E
- ECC (error correcting code), Disk Sector Format, NAND-Type Flash Memory, PFN Data Structures
- echo command, Multiple Data Streams
- ECP (extended create parameters), Opening Devices
- EFI (Extensible Firmware Interface), Winload, Basic Disks–GUID Partition Table Partitioning, GUID Partition Table Partitioning, GUID Partition Table Partitioning, Startup and Shutdown, Boot Process, The UEFI Boot Process, The UEFI Boot Process
- APIs, The UEFI Boot Process
- BCD in, Winload
- boot process, Startup and Shutdown
- file extensions, The UEFI Boot Process
- partitioning and, Basic Disks–GUID Partition Table Partitioning, GUID Partition Table Partitioning, GUID Partition Table Partitioning
- Unified EFI (EFI 2.0), Boot Process
- EFI Boot Manager, The UEFI Boot Process
- EFI system partition, The UEFI Boot Process
- EFS (Encrypting File System), BitLocker Drive Encryption, Encryption, Encryption, File Records, Encrypting File System Security, Encrypting File System Security, Encrypting File System Security, Encrypting File System Security, Encrypting a File for the First Time, Encrypting File Data, Backing Up Encrypted Files
- EFSDump utility, Backing Up Encrypted Files
- EISA devices, The BIOS Boot Sector and Bootmgr
- eject events, Structure and Operation of a KMDF Driver
- EKU (enhanced key usage), Encrypting File Data
- El Torito CDFS, The BIOS Boot Sector and Bootmgr
- Elephant diffuser, Encryption Keys, Full-Volume Encryption Driver
- embedded links (OLE), Link Tracking
- embedded spaces (file names), File Names
- emd (External Memory Device), ReadyBoost
- emergency hibernation files, The Power Manager
- Emergency Management Services (EMS), The BIOS Boot Sector and Bootmgr, Initializing the Kernel and Executive Subsystems
- EMET (Enhanced Mitigation Experience Toolkit), Controlling Security Mitigations
- empty pages, Shared Memory and Mapped Files
- EMS (Emergency Management Services), The BIOS Boot Sector and Bootmgr
- ems element, The BIOS Boot Sector and Bootmgr
- emsbaudrate element, The BIOS Boot Sector and Bootmgr
- emsport element, The BIOS Boot Sector and Bootmgr
- emulation (advanced format disks), Disk Sector Format
- EncodeSystemPointer API, Software Data Execution Prevention
- Encrypted Data Recovery Agents policy, Encrypting a File for the First Time
- EncryptFile function, Encryption
- Encrypting File System (EFS), BitLocker Drive Encryption, Encryption, POSIX Support, File Names, Encrypting File System Security, Encrypting File System Security, Encrypting File System Security, Encrypting a File for the First Time, Encrypting a File for the First Time, Encrypting File Data, Backing Up Encrypted Files
- encryption, BitLocker Drive Encryption–BitLocker To Go, BitLocker Drive Encryption, BitLocker Drive Encryption, BitLocker Drive Encryption, Encryption Keys–Trusted Platform Module (TPM), Encryption Keys, Encryption Keys, Trusted Platform Module (TPM), Trusted Platform Module (TPM), Trusted Platform Module (TPM), Trusted Platform Module (TPM), BitLocker Boot Process, BitLocker Key Recovery, Full-Volume Encryption Driver, BitLocker Management, BitLocker To Go–BitLocker To Go, BitLocker To Go, BitLocker To Go, BitLocker To Go, BitLocker To Go, ReadyBoost–Unified Caching, ReadyDrive, Unified Caching, Process Monitor, Link Tracking–Defragmentation, Encryption, Defragmentation, File Records, File Records, The Change Journal File, Encrypting File System Security–Boot Process, Encrypting File System Security, Encrypting File System Security, Encrypting File System Security, Encrypting a File for the First Time, Encrypting File Data, The Decryption Process, Backing Up Encrypted Files, Backing Up Encrypted Files, Boot Process
- backing up files, Backing Up Encrypted Files
