Kernel-Mode Windows
Version Numbering
HAL
Versions
Exports History
3.10
3.50
3.51
4.0
5.0
5.1
5.2
6.0
6.1
6.2
6.3
10.0
Exported Functions and Variables
Hardware Performance Counters
The Emon Profile Interface
The Amd64 Profile Interface
Machine Check Architecture
HalBugCheckSystem
Spin Locks
Functions
KeAcquireInStackQueuedSpinLock
KeAcquireInStackQueuedSpinLockRaiseToSynch
KfAcquireSpinLock
KfReleaseSpinLock
Thunks
Functions
KeAcquireSpinLock
KeReleaseSpinLock
The x86 BIOS Emulator
Functions
x86BiosAllocateBuffer
x86BiosCall
x86BiosFreeBuffer
x86BiosReadMemory
x86BiosWriteMemory
Demonstration
Viewing the Firmware Memory Map
User-Defined Types
intruptp.h
REGISTERED_INTERRUPT_CONTROLLER
ntsoc.h
INTERRUPT_FUNCTION_TABLE
Kernel
Versions
Exports History
The Credibility of Documented Availability
Named Exports
3.10
3.50
3.51
4.0
5.0
5.1
5.2
6.0
SP1
SP2
6.1
SP1
6.2
6.3
10.0
Original
1511
1607
1703
1709
1803
1809
1903
1909
2004
Ordinal-Only Exports
6.2
6.3
10.0
Exported Functions and Variables
Event Tracing for Windows
Lock Tracing
Structures
WMI_RESOURCE
WMI_SPINLOCK
Notifications
Structures
ETW_DATA_SOURCE
ETWP_NOTIFICATION_HEADER
Registration
Functions
EtwRegister
EtwRegisterClassicProvider
Structures
ETW_HASH_BUCKET
ETW_PROVIDER_TABLE_ENTRY
ETW_REPLY_QUEUE
Security
Trace API
Functions
NtTraceControl
EtwActivityIdCreate
EtwFlushLoggerCode
EtwQueryLoggerCode
EtwStartLoggerCode
EtwStopLoggerCode
EtwUpdateLoggerCode
EtwWdiScenarioCode
EtwWdiSemUpdate
Add Notification Event
Enumerate Trace GUIDs
Get Disallow List
Get Trace Group Information
Get Trace Group List
Get Trace GUID Information
Get Trace GUID List
Notify GUID
Query Reference Time
Real Time Connect
Real Time Disconnect
Receive Notification
Receive Reply Data Block
Register Security Provider
Register User Mode GUID
Send Reply Data Block
Set Provider Traits
Track Provider Binary
Update Disallow List
Use Descriptor Type
NtTraceEvent
Structures
ETW_NOTIFICATION_HEADER
MESSAGE_TRACE_USER
WMI_LOGGER_INFORMATION
LogFileMode
Trace Support
Structures
EVENT_TRACE_SYSTEM_EVENT_INFORMATION
EVENT_TRACE_TIME_PROFILE_INFORMATION
TRACE_ENABLE_FLAG_EXTENSION
Implementation
WMI_LOGGER_MODE
Executive
Module Coverage
Structures
COVERAGE_MODULE_REQUEST
Initialisation
