A
- abort records, Logging Implementation
- absolute paths, Symbolic (Soft) Links and Junctions
- abstraction (I/O system), I/O System Components
- access bit tracking (Superfetch), Tracing and Logging
- access fault trap handler, Memory Manager Components
- access violations, Fault Tolerant Heap, Page Fault Handling, Virtual Address Descriptors, Driver Verifier, Crash Dump Analysis
- crashes, Crash Dump Analysis
- heap-related, Fault Tolerant Heap
- page faults, Page Fault Handling
- special pool, Driver Verifier
- VADs and, Virtual Address Descriptors
- access-denied errors, Process Monitor Troubleshooting Techniques
- Accessed bit (PTEs), Page Tables and Page Table Entries, Physical Address Extension (PAE), Working Set Management
- ACLs (access control lists), Opening Devices, Protecting Memory, UDF, System File Corruption
- I/O process and, Opening Devices
- section objects, Protecting Memory
- UDF format, UDF
- Windows Resource Protection, System File Corruption
- ACPI (Advanced Configuration and Power Interface), Device Stack Driver Loading, The Power Manager, The Power Manager, The BIOS Boot Sector and Bootmgr
- Action Center, Windows Error Reporting, Online Crash Analysis
- Active Directory, BitLocker Management, x86 Address Space Layouts, Safe Mode
- active pages, Prototype PTEs, PFN Data Structures, Components
- Active PFN state, Page Frame Number Database, Page Frame Number Database
- Active Template Library (ATL), No Execute Page Protection
- active threads, The IoCompletion Object, Using Completion Ports
- active VACBs, Systemwide Cache Data Structures, Systemwide Cache Data Structures
- Add Recovery Agent Wizard, Encrypting a File for the First Time
- add-device routines, Structure of a Driver, Structure and Operation of a KMDF Driver, Driver Support for Plug and Play, Driver Support for Plug and Play, Driver Installation
- AddiSNSSever command, iSCSI Drivers
- address space, Internal Synchronization, Internal Synchronization, Kernel-Mode Heaps (System Memory Pools), Virtual Address Space Layouts, x86 Address Space Layouts, x86 System Address Space Layout, x86 Session Space, x86 Session Space–System Page Table Entries, x86 Session Space, x86 Session Space, System Page Table Entries–System Page Table Entries, System Page Table Entries, System Page Table Entries, x64 Virtual Addressing Limitations–Dynamic System Virtual Address Space Management, Windows x64 16-TB Limitation, Dynamic System Virtual Address Space Management, Dynamic System Virtual Address Space Management, System Virtual Address Space Quotas–User Address Space Layout, User Address Space Layout, User Address Space Layout–Controlling Security Mitigations, User Address Space Layout, User Address Space Layout, Controlling Security Mitigations, Commit Charge and the System Commit Limit–Commit Charge and the System Commit Limit, Commit Charge and the System Commit Limit, Commit Charge and the System Commit Limit, Commit Charge and the System Commit Limit, Process VADs, Cache Virtual Memory Management, Crash Dump Files
- commit charge, Commit Charge and the System Commit Limit–Commit Charge and the System Commit Limit, Commit Charge and the System Commit Limit, Commit Charge and the System Commit Limit, Commit Charge and the System Commit Limit
- locks, Internal Synchronization
- memory management, Internal Synchronization
- paged and nonpaged pools, Kernel-Mode Heaps (System Memory Pools)
- status, Process VADs
- switching for processes, Crash Dump Files
- system PTEs, System Page Table Entries–System Page Table Entries, System Page Table Entries
- user layouts, User Address Space Layout–Controlling Security Mitigations, User Address Space Layout, Controlling Security Mitigations
- views, Cache Virtual Memory Management
- virtual address space quotas, System Virtual Address Space Quotas–User Address Space Layout, User Address Space Layout, User Address Space Layout
- x64 virtual address limitations, x64 Virtual Addressing Limitations–Dynamic System Virtual Address Space Management, Windows x64 16-TB Limitation, Dynamic System Virtual Address Space Management, Dynamic System Virtual Address Space Management