- BitLocker Drive Encryption, BitLocker Drive Encryption–BitLocker To Go, BitLocker Drive Encryption, BitLocker Drive Encryption, Encryption Keys, Encryption Keys, Trusted Platform Module (TPM), Trusted Platform Module (TPM), BitLocker Boot Process, BitLocker Key Recovery, Full-Volume Encryption Driver, BitLocker Management, BitLocker To Go, BitLocker To Go, BitLocker To Go
- BitLocker To Go, BitLocker To Go–BitLocker To Go, BitLocker To Go
- change journal and, The Change Journal File
- decryption, The Decryption Process
- EFS, BitLocker Drive Encryption, Encryption, File Records, Encrypting File System Security–Boot Process, Encrypting File System Security, Encrypting File System Security, Encrypting File System Security, Encrypting a File for the First Time, Encrypting File Data, Backing Up Encrypted Files, Boot Process
- file attributes, File Records
- file system filter drivers and, Process Monitor
- keys, Encryption Keys–Trusted Platform Module (TPM), Trusted Platform Module (TPM), Trusted Platform Module (TPM)
- NTFS design goals, Link Tracking–Defragmentation, Defragmentation
- ReadyBoost, ReadyBoost–Unified Caching, ReadyDrive, Unified Caching
- encryption keys, Encryption Keys–Trusted Platform Module (TPM), Encryption Keys, Trusted Platform Module (TPM), Trusted Platform Module (TPM)
- enhanced key usage (EKU), Encrypting File Data
- Enhanced Mitigation Experience Toolkit (EMET), Controlling Security Mitigations
- enlistment objects, Initializing the Kernel and Executive Subsystems
- enumeration, Driver Objects and Device Objects, The Plug and Play (PnP) Manager, Level of Plug and Play Support–Driver Support for Plug and Play, Driver Support for Plug and Play, Driver Loading, Initialization, and Installation, The Start Value, Device Enumeration, Device Enumeration–Device Enumeration, Device Enumeration, Device Enumeration, Device Enumeration, Device Enumeration, Device Enumeration, Device Enumeration, Device Stacks, Device Stack Driver Loading, Device Stack Driver Loading, Driver Installation, The Power Manager, Basic Disk Volume Manager, VSS Operation, Heap Manager, Heap Synchronization, Indexing, Reparse Points
- device interfaces, Driver Objects and Device Objects
- device keys, Device Stack Driver Loading, Driver Installation
- enumeration-based loading, Driver Loading, Initialization, and Installation
- heap entries and regions, Heap Manager, Heap Synchronization
- indexing interactions, Indexing
- nonenumerable devices, Device Enumeration
- PnP loading and initialization process, Device Enumeration–Device Enumeration, Device Enumeration, Device Enumeration
- PnP manager, The Plug and Play (PnP) Manager, Level of Plug and Play Support–Driver Support for Plug and Play, Driver Support for Plug and Play, The Start Value, Device Enumeration, Device Enumeration, Device Enumeration, Device Stacks
- power management capabilities, The Power Manager
- registry keys, Device Enumeration, Device Stack Driver Loading
- reparse points, Reparse Points
- shadow copy writers, VSS Operation
- volume manager, Basic Disk Volume Manager
- enumeration keys, device, Device Stack Driver Loading, Driver Installation
- enumeration-based loading, Driver Loading, Initialization, and Installation
- .enumtag command, Crash Dump Files
- environment subsystems, The I/O Manager
- environment variables, Smss, Csrss, and Wininit, Smss, Csrss, and Wininit
- EPROCESS structure, Crash Dump Files
- ERESOURCE structure, I/O Priority Inversion Avoidance (I/O Priority Inheritance), Driver Verifier, Driver Verifier
- errata manager, Initializing the Kernel and Executive Subsystems
- error correcting code (ECC), Disk Sector Format, PFN Data Structures
- error messages (boot problems), MBR Corruption–Post–Splash Screen Crash or Hang, Boot Sector Corruption, System File Corruption, Post–Splash Screen Crash or Hang
- error-logging routines, Structure of a Driver
- Esentutl.exe (Active Directory Database Utility tool), x86 Address Space Layouts
- Ethernet, Booting from iSCSI