The Product Suite
Fast Interlocked Operations
Functions
ExInterlockedAddLargeStatistic
Lookaside Lists
Probes
ProbeForRead
Profiling
A Demonstration of Self-Profiling
Bug Check From User Mode
Source File
Header
Functions
NtCreateProfile
ZwCreateProfileEx
ZwQueryIntervalProfile
ZwSetIntervalProfile
ZwStartProfile
ZwStopProfile
Implementation
The Executive Profile Object
Resources
Functions
ExIsResourceAcquiredShared
ExIsResourceAcquiredSharedLite
Structures
ERESOURCE
RTL_PROCESS_LOCKS
RTL_PROCESS_LOCK_INFORMATION
Restricted Caller
Software Licensing
Functions
ExFetchLicenseData
ExGetLicenseTamperState
ExSetLicenseTamperState
ExUpdateLicenseData
ZwQueryLicenseValue
Structures
License Data
System Information
Functions
ExIsProcessorFeaturePresent
ZwQuerySystemInformation
ZwQuerySystemInformationEx
ZwSetSystemInformation
Structures
BOOT_ENTROPY_NT_RESULT
MEMORY_COMBINE_INFORMATION
MEMORY_SCRUB_INFORMATION
SYSTEM_ACPI_AUDIT_INFORMATION
SYSTEM_BASIC_PERFORMANCE_INFORMATION
SYSTEM_BIGPOOL_ENTRY
SYSTEM_BIGPOOL_INFORMATION
SYSTEM_BOOT_GRAPHICS_INFORMATION
SYSTEM_BOOT_LOGO_INFORMATION
SYSTEM_CALL_COUNT_INFORMATION
SYSTEM_CALL_TIME_INFORMATION
SYSTEM_CODEINTEGRITYPOLICY_INFORMATION
SYSTEM_CODEINTEGRITY_INFORMATION
SYSTEM_CONSOLE_INFORMATION
SYSTEM_CONTEXT_SWITCH_INFORMATION
SYSTEM_CPU_SET_TAG_INFORMATION
SYSTEM_CRASH_DUMP_INFORMATION
SYSTEM_CRASH_DUMP_STATE_INFORMATION
SYSTEM_CRASH_STATE_INFORMATION
SYSTEM_DEVICE_INFORMATION
SYSTEM_DEVICE_DATA_INFORMATION
SYSTEM_DOCK_INFORMATION
SYSTEM_DPC_BEHAVIOR_INFORMATION
SYSTEM_ELAM_CERTIFICATE_INFORMATION
SYSTEM_ENTROPY_TIMING_INFORMATION
SYSTEM_EXCEPTION_INFORMATION
SYSTEM_EXTENDED_THREAD_INFORMATION
SYSTEM_FILECACHE_INFORMATION
SYSTEM_FLAGS_INFORMATION
SYSTEM_GDI_DRIVER_INFORMATION
SYSTEM_HANDLE_INFORMATION
SYSTEM_HANDLE_INFORMATION_EX
SYSTEM_HANDLE_TABLE_ENTRY_INFO
SYSTEM_HANDLE_TABLE_ENTRY_INFO_EX
SYSTEM_HYPERVISOR_PROCESSOR_COUNT_INFORMATION
SYSTEM_IMAGE_FILE_EXECUTION_OPTIONS_INFORMATION
SYSTEM_INTERRUPT_CPU_SET_INFORMATION
SYSTEM_INTERRUPT_INFORMATION
SYSTEM_ISOLATED_USER_MODE_INFORMATION
SYSTEM_KERNEL_DEBUGGER_INFORMATION
SYSTEM_KERNEL_DEBUGGER_INFORMATION_EX
SYSTEM_LEGACY_DRIVER_INFORMATION
SYSTEM_LOOKASIDE_INFORMATION
SYSTEM_LOW_PRIORITY_IO_INFORMATION
SYSTEM_MEMORY_INFORMATION
