProcessSecurity138PspInitializeSystemDll149PspInitPhase086 137 149 164PspInitPhase1149PspLockThreadSecurityExclusive128PspLockThreadSecurityShared128PspLookupKernelUserEntryPoints149 552PspQueueApcSpecialApc336PspTerminateThreadByPointer146-148PspUserThreadStartup145PspW32ProcessCallout609PspW32ThreadCallout609PsSetProcessWin32Process609PsSetThreadWin32Thread609PsTerminateProcess148PsTerminateSystemThread146PsWatchWorkingSet121PtInRect606RaiseException341RawCreate520RawFileSystemControl520RawInitialize519 520RawMountVolume508 509 520RawReadWriteDeivceControl520ReadFile404 580 606ReadFileEx335 404 459 580RtlCreateUserProcess90RtlDispatchException340 341RtlFindClearBitsAndSet214 215SeAccessCheck78SeCreateAccessStateEx142SeInitSystem86SeMakeAnonymousLogonToken81SeMakeAnonymousLogonTokenNoEveryone81SeMakeSystemToken81SepAccessCheck78SepMaximumAccessCheck78SepNormalAccessCheck78SepPrivilegeCheck79SePrivilegeCheck79SepVariableInitialization80SeRmInitPhase190SeSinglePrivilegeCheck81SetMailslotInfo586SetNamedPipeHandleState581SetProcessWindowStation611SetThreadDesktop611SetWindowHookEx618SmpLoadDataFromRegistry92StartService438SwapContext74 169 170 326 547Thread32First295Thread32Next295TransactNamedPipe581TranslateMessage616UnhookWindowsHookEx618VideoPortGetProcAddress625VideoPortInitialize625VideoPortMapMemory624VirtualAlloc45 235 240VirtualAllocEx45 235 240VirtualFree45 235 240VirtualFreeEx45 235 240VirtualLock235VirtualUnlock235VirutalLock491WaitNamedPipe580Win32UserInitialize607WMIInitialize393 394WmipAllocateTraceBufferPool74WmipStartLogger74WmiTraceContextSwap74WriteFile404 580 606WriteFileEx335 404 459 580XxAcquireFastMutex370XxReleaseFastMutex370ZwAcceptConnectPort576ZwCompletePort576ZwConnectPort577ZwOpenKey70ZwQueryValueKey70 72ZwWaitForSingleObject90

结构

结构名称页数_BCB487_DEVICE_CAPABILITIES418_DEVICE_OBJECT401_DEVOBJ_EXTENSION402_DISPATCH_HEADER355_DRIVER_EXTENSION401_DRIVER_OBJECT400_EPROCESS118_ERESOURCE370_ETHREAD125_EX_PUSH_LOCK373_EXCEPTION_RECORD337_FAST_IO_DISPATCH452_FILE_OBJECT405_FLT_OPERATION_REGISTRATION528_FLT_REGISTRATION528_HANDLE_TABLE130_HANDLE_TABLE_ENTRY132_IO_STACK_LOCATION442_IRP440_KAPC331_KAPC_STATE332_KDPC324_KINTERRUPT320_KMUTANT363_KPRCB158_KPROCESS107_KQUEUE364_KSERVICE_TABLE_DESCRIPTOR555_KTHREAD110_KTIMER328_KTIMER_TABLE_ENTRY328_KTRAP_FRAME339_KWAIT_BLOCK355_LOADER_PARAMTER_BLOCK84_LPCP_MESSAGE569_LPCP_PORT_OBJECT567_LUID_AND_ATTRIBUTES79_MDL279_MM_AVL_TABLE236_MM_PAGED_POOL_INFO213_MMADDRESS_NODE236_MMCOLOR_TABLES275_MMFREE_POOL_ENTRY210_MMLISTS270_MMPFN266_MMPFNENTRY269_MMPFNLIST270_MMPTE256_MMPTE_HARDWARE252_MMPTE_LIST224_MMPTE_PROTOTYPE256_MMPTE_SOFTWARE254_MMPTE_TRANSITION254_MMSUPPORT287_MMVAD236_MMWSL286_MMWSLE287_MMWSLE_HASH291_MMWSLENTRY286_OBJECT_HEADER54_OBJECT_TYPE54_OBJECT_TYPE_INITIALIZER55_PERFINFO_GROUPMASK73_PERFINFO_TRACE_HEADER630_POOL_DESCRIPTOR216_POOL_HEADER219_SECTION241_SINGLE_LIST_ENTRY346_SLIST_HEADER346_VACB479_VPB509_WIN32_CALLOUTS_FPNS608MSG616

