Wednesday 2 October 2013

Windows API Function Prefixes

Here's the list of prefixes for the Windows API function calls you may notice within a call stack. Please also be aware that i means Internal and p means private.

Alpc = Advanced Local Inter-Process Communication

Cc = Common Cache

Cm = Configuration Manager

Dbgk = Debugging Framework for User-Mode

Em = Errata Manager

Etw = Event Tracing for Windows

Ex = Executive support routines

FsRtl = File System driver Run-Time Library 

Hal = Hardware Abstraction Layer

Hvl = Hyper visor Library

Io = I/O Manager

Kd = Kernel Debugger

Ke = Kernel

Lsa = Local Security Authority

Mm = Memory Manager

Nt = NT System Services

Ob = Object Manager

Pf = Prefetcher

Po = Power Manager

Pp = PnP Manager

Ps = Process Support

Rtl = Run-time Library

Se = Security

Tm = Transaction Manager

Vf = Verifier (Driver Verifier)

Whea = Windows Hardware Error Architecture

Wmi = Windows Management Instrumentation

Wdi = Windows Diagnostic Infrastructure

Zw = Similar to NT, but sets access mode to Kernel, which in turn eliminates any parameter validation.

No comments:

Post a Comment