- ETHREAD structure, I/O Priority Inversion Avoidance (I/O Priority Inheritance), Crash Dump Files
- ETW (Event Tracing for Windows), Multipath I/O (MPIO) Drivers, Initializing the Kernel and Executive Subsystems
- event dispatcher objects, Page List Dynamics
- Event Tracing for Windows (ETW), Multipath I/O (MPIO) Drivers, Initializing the Kernel and Executive Subsystems
- Event Viewer, Fault Tolerant Heap
- events, Structure and Operation of a KMDF Driver, Structure and Operation of a KMDF Driver, In-Paging I/O–Collided Page Faults, Collided Page Faults, Memory Notification Events–Memory Notification Events, Memory Notification Events, Common Log File System, Common Log File System, Initializing the Kernel and Executive Subsystems
- CLFS, Common Log File System
- in-paging I/O, In-Paging I/O–Collided Page Faults, Collided Page Faults
- KDMF drivers, Structure and Operation of a KMDF Driver
- KDMF runtime states, Structure and Operation of a KMDF Driver
- logging, Common Log File System
- memory notification events, Memory Notification Events–Memory Notification Events, Memory Notification Events
- object types, Initializing the Kernel and Executive Subsystems
- evstore element, The BIOS Boot Sector and Bootmgr
- EvtDeviceFileCreate event, KMDF I/O Model
- EvtDriverDeviceAdd callback, Structure and Operation of a KMDF Driver
- EvtDriverDeviceAdd event, Structure and Operation of a KMDF Driver
- EvtFileCleanup callback, KMDF I/O Model
- EvtFileClose callback, KMDF I/O Model
- EvtIo routines, Structure and Operation of a KMDF Driver
- EvtIoDefault callback, KMDF I/O Model
- Ex functions, Services Provided by the Memory Manager
- ExAdjustLookasideDepth function, Look-Aside Lists
- ExAllocatePool functions, Driver Verifier
- ExAllocatePoolWithTag function, Driver Verifier
- exception codes, Software Data Execution Prevention, Causes of Windows Crashes, Causes of Windows Crashes
- exception handlers, Software Data Execution Prevention
- exceptions, Memory Manager Components, Why Does Windows Crash?, When There Is No Crash Dump
- EXCEPTION_DOUBLE_FAULT exception, 0x7F - UNEXPECTED_KERNEL_MODE_TRAP
- exclusive access locks, Locking–Locking, Locking, Locking
- exclusive leases, Locking
- ExDeleteResource function, Driver Verifier
- Executable Dispatch Mitigation, Software Data Execution Prevention
- executables, Shared Memory and Mapped Files, Protecting Memory–Protecting Memory, Protecting Memory, Protecting Memory, No Execute Page Protection, User Address Space Layout, User Address Space Layout
- address space, User Address Space Layout, User Address Space Layout
- execute-only, Shared Memory and Mapped Files
- execution protection, No Execute Page Protection
- PAGE attributes and, Protecting Memory–Protecting Memory, Protecting Memory, Protecting Memory
- execution protection, No Execute Page Protection
- executive components, Look-Aside Lists, Section Objects, Initializing the Kernel and Executive Subsystems, Initializing the Kernel and Executive Subsystems, Shutdown
- executive objects, Initializing the Kernel and Executive Subsystems
- executive resource locks, Hung or Unresponsive Systems
- executive subsystems, Memory Manager Components, BIOS Preboot, Initializing the Kernel and Executive Subsystems, Initializing the Kernel and Executive Subsystems, Initializing the Kernel and Executive Subsystems, Initializing the Kernel and Executive Subsystems, Initializing the Kernel and Executive Subsystems, Initializing the Kernel and Executive Subsystems, Shutdown
- executive worker threads, System Threads
- exFAT file system, exFAT–NTFS, exFAT, NTFS
- Exfat.sys, Local FSDs
- ExFreePool function, Driver Verifier
- ExInitializeNPagedLookasideList function, Look-Aside Lists
- ExInitializePagedLookasideList function, Look-Aside Lists
- ExitWindowsEx function, Shutdown
- expanding, Balance Set Manager and Swapper–System Working Sets, System Working Sets, System Working Sets
