S

S0 (fully on) power state, The Power Manager, The Power Manager, Power Manager Operation
S1 (sleeping) power state, The Power Manager, The Power Manager, Power Manager Operation
S2 (sleeping) power state, The Power Manager, Power Manager Operation
S3 (sleeping) power state, The Power Manager, The Power Manager, Power Manager Operation, Power Availability Requests
S4 (hibernating) power state, The Power Manager, The Power Manager, Power Manager Operation
S5 (fully off) power state, The Power Manager, Power Manager Operation
safe mode, Driver Verifier, The BIOS Boot Sector and Bootmgr, Initializing the Kernel and Executive Subsystems, Troubleshooting Boot and Startup Problems, Windows Recovery Environment (WinRE)MBR Corruption, Windows Recovery Environment (WinRE), Windows Recovery Environment (WinRE), MBR Corruption
boot options, The BIOS Boot Sector and Bootmgr
Driver Verifier settings, Driver Verifier
registry entries, Initializing the Kernel and Executive Subsystems
troubleshooting startup, Troubleshooting Boot and Startup Problems
Windows RE alternative, Windows Recovery Environment (WinRE)MBR Corruption, Windows Recovery Environment (WinRE), Windows Recovery Environment (WinRE), MBR Corruption
Safe Mode With Command Prompt, The BIOS Boot Sector and Bootmgr, Safe Mode
Safe Mode With Networking, Safe Mode
safe save programming, File Names
safe structured exception handling, Software Data Execution Prevention
safeboot element, The BIOS Boot Sector and Bootmgr
SAFEBOOT variable, Smss, Csrss, and Wininit
safebootalternateshell element, The BIOS Boot Sector and Bootmgr
safemode BCD option, Driver Loading in Safe Mode
salt (encryption keys), BitLocker Key Recovery
SANs (storage area networks), Storage Management, iSCSI Drivers
SAS (Serial Attached SCSI), Disk Devices, Disk Class, Port, and Miniport Drivers
SATA devices, Prioritization Strategies, Bandwidth Reservation (Scheduled File I/O), Disk Devices, Disk Class, Port, and Miniport Drivers
saved system states, The Power Manager
scalability, I/O System, The Low Fragmentation Heap
heap functions, The Low Fragmentation Heap
I/O system, I/O System
scaling (performance states), Thresholds and Policy Settings, Performance Check
scatter/gather I/O, Scatter/Gather I/O
SCB (stream control block), NTFS File System Driver, Resource Managers
scenario manager, Components
scenarios, Scenarios
scheduled file I/O, Bandwidth Reservation (Scheduled File I/O)
scheduled file I/O extension, Opening Devices
scheduled tasks, I/O Priorities
scheduler, Algorithm Overrides, Initializing the Kernel and Executive Subsystems
SCM (service control manager), IRP Stack Locations
SCM process, IRP Stack Locations
screen savers, blue screen, Hardware Malfunctions
scripting (BitLocker), BitLocker Drive Encryption
scripts, user, Smss, Csrss, and Wininit
scrubbing pages, PFN Data Structures
Scsiport.sys driver, Disk Class, Port, and Miniport Drivers, Disk Class, Port, and Miniport Drivers
SD cards, ReadyBoost
SD Client buses, Structure and Operation of a KMDF Driver
SD/MMC support, Disk Devices
SDI ramdisks, The BIOS Boot Sector and Bootmgr
search indexing priorities, I/O Prioritization
Second Layer Address Translation (SLAT), The BIOS Boot Sector and Bootmgr
secondary dump data, Crash Dump Files
secondary resource managers, Resource Managers, Resource Managers, Resource Managers
SeCreateSymbolicLink privilege, Symbolic (Soft) Links and Junctions
section object pointers, Opening Devices, Section Objects, Section Objects, Per-File Cache Data Structures
section objects (control areas), Introduction to the Memory Manager, Services Provided by the Memory Manager, Allocation Granularity, Shared Memory and Mapped FilesShared Memory and Mapped Files, Shared Memory and Mapped Files, Shared Memory and Mapped Files, Shared Memory and Mapped Files, Shared Memory and Mapped Files, Prototype PTEsPrototype PTEs, Prototype PTEs, Prototype PTEs, Section Objects, Section Objects, Section Objects, Section Objects, Section Objects, Section Objects, The Memory Manager, Smss, Csrss, and Wininit, Causes of Windows Crashes
control areas, Section Objects
creating, Smss, Csrss, and Wininit
file mapping objects, The Memory Manager
memory manager, Allocation Granularity, Shared Memory and Mapped Files, Section Objects, Section Objects, Section Objects, Section Objects
memory mapped files, Introduction to the Memory Manager, Services Provided by the Memory Manager, Causes of Windows Crashes