SYSTEM_NUMA_INFORMATION
SYSTEM_NUMA_PROXIMITY_MAP
SYSTEM_PAGEFILE_INFORMATION
SYSTEM_PAGEFILE_INFORMATION_EX
SYSTEM_PERFORMANCE_INFORMATION
SYSTEM_PLUGPLAY_BUS_INFORMATION
SYSTEM_POLICY_INFORMATION
SYSTEM_POOLTAG_INFORMATION
SYSTEM_POOL_INFORMATION
SYSTEM_POWER_INFORMATION
SYSTEM_PREFETCH_PATCH_INFORMATION
SYSTEM_PROCESSOR_FEATURES_INFORMATION
SYSTEM_PROCESSOR_IDLE_CYCLE_TIME_INFORMATION
SYSTEM_PROCESSOR_IDLE_INFORMATION
SYSTEM_PROCESSOR_INFORMATION
SYSTEM_PROCESSOR_MICROCODE_UPDATE_INFORMATION
SYSTEM_PROCESSOR_PERFORMANCE_INFORMATION
SYSTEM_PROCESSOR_PERFORMANCE_INFORMATION_EX
SYSTEM_PROCESSOR_POWER_INFORMATION
SYSTEM_PROCESSOR_PROFILE_CONTROL_AREA_INFORMATION
SYSTEM_PROCESSOR_SPEED_INFORMATION
SYSTEM_PROCESS_ID_INFORMATION
SYSTEM_PROCESS_INFORMATION
SYSTEM_PROCESS_INFORMATION_EXTENSION
SYSTEM_QUERY_PERFORMANCE_COUNTER_INFORMATION
SYSTEM_QUERY_TIME_ADJUST_INFORMATION
SYSTEM_REF_TRACE_INFORMATION
SYSTEM_REGISTRY_QUOTA_INFORMATION
SYSTEM_SECUREBOOT_INFORMATION
SYSTEM_SECUREBOOT_POLICY_FULL_INFORMATION
SYSTEM_SECUREBOOT_POLICY_INFORMATION
SYSTEM_SESSION_MAPPED_VIEW_INFORMATION
SYSTEM_SESSION_PROCESS_INFORMATION
SYSTEM_SET_TIME_ADJUST_INFORMATION
SYSTEM_SPECIAL_POOL_INFORMATION
SYSTEM_THREAD_CID_PRIORITY_INFORMATION
SYSTEM_THREAD_INFORMATION
SYSTEM_VA_LIST_INFORMATION
SYSTEM_VERIFIER_COUNTERS_INFORMATION
SYSTEM_VERIFIER_FAULTS_INFORMATION
SYSTEM_VERIFIER_INFORMATION
SYSTEM_VERIFIER_INFORMATION_EX
SYSTEM_VHD_BOOT_INFORMATION
System Time
RTL_DYNAMIC_TIME_ZONE_INFORMATION
RTL_TIME_ZONE_INFORMATION
I/O Manager
I/O Subroutines
IoAllocateIrpEx
IoInitializeIrpEx
IoSizeOfIrpEx
IRP Extensions
Functions
IoGetGenericIrpExtension
IoSetGenericIrpExtension
Implementation
IOP_IRP_EXTENSION
PnP Manager
IoGetDmaAdapter
Hypervisor Interface
HviGetDebugDeviceOptions
HviGetEnlightenmentInformation
HviGetHardwareFeatures
HviGetHypervisorFeatures
HviGetHypervisorInterface
HviGetHypervisorVendorAndMaxFunction
HviGetHypervisorVersion
HviGetImplementationLimits
HviIsAnyHypervisorPresent
HviIsHypervisorMicrosoftCompatible
HviIsHypervisorVendorMicrosoft
HviIsIommuInUse
Hypervisor Layer
Functions
HvlGetLpIndexFromApicId
HvlQueryActiveHypervisorProcessorCount
HvlQueryActiveProcessors
HvlQueryConnection
HvlQueryHypervisorProcessorNodeNumber