- working sets, Balance Set Manager and Swapper–System Working Sets, System Working Sets, System Working Sets
- experiments, Layered Drivers–Layered Drivers, Layered Drivers, Layered Drivers, Driver Objects and Device Objects, Driver Objects and Device Objects, Driver Objects and Device Objects, Opening Devices–Opening Devices, Opening Devices, Opening Devices, Opening Devices, Fast I/O, IRP Stack Locations, IRP Stack Locations, I/O Requests to Layered Drivers–I/O Requests to Layered Drivers, I/O Requests to Layered Drivers, I/O Requests to Layered Drivers, I/O Priority Boosts and Bumps–Bandwidth Reservation (Scheduled File I/O), I/O Priority Boosts and Bumps, Bandwidth Reservation (Scheduled File I/O), Bandwidth Reservation (Scheduled File I/O), Structure and Operation of a KMDF Driver–KMDF Data Model, KMDF Data Model, KMDF Data Model, Device Stack Driver Loading, Driver Installation, Driver Installation, Driver Power Operation–Driver Power Operation, Driver Power Operation, Driver Power Operation, Power Availability Requests, Utility Function–Utility Function, Utility Function, Utility Function, Thresholds and Policy Settings–Thresholds and Policy Settings, Thresholds and Policy Settings, Thresholds and Policy Settings, Performance Check–Performance Check, Performance Check, Multipath I/O (MPIO) Drivers, The LDM Database, The LDM Database, LDM and GPT or MBR-Style Partitioning, Mirrored Volumes–Mirrored Volumes, Mirrored Volumes, Mirrored Volumes, Volume Mounting–Volume Mounting, Volume Mounting, Shadow Copy Provider, Backup, Previous Versions and System Restore, Previous Versions and System Restore–Conclusion, Conclusion, Examining Memory Usage–Examining Memory Usage, Examining Memory Usage, Examining Memory Usage, Examining Memory Usage, Reserving and Committing Pages–Reserving and Committing Pages, Reserving and Committing Pages, Reserving and Committing Pages, Shared Memory and Mapped Files, No Execute Page Protection, Monitoring Pool Usage–Look-Aside Lists, Monitoring Pool Usage, Look-Aside Lists, Look-Aside Lists, x86 Address Space Layouts, x86 Session Space–System Page Table Entries, x86 Session Space, x86 Session Space, System Page Table Entries–System Page Table Entries, System Page Table Entries, System Page Table Entries, Dynamic System Virtual Address Space Management, Dynamic System Virtual Address Space Management, User Address Space Layout–User Address Space Layout, User Address Space Layout, Controlling Security Mitigations, Page Directories, Physical Address Extension (PAE)–Physical Address Extension (PAE), Physical Address Extension (PAE), Physical Address Extension (PAE), Physical Address Extension (PAE), Page Files, User Stacks, Kernel Stacks, Process VADs, Page Frame Number Database, Page List Dynamics–Page List Dynamics, Page List Dynamics, Page List Dynamics, Page Priority, Page Priority, Page Priority, PFN Data Structures, Logical Prefetcher, Logical Prefetcher, Working Set Management, Working Set Management–Working Set Management, Working Set Management–Balance Set Manager and Swapper, Working Set Management, Working Set Management, Working Set Management, Balance Set Manager and Swapper, Process Reflection–Process Reflection, Process Reflection, Systemwide Cache Data Structures, Per-File Cache Data Structures–File System Interfaces, Per-File Cache Data Structures, File System Interfaces, Write-Back Caching and Lazy Writing–Write-Back Caching and Lazy Writing, Write-Back Caching and Lazy Writing, Write-Back Caching and Lazy Writing, Write-Back Caching and Lazy Writing, Write-Back Caching and Lazy Writing, Write-Back Caching and Lazy Writing, Forcing the Cache to Write Through to Disk–Write Throttling, Write Throttling, Write Throttling, Write Throttling, Locking–Locking, Locking, Process Monitor, Process Monitor Basic vs. Advanced Modes, Multiple Data