prototype PTEs, Prototype PTEsPrototype PTEs, Prototype PTEs, Prototype PTEs
section objects, Shared Memory and Mapped FilesShared Memory and Mapped Files, Shared Memory and Mapped Files, Shared Memory and Mapped Files, Shared Memory and Mapped Files
viewing, Section Objects
sections, Reserving and Committing Pages, Invalid PTEs
sector signatures, Log Blocks
sector size, Unified Caching
sector to client mapping, Translating Virtual LSNs to Physical LSNs
sector-level disk I/O, Partition Manager
sectors, Disk Devices, File Deletion and the Trim Command, File Deletion and the Trim Command, GUID Partition Table Partitioning, The LDM Database, Full-Volume Encryption DriverBitLocker Management, BitLocker Management, Unified Caching, Log Blocks, Dynamic Bad-Cluster Remapping, Clusters
blocks, Disk Devices
encrypting, Full-Volume Encryption DriverBitLocker Management, BitLocker Management
GPT bits, GUID Partition Table Partitioning
larger sizes, Clusters
LDM database, The LDM Database
remapping bad clusters, Dynamic Bad-Cluster Remapping
signatures, Log Blocks
size, Unified Caching
trim command, File Deletion and the Trim Command
updating, File Deletion and the Trim Command
Secure Digital cards, ReadyBoost
security, I/O System, BitLocker Drive EncryptionBitLocker To Go, BitLocker Drive Encryption, Encryption Keys, Encryption Keys, Encryption Keys, Trusted Platform Module (TPM), Trusted Platform Module (TPM), BitLocker Boot Process, BitLocker Key Recovery, Full-Volume Encryption Driver, Full-Volume Encryption Driver, BitLocker To Go, BitLocker To Go, Address Windowing Extensions, The Low Fragmentation Heap, Heap Debugging Features, Page Files, Page List Dynamics, Recoverability, Consolidated SecurityTransaction Support, Consolidated Security, Consolidated Security, Transaction Support, Encrypting a File for the First Time
AWE memory, Address Windowing Extensions
BitLocker, BitLocker Drive EncryptionBitLocker To Go, BitLocker Drive Encryption, Encryption Keys, Encryption Keys, Encryption Keys, Trusted Platform Module (TPM), Trusted Platform Module (TPM), BitLocker Boot Process, BitLocker Key Recovery, Full-Volume Encryption Driver, Full-Volume Encryption Driver, BitLocker To Go, BitLocker To Go
consolidated NTFS security, Consolidated SecurityTransaction Support, Consolidated Security, Consolidated Security, Transaction Support
encryption recovery agents, Encrypting a File for the First Time
heap manager, The Low Fragmentation Heap, Heap Debugging Features
I/O system, I/O System
NTFS design goals, Recoverability
page files, Page Files
zero-initialized pages, Page List Dynamics
security contexts, Explicit File I/O
security cookies, Stack Trashes
security descriptor database, Master File Table
Security Descriptor Hash (, Consolidated Security, Consolidated Security
Security Descriptor Stream (, Security, Consolidated Security, Consolidated Security
security descriptors, Opening Devices, Shared Memory and Mapped Files, General Indexing Facility, File Records, The Change Journal FileIndexing, Indexing, Consolidated Security
change journal, The Change Journal FileIndexing, Indexing
file attributes, File Records
files, Opening Devices
indexing features, General Indexing Facility
section objects, Shared Memory and Mapped Files
sharing descriptors, Consolidated Security
security files (, Security, Master File Table, Consolidated Security, Consolidated Security, Consolidated Security
Security ID Index (, Consolidated Security, Consolidated Security
security IDs (SIDs), Per-User Volume Quotas, Quota Tracking, Consolidated Security, Consolidated Security, Encrypting File System Security
security mitigations, Controlling Security Mitigations
security reference monitor, Initializing the Kernel and Executive Subsystems, Initializing the Kernel and Executive Subsystems, Initializing the Kernel and Executive Subsystems
SeDebugPrivilege rights, Reserving and Committing Pages, Protecting Memory
seek times, Logical Prefetcher, ReadyBoost
segment dereference thread, Memory Manager Components
segment structures, Section Objects
segments, Heap Manager Structure
SEH handler, Software Data Execution Prevention
SEHOP (Structured Exception Handler Overwrite Protection), Software Data Execution Prevention
self-healing, NTFS, Self-HealingEncrypting File System Security, Self-Healing, Encrypting File System Security