- x86 layouts, Virtual Address Space Layouts, x86 Address Space Layouts, x86 System Address Space Layout, x86 Session Space
- x86 session space, x86 Session Space–System Page Table Entries, x86 Session Space, x86 Session Space, System Page Table Entries
- address translation, Large and Small Pages, x86 Virtual Address Translation–Translation Look-Aside Buffer, x86 Virtual Address Translation, x86 Virtual Address Translation, Page Directories, Page Directories, Page Tables and Page Table Entries, Page Tables and Page Table Entries, Byte Within Page, Translation Look-Aside Buffer–Physical Address Extension (PAE), Translation Look-Aside Buffer, Physical Address Extension (PAE)–Physical Address Extension (PAE), Physical Address Extension (PAE), Physical Address Extension (PAE), Physical Address Extension (PAE), Physical Address Extension (PAE), Physical Address Extension (PAE), x64 Virtual Address Translation–Page Fault Handling, x64 Virtual Address Translation, IA64 Virtual Address Translation–Page Fault Handling, Page Fault Handling, Page Fault Handling, Page Fault Handling
- AS64 translation, x64 Virtual Address Translation–Page Fault Handling, Page Fault Handling
- IA64 systems, IA64 Virtual Address Translation–Page Fault Handling, Page Fault Handling, Page Fault Handling
- PAE, Physical Address Extension (PAE)–Physical Address Extension (PAE), Physical Address Extension (PAE), Physical Address Extension (PAE), Physical Address Extension (PAE), Physical Address Extension (PAE)
- page sizes and, Large and Small Pages
- translation look-aside buffer, Translation Look-Aside Buffer–Physical Address Extension (PAE), Physical Address Extension (PAE)
- x64 translation, x64 Virtual Address Translation
- x86 translation, x86 Virtual Address Translation–Translation Look-Aside Buffer, x86 Virtual Address Translation, x86 Virtual Address Translation, Page Directories, Page Directories, Page Tables and Page Table Entries, Page Tables and Page Table Entries, Byte Within Page, Translation Look-Aside Buffer
- Address Windowing Extensions (AWE), Address Windowing Extensions, Address Windowing Extensions, Address Windowing Extensions, Commit Charge and the System Commit Limit, PFN Data Structures
- AddTarget command, iSCSI Drivers
- AddTargetPortal command, iSCSI Drivers
- AddUsersToEncryptedFile API, Encrypting File System Security
- Adelson-Velskii and Landis (AVL), Process VADs
- administrator privileges, Driver Installation
- Advanced Configuration and Power Interface (ACPI), Device Enumeration, The Power Manager, The BIOS Boot Sector and Bootmgr
- advanced format (disks), Disk Sector Format, Disk Sector Format, Unified Caching
- advanced local procedure calls (ALPC), User-Mode Driver Framework (UMDF), Initializing the Kernel and Executive Subsystems
- advancedoptions element, The BIOS Boot Sector and Bootmgr
- AES (Advanced Encryption Standard), Encryption Keys, Encryption Keys, BitLocker Key Recovery, BitLocker To Go–BitLocker To Go, BitLocker To Go, ReadyDrive, Encrypting File System Security
- AES-CCM keys, BitLocker Key Recovery
- AES128-CBC encryption, Encryption Keys
- AES256-CBC encryption, Encryption Keys
- BitLocker To Go, BitLocker To Go–BitLocker To Go, BitLocker To Go
- EFS usage, Encrypting File System Security
- ReadyBoost, ReadyDrive
- affinitized cores, Performance Check
- affinity counts, Algorithm Overrides
- affinity history policies, Thresholds and Policy Settings
- affinity manager, The Low Fragmentation Heap
- aged pages, Working Set Management, Tracing and Logging
- agents (Superfetch), Components
- AGP ports, Rotate VADs
- Algorithm for Recovery and Isolation Exploiting Semantics (ARIES), Marshalling
- AllocateUserPhysicalPages function, Address Windowing Extensions
- AllocateUserPhysicalPagesNuma function, Address Windowing Extensions
- allocation, Monitoring Pool Usage, System Page Table Entries, Master File Table, Buffer Overruns, Memory Corruption, and Special Pool
- master file table entries, Master File Table
- pool, Monitoring Pool Usage, Buffer Overruns, Memory Corruption, and Special Pool