Streams, Symbolic (Soft) Links and Junctions, Symbolic (Soft) Links and Junctions, Master File Table, File Names, The Change Journal File–The Change Journal File, The Change Journal File, Isolation–Transactional APIs, Isolation, Transactional APIs, Resource Managers–On-Disk Implementation, Resource Managers, On-Disk Implementation, Backing Up Encrypted Files, Shutdown, Crash Dump Files–Crash Dump Generation, Crash Dump Files, Crash Dump Generation, Buffer Overruns, Memory Corruption, and Special Pool, When There Is No Crash Dump–When There Is No Crash Dump, When There Is No Crash Dump, When There Is No Crash Dump, When There Is No Crash Dump
- ASLR protection, Controlling Security Mitigations
- cache flushing, Forcing the Cache to Write Through to Disk–Write Throttling, Write Throttling, Write Throttling
- cache manager operations, Write-Back Caching and Lazy Writing–Write-Back Caching and Lazy Writing, Write-Back Caching and Lazy Writing, Write-Back Caching and Lazy Writing, Write-Back Caching and Lazy Writing, Write-Back Caching and Lazy Writing, Write-Back Caching and Lazy Writing
- catalog files, Driver Installation
- change journal, The Change Journal File–The Change Journal File, The Change Journal File
- core parking policies, Thresholds and Policy Settings–Thresholds and Policy Settings, Thresholds and Policy Settings, Thresholds and Policy Settings
- DEP protection, No Execute Page Protection
- device handles, Opening Devices–Opening Devices, Opening Devices, Opening Devices
- device name mappings, Opening Devices
- device objects, Driver Objects and Device Objects, Driver Objects and Device Objects
- devnode information, Device Stack Driver Loading
- driver dispatch routines, IRP Stack Locations
- driver objects, Driver Objects and Device Objects
- dump file analysis, Crash Dump Files–Crash Dump Generation, Crash Dump Files, Crash Dump Generation
- EFS encryption, Backing Up Encrypted Files
- fast I/O routines, Fast I/O
- free and zero page lists, Page List Dynamics–Page List Dynamics, Page List Dynamics, Page List Dynamics
- hard links, Symbolic (Soft) Links and Junctions
- history, processor utility and frequency, Utility Function
- hung program timeouts, Shutdown
- I/O priorities, I/O Priority Boosts and Bumps–Bandwidth Reservation (Scheduled File I/O), I/O Priority Boosts and Bumps, Bandwidth Reservation (Scheduled File I/O), Bandwidth Reservation (Scheduled File I/O)
- idle system activity, Process Monitor Basic vs. Advanced Modes
- INF files, Driver Installation
- IRPs, I/O Requests to Layered Drivers–I/O Requests to Layered Drivers, I/O Requests to Layered Drivers, I/O Requests to Layered Drivers
- kernel debugging, When There Is No Crash Dump–When There Is No Crash Dump, When There Is No Crash Dump, When There Is No Crash Dump, When There Is No Crash Dump
- kernel stack usage, Kernel Stacks
- KMDF drivers, Structure and Operation of a KMDF Driver–KMDF Data Model, KMDF Data Model, KMDF Data Model
- large address aware applications, x86 Address Space Layouts
- LDM database, The LDM Database, The LDM Database, LDM and GPT or MBR-Style Partitioning
- loaded driver lists, Layered Drivers–Layered Drivers, Layered Drivers, Layered Drivers
- mapping volume shadow device objects, Previous Versions and System Restore–Conclusion, Conclusion
- maximum number of threads, User Stacks
- memory mapped files, Shared Memory and Mapped Files
- mirrored volume I/O, Mirrored Volumes–Mirrored Volumes, Mirrored Volumes, Mirrored Volumes
- NTFS volume information, Master File Table
- PAE and addresses, Physical Address Extension (PAE)–Physical Address Extension (PAE), Physical Address Extension (PAE), Physical Address Extension (PAE), Physical Address Extension (PAE)
- page directories and PDEs, Page Directories
- page files, Page Files
- PFN database, Page Frame Number Database
- PFN entries, PFN Data Structures