HvlQueryNumaDistance
HvlQueryProcessorTopology
Kernel
Processor Affinity
Structures
KAFFINITY_ENUMERATION_CONTEXT
KAFFINITY_EX
Deferred Procedure Calls
Structures
KDPC_DATA
Interrupt Objects
KeInitializeInterrupt
Interrupt Spin Locks
KeAcquireInterruptSpinLock
KeReleaseInterruptSpinLock
Interrupt Support
KeSynchronizeExecution
Profile Objects
KeProfileInterrupt
KeProfileInterruptWithSource
Queued Spin Locks
KeAcquireInStackQueuedSpinLockAtDpcLevel
KeReleaseInStackQueuedSpinLockFromDpcLevel
Spin Locks
KeAcquireSpinLockRaiseToDpc
KeTestSpinLock
Kernel Shim Engine
Driver Shims
Functions
KseRegisterShim
KseRegisterShimEx
KseUnregisterShim
Structures
KSE_HOOK
KSE_HOOK_COLLECTION
KSE_SHIM
DRVMAIN.SDB
Memory Manager
Implementation
Page Table Entries
MMPTE
MMPTE_HARDWARE
HARDWARE_PTE
Modified Writer
Functions
NtCreatePagingFile
Implementation
MI_PAGING_FILE_SPACE_BITMAPS
MMMOD_WRITER_LISTHEAD
MMMOD_WRITER_MDL_ENTRY
MMPAGING_FILE
Partitions
Functions
NtCreatePartition
NtManagePartition
NtOpenPartition
Enumerations
MEMORY_PARTITION_INFORMATION_CLASS
Structures
MEMORY_PARTITION_CONFIGURATION_INFORMATION
MEMORY_PARTITION_INITIAL_ADD_INFORMATION
MEMORY_PARTITION_PAGEFILE_INFORMATION
MEMORY_PARTITION_PAGE_COMBINE_INFORMATION
MEMORY_PARTITION_TRANSFER_INFORMATION
System Loader
MmGetSystemRoutineAddress
Binary Search Bug
Object Manager
Structures
OBJECT_HEADER_AUDIT_INFO
OBJECT_HEADER_CREATOR_INFO
OBJECT_HEADER_HANDLE_INFO
OBJECT_HEADER_HANDLE_REVOCATION_INFO
OBJECT_HEADER_NAME_INFO
OBJECT_HEADER_PROCESS_INFO
OBJECT_HEADER_QUOTA_INFO
Prefetcher
Structures
SUPERFETCH_INFORMATION
Process and Thread Manager
Query
Enumerations
THREADINFOCLASS
Structures
PROCESS_ENERGY_VALUES
Quota
Enumerations
PS_QUOTA_TYPE
Functions
PsChargePoolQuota
PsChargeProcessNonPagedPoolQuota
PsChargeProcessPagedPoolQuota
PsChargeProcessPoolQuota
Structures
EPROCESS_QUOTA_BLOCK
EPROCESS_QUOTA_ENTRY
PS_CPU_QUOTA_QUERY_INFORMATION
PS_CPU_QUOTA_SET_INFORMATION
Run Time Library
Integer Conversions
Functions
RtlUnicodeStringToInt64
RtlUnicodeStringToInteger
Loader
RtlQueryModuleInformation
NLS
Functions
RtlAppendUnicodeToString
RtlCopyUnicodeString
RtlCreateUnicodeString
Red-Black Trees
RtlRbInsertNodeEx
Registry Utilities
Functions