- PTE failures, System Page Table Entries
- allocation granularity, Allocation Granularity–Shared Memory and Mapped Files, Shared Memory and Mapped Files, Shared Memory and Mapped Files, No Execute Page Protection, Heap Manager, Image Randomization–Image Randomization, Image Randomization, Image Randomization
- defined, Allocation Granularity–Shared Memory and Mapped Files, Shared Memory and Mapped Files, Shared Memory and Mapped Files
- in load offset number, Image Randomization–Image Randomization, Image Randomization, Image Randomization
- no execute page protection, No Execute Page Protection
- smaller blocks (heaps), Heap Manager
- ALPC (advanced local procedure calls), User-Mode Driver Framework (UMDF), Initializing the Kernel and Executive Subsystems, Smss, Csrss, and Wininit
- alternate data streams, UDF, Multiple Data Streams, Resource Managers, Copying Encrypted Files
- ALUA (asymmetrical logical unit arrays), Multipath I/O (MPIO) Drivers
- AlwaysOff or AlwaysOn mode, No Execute Page Protection
- analysis pass (recovery), Analysis Pass–Undo Pass, Analysis Pass, Undo Pass
- APCs (asynchronous procedure calls), Completing an I/O Request
- APIC (Advanced Programmable Interrupt Controller), The BIOS Boot Sector and Bootmgr, The BIOS Boot Sector and Bootmgr, The BIOS Boot Sector and Bootmgr
- APIs, Isolation–Resource Managers, Transactional APIs, Resource Managers, The UEFI Boot Process, Smss, Csrss, and Wininit
- EFI, The UEFI Boot Process
- transactions, Isolation–Resource Managers, Transactional APIs, Resource Managers
- Windows native, Smss, Csrss, and Wininit
- Apple Macintosh machines, The UEFI Boot Process
- application launch agent, Page Priority and Rebalancing
- application threads, The I/O Manager–Device Drivers, Device Drivers
- Application Verifier, Driver Verifier
- applications, The I/O Manager–Device Drivers, Typical I/O Processing, Device Drivers, User-Mode Driver Framework (UMDF), Driver and Application Control of Device Power, Shadow Copy Provider, Introduction to the Memory Manager, Services Provided by the Memory Manager, Large and Small Pages, Locking Memory, Types of Heaps, Components, Cache Coherency, Process Monitor Troubleshooting Techniques, Driver Loading in Safe Mode
- cache coherency, Cache Coherency
- calling functions, The I/O Manager–Device Drivers, Typical I/O Processing, Device Drivers
- default heap, Types of Heaps
- failed, traces, Process Monitor Troubleshooting Techniques
- large page sizes, Large and Small Pages
- large-address-space aware, Introduction to the Memory Manager
- locking pages in memory, Locking Memory
- memory management, Services Provided by the Memory Manager
- power management control, Driver and Application Control of Device Power
- safe mode boots, Driver Loading in Safe Mode
- shadow copies, Shadow Copy Provider
- Superfetch agents, Components
- UMDF interaction, User-Mode Driver Framework (UMDF)
- archival utilities, Multiple Data Streams
- archived files, File Records
- areal density (disk), Disk Sector Format–NAND-Type Flash Memory, NAND-Type Flash Memory
- ARIES (Algorithm for Recovery and Isolation Exploiting Semantics), Marshalling
- AS64 address translation, x64 Virtual Address Translation–Page Fault Handling, Page Fault Handling, Page Fault Handling
- ASLR (Address Space Layout Randomization), Internal Synchronization, User Address Space Layout–Image Randomization, Image Randomization, Image Randomization, Heap Randomization, ASLR in Kernel Address Space, Controlling Security Mitigations, Controlling Security Mitigations
- heap randomization, Heap Randomization
- kernel address space, ASLR in Kernel Address Space
- load offset numbers, User Address Space Layout–Image Randomization, Image Randomization, Image Randomization
- memory manager, Internal Synchronization
- security mitigations, Controlling Security Mitigations
- viewing processes, Controlling Security Mitigations
- ASR (Automated System Recovery), Windows Recovery Environment (WinRE)
- assembly language, Structure of a Driver
- ASSERT macros, 0x8E - KERNEL_MODE_EXCEPTION_NOT_HANDLED
- Assign API, KMDF Data Model