全局变量

变量名称页数_IDT316_KeTickCount327 328CcDeferredWrites496 498CcDirtyPageTarget497CcDirtyPageThreshold498CcExpressWorkQueue494 495 497CcIdleWorkerThreadList495CcRegularWorkQueue495 497CcTotalDirtyPages497 498CcTwilightLookasideList494CcVacbFreeList479 491CcVacbLru479CcVacbs479CmKeyObjectType55 67 70DbgkDebugObjectType55ExCallbackObjectType55ExCriticalWorkerThreads495ExDesktopObjectType55ExEventObjectType55ExEventPairObjectType55ExMutantObjectType55ExpKeyedEventObjectTpye55ExpNonPagedPoolDescriptor217ExpNumberOfNonPagedPools217ExpNumberOfPagedPools217ExpPagedPoolDescriptor217 218ExpPoolFlags223ExProfileObjectType55ExpSystemResourcesList371ExSemaphoreObjectType55ExTimerObjectType55ExWindowStationObjectType55InitializationPhase85IoAdapterObject55IoCompletionObjectType55 465IoControllerObjectType55IoDeviceHandlerObjectType55IoDeviceObjectType55IoFileObjectType55IopCdRomFileSystemQueueHead507IopDiskFileSystemQueueHead507IopNetworkFileSystemQueueHead507IopTapeFileSystemQueueHead507IRQL317KeActiveProcessors137KeServiceDescriptorTable116 555 561 562 564 589KeServiceDescriptorTableShadow116 561 562 564 589 607 609KiIdleSummary165KiProcessInSwapListHead284KiProcessorBlock165KiProcessOutSwapListHead109 283KiProfileListHead108KiStackInSwapListHead114KiTimerTableListHead328 329LargeSystemCache477LdrInitializeThunk145LpcPortObjectType55LpcWaitablePortObjectType55MaximumSystemCacheSize199MiEndOfInitialPoolFrame210MiFullyInitialized208MiInitializeSystemCache478MiLowPagedPoolEvent215MiLowPagedPoolThreshold215MiMaximumSystemCacheSizeExtra206 207MiMaximumWorkingSet291MinimumWorkingSetSize230MiNonPagedPoolSListHead212MiNonPagedPoolSListMaximum212MiSessionImageEnd198 207MiSessionImageStart198MiSessionPoolEnd198MiSessionPoolStart198 207 213MiSessionSpaceWs198 207MiSessionViewStart198MiStartOfInitialPoolFrame210MiSystemCacheEndExtra477MiSystemCacheStartExtra206 207 477MiSystemPteNBHead225 226 228MiSystemPteSListHead226MiSystemViewStart198 207 206 476MiUseMaximumSystemSpace204MiUseMaximumSystemSpaceEnd204MmAllocationFragment248MmAvailablePages285MmCodeClusterSize199MmDataClusterSize199MmDisablePagingExecutive214MmFirstFreeSystemCache478MmFirstFreeSystemPte226-228MmFreedExpansionPoolMaximum199MmFreePageListHead276 278MmHighestPhysicalPage200MmHighestUserAddress196 207MmHighMemoryThreshold285MmHyperSpaceEnd207MmInPageSupportMinimum199MmLargeSystemCache476MmLowestPhysicalPage200MmLowMemoryThreshold285MmMaximumDeadKernelStacks199MmMaximumNonPagedPoolInBytes200 201MmMaximumWorkingSetSize199 287MmModifiedNoWirtePageListHead491MmModifiedPageListHead277 281MmModifiedPageMaximum199 280MmModifiedWriteClusterSize281MmNonPagedPoolEnd201 202 207 210MmNonPagedPoolEnd0207 210 476MmNonPagedPoolExpansionStart206 207 224 210MmNonPagedPoolFreeListHead210 211MmNonPagedPoolStart201 206 207 210 476MmNonPagedSystemStart201 202 205 206 213 224MmNumberOfPhysicalPages200 207MmNumberOfSystemPtes197MmPagedPoolEnd207 213MmPagedPoolInfo213 214MmPagedPoolPage482MmPagedPoolStart197 206 207 213 476MmPfnDatabase206 207MmPlentyFreePages288MmProcessCommit230MmProcessList124 230MmReadClusterSize199MmResidentAvailablePages199MmSecondaryColorMask200MmSecondaryColors200MmSectionObjectType55MmSessionBase198 206 207MmSessionImageSize198 207MmSessionSpace213 214 231MmSessionViewSize198MmSharedUserDataPte207 551MmSizeOfNonPagedPoolInBytes200 201 210MmSizeOfPagedPoolInBytes197 213MmSizeOfSystemCacheInPages199 477MmStandbyPageListByPriority276 277MmStandbyPageListHead276 277MmSysPteIndex225MmSysPteListBySizeCount226 227MmSysPteMinimumFree226 227MmSysPteTables225MmSystemCacheEnd199 476MmSystemCachePage482MmSystemCacheStart197 206 207 476MmSystemCacheWorkingSetList199 206 207 476 482MmSystemCacheWs481MmSystemCacheWsMinimum199MmSystemCodePage482MmSystemDriverPage482MmSystemPagePtes234MmSystemPteBase207MmSystemPtesEnd226MmSystemPtesStart226MmSystemRangeStart196 207MmSystemViewSize198MmTotalCommitLimit199MmTotalCommitLimitMaximum199MmTotalFreeSystemPtes226MmUserProbeAddress196 207MmWorkingSetExpansionHead288-290 482MmWorkingSetList207 234 286MmZeroedPageListHead276 278MxPfnAllocation200NonPagedPoolDescriptor217 218ObpDeviceMapObjectType55ObpDirectoryObjectType55 58ObpKernelHandleTable133ObpRootDirectoryObject58 407ObpTypeObjectType55PerfGlobalGroupMask74pIoAllocateIrp445PoolVector217 219PopCapabilities418PopPolicy418PsActiveProcessHead119 139PsInitialSystemProcess137-139PsJobType55PsLoadedModuleList395PsMaximumWorkingSet137PspCidTable134PspForegroundQuantum164PspInitialSystemProcessHandle137PspPriorityTable152PsProcessType55 138PspSystemDll145PsThreadType55PsWatchEnabled121SeTokenObjectType55SystemTraceControlGuid73WmipGuidObjectType55SepRmState576