RtlFormatCurrentUserKeyPath
RVA Lists
Structures
RTL_RVA_LIST
Security
Functions
RtlConvertSidToUnicodeString
RtlLengthRequiredSid
RtlLengthSid
RtlValidSid
Structures
SID
Stack Trace Database
Structures
RTL_PROCESS_BACKTRACES
RTL_PROCESS_BACKTRACE_INFORMATION
Strings
RtlInitUnicodeString
RtlInitUnicodeStringEx
RtlPrefetchMemoryNonTemporal
Windows Diagnostic Infrastructure
The Scenario Event Mapper (SEM)
Functions
EtwWriteEndScenario
EtwWriteStartScenario
User-Defined Types
Kernel-Mode
KPCR
KPRCB
KPROCESSOR_STATE
KTRAP_FRAME
amd64_x.h
CPU_VENDORS
KPCR
KPRCB
DpcRequestSummary
PrcbPad11
PrcbPad12a
KPROCESSOR_STATE
KSPECIAL_REGISTERS
KTRAP_FRAME
etwp.h
ETW_GUID_ENTRY
ETW_GUID_TYPE
ETW_PMC_SUPPORT
ETW_PROVIDER_TRAITS
ETW_QUEUE_ENTRY
ETW_REALTIME_CONSUMER
ETW_REG_ENTRY
Flags
ETW_REPLY_QUEUE
ETW_SILODRIVERSTATE
WMI_LOGGER_CONTEXT
Flags
RequestFlag
ex.h
PP_NPAGED_LOOKASIDE_NUMBER
hal.h
HAL_DISPATCH
HAL_PLATFORM_TIMER_SOURCE
HAL_PRIVATE_DISPATCH
i386_x.h
CPU_VENDORS
KPCR
KPRCB
DpcRequestSummary
KPROCESSOR_STATE
KSPECIAL_REGISTERS
KTRAP_FRAME
PROCESSOR_START_BLOCK
io_x.h
DRIVER_EXTENSION
ke.h
KEVENT_PAIR
KEXECUTE_OPTIONS
KOBJECTS
KPROCESS
ProcessFlags
KPROCESS_STATE
KPROFILE
KSTACK_COUNT
KTHREAD
Versions
3.10 to 3.50
3.51 to 5.1
Early 5.2
Late 5.2 to 6.1
6.2 and Higher
MiscFlags
Thread Flags
ThreadFlags2
ThreadFlags3
KTHREAD_STATE
KWAIT_BLOCK_STATE
KWAIT_STATE
KWAIT_STATUS_REGISTER
ke_x.h
ISRDPCSTATS
KINTERRUPT
KMUTEX
KWAIT_BLOCK
mi.h
MI_MEMORY_EVENT_TYPES
MI_PAGE_COMBINING_SUPPORT
MI_PARTITION
MI_PARTITION_COMMIT
MI_PARTITION_CORE
MI_PARTITION_FLAGS
MI_PARTITION_MODWRITES
MI_PARTITION_PAGE_LISTS
MI_PARTITION_SEGMENTS
MI_PARTITION_STATE
MI_PARTITION_STORES
MI_PARTITION_ZEROING
MI_SYSTEM_INFORMATION
MI_SYSTEM_VA_STATE
MI_SYSTEM_VA_TYPE
MI_USER_VA_INFO
MI_VAD_ALLOCATION_CELL
MI_VAD_ALLOCATION_CELL_TYPE
MI_VISIBLE_PARTITION
MI_VISIBLE_STATE
MMPFN
u1
u2
u3
u4
MMPFNENTRY
MMSECTION_FLAGS
MMWSL
MMWSL_FULL
MMWSL_INSTANCE
MMWSL_SHARED
SECTION
mm.h
MMPFNLIST
MMPFNLIST_SHORT
ntosdef.h
KPRCBFLAG
PP_LOOKASIDE_LIST
ntosdef_x.h
DISPATCHER_HEADER
DebugActive
QueueControlFlags
ThreadControlFlags
Timer2Flags
TimerControlFlags
TimerMiscFlags
KDPC
KTIMER
ob.h
DEVICE_MAP
OBJECT_DIRECTORY
OBJECT_DIRECTORY_ENTRY
OBJECT_HANDLE_COUNT_DATABASE