- physical disk I/O, Multipath I/O (MPIO) Drivers
- pool leaks, Monitoring Pool Usage–Look-Aside Lists, Monitoring Pool Usage, Look-Aside Lists
- power availability requests, Power Availability Requests
- PPM check information, Performance Check–Performance Check, Performance Check
- prefetch files, Logical Prefetcher, Logical Prefetcher
- prioritized standby lists, Page Priority, Page Priority, Page Priority
- Process Monitor’s filter driver, Process Monitor
- process reflection, Process Reflection–Process Reflection, Process Reflection
- process working sets, Working Set Management
- processor utility and frequency, Utility Function–Utility Function, Utility Function
- reserved and committed pages, Reserving and Committing Pages–Reserving and Committing Pages, Reserving and Committing Pages, Reserving and Committing Pages
- resource manager information, Resource Managers–On-Disk Implementation, Resource Managers, On-Disk Implementation
- restore points and previous versions, Previous Versions and System Restore
- session space utilization, x86 Session Space
- sessions, x86 Session Space–System Page Table Entries, x86 Session Space, System Page Table Entries
- shadow copy device objects, Shadow Copy Provider
- shadow volume device objects, Backup
- shared and private cache maps, Per-File Cache Data Structures–File System Interfaces, Per-File Cache Data Structures, File System Interfaces
- special pool, Buffer Overruns, Memory Corruption, and Special Pool
- streams, Multiple Data Streams
- symbolic links, Symbolic (Soft) Links and Junctions
- system look-aside lists, Look-Aside Lists
- system memory information, Examining Memory Usage–Examining Memory Usage, Examining Memory Usage, Examining Memory Usage, Examining Memory Usage
- system power and policies, Driver Power Operation–Driver Power Operation, Driver Power Operation, Driver Power Operation
- system PTEs, System Page Table Entries–System Page Table Entries, System Page Table Entries
- system virtual address usage, Dynamic System Virtual Address Space Management
- thread IRPs, IRP Stack Locations
- transactions, Isolation–Transactional APIs, Isolation, Transactional APIs
- tunneling, File Names
- user virtual address space, User Address Space Layout–User Address Space Layout, User Address Space Layout
- VACBs, Systemwide Cache Data Structures
- viewing registered file systems, Locking–Locking, Locking
- virtual address descriptors, Process VADs
- virtual address limits, Dynamic System Virtual Address Space Management
- VPBs, Volume Mounting–Volume Mounting, Volume Mounting
- working set lists, Working Set Management–Balance Set Manager and Swapper, Working Set Management, Balance Set Manager and Swapper
- working sets vs. virtual size, Working Set Management–Working Set Management, Working Set Management, Working Set Management
- write throttling, Write Throttling
- explicit device driver loading, The Start Value
- explicit file I/O, Explicit File I/O–Cache Manager’s Read-Ahead Thread, Explicit File I/O, Explicit File I/O, Explicit File I/O, Explicit File I/O, Cache Manager’s Read-Ahead Thread
- explicit memory allocation, Driver Verifier
- exportascd element, The BIOS Boot Sector and Bootmgr
- exporting control sets, Post–Splash Screen Crash or Hang
- express queues (cache), System Threads
- extended attributes, File Records, The Change Journal File
- extended console input, The BIOS Boot Sector and Bootmgr
- extended create parameters (ECP), Opening Devices
- Extended File Allocation Table file system (exFat), exFAT–NTFS, NTFS, NTFS
- extended partitions, MBR-Style Partitioning, BIOS Preboot
- extendedinput element, The BIOS Boot Sector and Bootmgr
- extending data, Sparse Files
- extensibility, I/O System Components
- extents (runs), Resident and Nonresident Attributes
- external disk storage management, Storage Management
- External Memory Device (emd), ReadyBoost