- associated IRPs, I/O Requests to Layered Drivers, I/O Requests to Layered Drivers, Volume I/O Operations
- asymmetric key pair certificate hashes, Encrypting a File for the First Time
- asymmetrical logical unit arrays (ALUA), Multipath I/O (MPIO) Drivers
- asynchronous callbacks, Container Notifications
- asynchronous I/O, I/O System Components, Opening Devices, Synchronous and Asynchronous I/O, Scatter/Gather I/O, Completing an I/O Request, Completing an I/O Request, I/O Requests to Layered Drivers–I/O Requests to Layered Drivers, I/O Requests to Layered Drivers, User-Initiated I/O Cancellation, I/O Cancellation for Thread Termination, I/O Completion Port Operation, Write Throttling–Write Throttling, Write Throttling
- APC calls, Completing an I/O Request
- cancellation, User-Initiated I/O Cancellation, I/O Cancellation for Thread Termination
- completion, Completing an I/O Request
- completion context, I/O Completion Port Operation
- file object attributes, Opening Devices
- layered drivers, I/O Requests to Layered Drivers–I/O Requests to Layered Drivers, I/O Requests to Layered Drivers
- packet-based I/O, I/O System Components
- scatter/gather I/O, Scatter/Gather I/O
- testing status, Synchronous and Asynchronous I/O
- write throttling, Write Throttling–Write Throttling, Write Throttling
- asynchronous procedures calls (APCs), Completing an I/O Request, Completing an I/O Request, In-Paging I/O
- asynchronous read or write, Fast I/O, Intelligent Read-Ahead
- ATA (AT attachment), Prioritization Strategies
- ATA-8, ReadyDrive
- ATAPI-based IDE devices, Disk Class, Port, and Miniport Drivers
- Atapi.sys driver, Disk Class, Port, and Miniport Drivers
- Ataport.sys driver, Disk Class, Port, and Miniport Drivers
- ATL (Active Template Library), No Execute Page Protection
- ATL thunk emulation, No Execute Page Protection–Software Data Execution Prevention, No Execute Page Protection, Software Data Execution Prevention
- atomic transactions, Recoverability–Data Redundancy and Fault Tolerance, Recoverability, Data Redundancy and Fault Tolerance
- attaching memory to processes, Reserving and Committing Pages
- Attachment Execution Service, Multiple Data Streams
- attachments, web or mail, Multiple Data Streams
- ATTEMPTED_EXECUTE_OF_NOEXECUTE_MEMORY code, No Execute Page Protection
- attribute definition table (AttrDef), Master File Table
- attribute streams, File Records
- attributes, File Records–File Names, File Records, File Names, Resident and Nonresident Attributes–Data Compression and Sparse Files, Resident and Nonresident Attributes, Resident and Nonresident Attributes, Data Compression and Sparse Files
- files, list, File Records–File Names, File Records, File Names
- resident and nonresident, Resident and Nonresident Attributes–Data Compression and Sparse Files, Resident and Nonresident Attributes, Resident and Nonresident Attributes, Data Compression and Sparse Files
- audio adapters, Windows Client Memory Limits
- auditing, Initializing the Kernel and Executive Subsystems
- authentication schemes (BitLocker), Encryption Keys, BitLocker Management
- authorization (NTFS security), Security
- auto-recovery BCD element behavior, The BIOS Boot Sector and Bootmgr
- auto-start (2) value, The Start Value, Device Enumeration
- auto-start device drivers, BIOS Preboot, Smss, Csrss, and Wininit
- Autochk.exe, Volume Mounting
- automated crash analysis, Online Crash Analysis
- Automated System Recovery (ASR), Windows Recovery Environment (WinRE)
- automatic rebooting, The BIOS Boot Sector and Bootmgr
- Autoruns tool, Images That Start Automatically, Images That Start Automatically
- auxiliary displays, User-Mode Driver Framework (UMDF)
- available memory, Examining Memory Usage, Examining Memory Usage
- available pages, Modified Page Writer, PFN Data Structures
- average frequency (processors), Utility Function
- AVL trees, Process VADs
- avoidlowmemory element, The BIOS Boot Sector and Bootmgr
- AWE (Address Windowing Extensions), Address Windowing Extensions, Address Windowing Extensions, Commit Charge and the System Commit Limit, PFN Data Structures