OBJECT_HANDLE_COUNT_ENTRY
OBJECT_HEADER
Flags
InfoMask
TraceFlags
OBJECT_HEADER_AUDIT_INFO
OBJECT_HEADER_CREATOR_INFO
OBJECT_HEADER_HANDLE_INFO
OBJECT_HEADER_HANDLE_REVOCATION_INFO
OBJECT_HEADER_NAME_INFO
OBJECT_HEADER_PROCESS_INFO
OBJECT_HEADER_QUOTA_INFO
OB_CLOSE_METHOD
OB_DELETE_METHOD
OB_DUMP_METHOD
OB_OKAYTOCLOSE_METHOD
OB_OPEN_METHOD
OB_PARSE_METHOD
OB_QUERYNAME_METHOD
OB_SECURITY_METHOD
obp.h
OBP_LOOKUP_CONTEXT
pop.h
POP_CURRENT_BROADCAST
POP_POWER_ACTION
POP_SLEEP_CHECKPOINT
procpowr.h
PPM_DRIVER_DISPATCH_TABLE
PROCESSOR_POWER_STATE
ps.h
EJOB
JobFlags
JobFlags2
EPROCESS
Flags
Flags2
Flags3
MitigationFlags
MitigationFlags2
ESERVERSILO_GLOBALS
ESILO
ETHREAD
Cross-Thread Flags
Same-Thread Passive Flags
Same-Thread APC Flags
MMSUPPORT
MMSUPPORT_FLAGS
MMSUPPORT_FULL
MMSUPPORT_INSTANCE
MMSUPPORT_SHARED
POWERSTATETASK
SERVER_SILO_MONITOR
SE_AUDIT_PROCESS_CREATION_INFO
SILO_CONTEXT
SILO_MONITOR
WIN32_CALLOUTS_OPERATION
WIN32_POWERSTATE_PARAMETERS
WORKING_SET_TYPE
API
arc.h
BLDR_DATA_TABLE_ENTRY
FIRMWARE_INFORMATION_LOADER_BLOCK
I386_LOADER_BLOCK
LOADER_PARAMETER_BLOCK
LOADER_PARAMETER_EXTENSION
BootFlags
InternalBootFlags
MEMORY_ALLOCATION_DESCRIPTOR
NT_IMAGE_INFO
TYPE_OF_MEMORY
ntetw.h
ETW_KERNEL_HEADER_EXTENSION
ETW_NOTIFICATION_HEADER
ETW_NOTIFICATION_TYPE
EVENT_TRACE_GROUPMASK_INFORMATION
EVENT_TRACE_INFORMATION_CLASS
EVENT_TRACE_PERFORMANCE_INFORMATION
EVENT_TRACE_PROFILE_COUNTER_INFORMATION
EVENT_TRACE_SPINLOCK_INFORMATION
EVENT_TRACE_VERSION_INFORMATION
ntexapi.h
HV_DETAILS
PROCESSOR_PROFILE_CONTROL_AREA
SYSTEM_BASIC_INFORMATION
SYSTEM_BOOT_ENVIRONMENT_INFORMATION
SYSTEM_HYPERVISOR_DETAIL_INFORMATION
SYSTEM_HYPERVISOR_QUERY_INFORMATION
SYSTEM_INFORMATION_CLASS
SYSTEM_OBJECT_INFORMATION
SYSTEM_OBJECTTYPE_INFORMATION
SYSTEM_ROOT_SILO_INFORMATION
SYSTEM_TIMEOFDAY_INFORMATION
SYSTEM_VDM_INSTEMUL_INFO
ntexapi_x.h
KUSER_SHARED_DATA
MitigationPolicies
The Oldest Unchanged Kernel Code
ProcessorFeatures
SharedDataFlags
nti386_x.h
CONTEXT
FLOATING_SAVE_AREA
ntkeapi_x.h
KPROFILE_SOURCE
KSPIN_LOCK_QUEUE_NUMBER
ntldr.h
LDR_DATA_TABLE_ENTRY
Flags
LDR_DDAG_NODE
LDR_DDAG_STATE
LDR_DLL_LOAD_REASON
RTL_MODULE_BASIC_INFO
RTL_MODULE_EXTENDED_INFO
RTL_PROCESS_MODULES
RTL_PROCESS_MODULE_INFORMATION
RTL_PROCESS_MODULE_INFORMATION_EX
ntmmapi.h
MEMORY_PARTITION_CONFIGURATION_INFORMATION
MEMORY_PARTITION_INFORMATION_CLASS
MEMORY_PARTITION_INITIAL_ADD_INFORMATION
MEMORY_PARTITION_PAGEFILE_INFORMATION
MEMORY_PARTITION_PAGE_COMBINE_INFORMATION
MEMORY_PARTITION_TRANSFER_INFORMATION
SECTION_IMAGE_INFORMATION
ImageFlags
ntobapi.h
OBJECT_BASIC_INFORMATION
OBJECT_DIRECTORY_INFORMATION
OBJECT_HANDLE_FLAG_INFORMATION
OBJECT_TYPE_INFORMATION
OBJECT_TYPES_INFORMATION
ntobapi_x.h
OBJECT_INFORMATION_CLASS
ntpsapi.h
PARTITION_INFORMATION_CLASS
PROCESS_DISK_COUNTERS
PS_CREATE_INFO
InitFlags
OutputFlags
PS_SYSTEM_DLL_INIT_BLOCK
ntpsapi_x.h
PEB_LDR_DATA
SILOOBJECT_BASIC_INFORMATION
ntregapi.h
nturtl.h
RTL_PERTHREAD_CURDIR
ntwmi.h
ETW_BUFFER_STATE
PERFINFO_CCSWAP_BUFFER
PERFINFO_GROUPMASK
Trace Headers
EVENT_INSTANCE_GUID_HEADER
MESSAGE_TRACE_HEADER
PERFINFO_TRACE_HEADER
SYSTEM_TRACE_HEADER
WMI_BUFFER_HEADER
BufferFlag
BufferType
WMI_BUFFER_STATE
WMI_CLIENT_CONTEXT
WMI_CONTEXTSWAP
WMI_TRACE_PACKET
HookId
pebteb.h
CURDIR
PEB
Application Compatibility Flags
Bit Field
Cross-Process Flags
Tracing Flags
RTL_DRIVE_LETTER_CURDIR
RTL_USER_PROCESS_PARAMETERS
TEB
Same-TEB Flags
Shared
evntcons.h
EVENT_HEADER
evntrace.h
EVENT_INSTANCE_HEADER
EVENT_TRACE_HEADER
TRACE_LOGFILE_HEADER
hvgdk_mini.h
HV_CPUID_FUNCTION
HV_CPUID_RESULT
HV_ENLIGHTENMENT_INFORMATION
HV_HYPERVISOR_FEATURES
HV_HYPERVISOR_HARDWARE_FEATURES
HV_HYPERVISOR_INTERFACE
HV_HYPERVISOR_INTERFACE_INFO
HV_HYPERVISOR_IPT_FEATURES
HV_HYPERVISOR_NESTED_VIRT_FEATURES
HV_HYPERVISOR_SVM_FEATURES
HV_HYPERVISOR_VERSION_INFO
HV_IMPLEMENTATION_LIMITS
HV_PARTITION_PRIVILEGE_MASK
HV_UINT128
HV_VENDOR_AND_MAX_FUNCTION
HV_X64_ENLIGHTENMENT_INFORMATION
HV_X64_HYPERVISOR_CPU_MANAGEMENT_FEATURES
HV_X64_HYPERVISOR_FEATURES
HV_X64_HYPERVISOR_HARDWARE_FEATURES
HV_X64_PLATFORM_CAPABILITIES
ntdef.h
RTL_BALANCED_NODE
UNICODE_STRING
ntrtl.h
RTL_USER_PROCESS_INFORMATION
ntrtl_x.h
RTL_BARRIER
rtlrbtree.h
RTL_AVL_TREE
RTL_RB_TREE
Source Code
Type Information in Public Symbol Files
ntsym.c
Source Tree
Version 3.10
Version 4.0
Headers
A
action.h
affinity.h
alpc.h
alpcp.h
amd64.h
amd64_x.h
arbiter.h
arc.h
assign.h
async.h
atom.h
authzbase.h
B
busp.h
C
cache.h
cache_x.h
cc.h
cfg.h
clfslsn.h
cm_x.h
cmdata.h
cmp.h
cmptrans.h
counters.h
cper.h
D
dbgk.h
devpropdefp.h
disallowedguids.h
dockintf.h
E
etw_x.h
etwp.h
etwumkm.h
event.h
evntcons.h
evntpayload.h
evntprov.h
evntrace.h
ex.h
ex_x.h
excpt.h
F
fsrtl.h
fsrtl_x.h
G
guiddef.h
H
hal.h
heap.h
heapidx.h
heappriv.h
hivedata.h
hvgdk_mini
hwconfig.h
I
i386.h
i386_x.h
io.h
io_x.h
iomgr.h
K
ke.h
ke_x.h
kernel-pnp-events.h
ki.h
L
lpc.h
M
mi.h
mi386.h
mm.h
N
ntamd64.h
ntamd64_x.h
ntconfig.h
ntdbg.h
ntdef.h
ntetw.h
ntexapi.h
ntexapi_x.h
nti386.h
nti386_x.h
ntimage.h
ntioapi_x.h
ntkeapi_x.h
ntldr.h
ntlpcapi.h
ntlsa.h
ntmmapi.h
ntobapi_x.h
ntosdef.h
ntosdef_x.h
ntpnpapi.h
ntpoapi.h
ntpsapi.h
ntpsapi_x.h
ntrtl.h
ntrtl_x.h
ntseapi.h
ntseapi_x.h
nttpapi.h
nturtl.h
ntwmi.h
ntxcapi_x.h
O
ob.h
ob_x.h
obp.h
P
pci_x.h
pcw_x.h
pebteb.h
pep_x.h
pf.h
pnp_x.h
pnppo.h
po.h
po_x.h
poclass.h
pool.h
pop.h
popdc.h
power.h
procpowr.h
ps.h
Q
queue.htm
R
range.h
relations.h
remove.h
rtlrange.h
rtlrbtree.h
S
se_x.h
sep.h
stdio.h
switchcontext.h
T
TraceLoggingProvider.h
tm.h
tokenp.h
triage9f.h
V
verifier.h
vfbranch.h
vfdeadlock.h
vfutil.h
W
wdbgexts.h
whea_x.h
wheadef.h
wheai.h
wow64t.h
Event Providers
Kernel-Power
Kernel-Processor-Power
FVEVOL (BitLocker)
I/O Control
Structures
FVE_DATUM
FVE_DATUM_KEY
FVE_DATUM_UNICODE
Win32k
Structures
INTRSENDMSGEX
PROCESSINFO
Flags
PIF_flags or W32PF_Flags
QMSG
SMS
TDB
THREADINFO
dwCompatFlags
qwCompatFlags2
TIF_flags
ulThreadFlags2
USERSTARTUPINFO
W32THREADNONPAGED
WOWPROCESSINFO
WOWTHREADINFO
Bug Checks
0x3E: Multiprocessor Configuration Not Supported
0x5D: Unsupported Processor
0x6B: Process1 Initialization Failed
0x79: Mismatched HAL
0x80: NMI Hardware Failure
0x9A: System License Violation
0x0100: Loader Block Mismatch
0x011D: Event Tracing Fatal Error
0x0124: WHEA Unrecoverable Error
Debugging
Extensions
KDEX2X86
!strct
KDEXTS
!pfn
USEREXTS
!dso
USERKDX
!dso
Processor Support
CPU Identification Before CPUID
The CPUID Instruction
Leaf 0
EAX
Vendor String
Leaf 1
EAX
ECX
EDX
Leaf 2
Leaf 13
Model Specific Registers
IA32_MISC_ENABLE
CMPXCHG8B
SYSENTER and SYSEXIT
Second Level Cache
Other TOCs (and approximate page counts)
Geoff Chappell, Software Analyst
(155)
Notes
(115)
Studies
Windows
Win32
(229)
The Windows Shell
(424)
Internet Explorer
(396)
Visual C++
(779)