semaphore object, Initializing the Kernel and Executive Subsystems
SendTarget portals, iSCSI Drivers
sequential I/O, Opening Devices, Robust Performance
sequential read-ahead, Intelligent Read-Ahead
sequentially reading files, Cache Virtual Memory Management
Serial Advanced Technology Attachment (SATA), Disk Devices, Disk Class, Port, and Miniport Drivers
serial devices, debugging, The BIOS Boot Sector and Bootmgr
serial hypervisor debugging, The BIOS Boot Sector and Bootmgr
serial ports, Disk Device Objects, The BIOS Boot Sector and Bootmgr, When There Is No Crash Dump
device objects, Disk Device Objects
hypervisor debugging, The BIOS Boot Sector and Bootmgr
kernel debugger, When There Is No Crash Dump
serializing IRPs, Structure of a Driver
server applications, No Execute Page Protection, NTFS File System Driver
cache manager, NTFS File System Driver
execution protection, No Execute Page Protection
server farms (crash analysis), Online Crash Analysis
Server Message Block (SMB) protocol, Remote FSDs, Remote FSDs, Locking
server-side remote FSDs, Remote FSDsFile System Operation, Remote FSDs, File System Operation
servers, VSS Operation, Crash Dump Files
Memory.dmp files, Crash Dump Files
shadow copies, VSS Operation
Service Hosting Process (Svchost.exe), Driver Installation, Logical Prefetcher
service loading, The Start ValueThe Start Value, The Start Value
service packs, Smss, Csrss, and Wininit
Services for Unix Applications, Process Reflection
Services registry key, Troubleshooting Crashes
services, shutting down, Shutdown
Services.exe, IRP Stack Locations
Session 0 window hook, Smss, Csrss, and Wininit
Session Manager (Smss.exe), Volume Mounting, Virtual Address Space Layouts, Image Randomization, Page FilesPage Files, Page Files, Page Files, Initializing the Kernel and Executive SubsystemsSmss, Csrss, and Wininit, Smss, Csrss, and Wininit, Smss, Csrss, and Wininit, Smss, Csrss, and Wininit, Boot Logging in Safe Mode, Post–Splash Screen Crash or Hang
boot logging in safe mode, Boot Logging in Safe Mode
boot logs, Post–Splash Screen Crash or Hang
DLL order, Image Randomization
initialization tasks, Initializing the Kernel and Executive SubsystemsSmss, Csrss, and Wininit, Smss, Csrss, and Wininit, Smss, Csrss, and Wininit
initializing, Smss, Csrss, and Wininit
page file setup, Page FilesPage Files, Page Files, Page Files
process, Virtual Address Space Layouts
running Chkdsk, Volume Mounting
session manager process, Virtual Address Space Layouts
session namespaces, Explicit File I/O
session space, Kernel-Mode Heaps (System Memory Pools), Virtual Address Space Layouts, x86 Session SpaceSystem Page Table Entries, x86 Session Space, System Page Table Entries, 64-Bit Address Space Layouts64-Bit Address Space Layouts, 64-Bit Address Space Layouts, Page Directories
64-bit layouts, 64-Bit Address Space Layouts64-Bit Address Space Layouts, 64-Bit Address Space Layouts
defined, Virtual Address Space Layouts
page tables, Page Directories
pool, Kernel-Mode Heaps (System Memory Pools)
utilization, x86 Session Space
x86 systems, x86 Session SpaceSystem Page Table Entries, System Page Table Entries
session-private object manager namespace, Virtual Address Space Layouts
SESSION5_INITIALIZATION_FAILED code, Initializing the Kernel and Executive Subsystems
sessions, Virtual Address Space Layouts, Virtual Address Space Layouts, Working Sets
defined, Virtual Address Space Layouts
sessionwide code and data, Virtual Address Space Layouts
working sets, Working Sets
Set APIs, KMDF Data Model, Transactional APIs
SetEndOfFile API, Transactional APIs
SetFileBandwidthReservation API, Opening Devices
SetFileCompletionNotificationModes API, I/O Completion Port Operation
SetFileInformationByHandle function, Prioritization Strategies, Transactional APIs
SetFileIoOverlappedRange API, Opening Devices
SetFileShortName API, Transactional APIs
SetFileTime API, Transactional APIs
SetPriorityClass function, Prioritization Strategies
SetProcessDEPPolicy function, No Execute Page Protection
SetProcessShutdownParameters function, Shutdown
SetProcessWorkingSetSize function, Working Set Management
SetProcessWorkingSetSizeEx function, Locking Memory
SetThreadExecutionState API, Power Availability Requests
SetThreadPriority function, Prioritization Strategies
Setupapi.dll, Driver Installation
Setupcl.exe, Smss, Csrss, and Wininit
SetupDiEnumDeviceInterfaces function, Driver Objects and Device Objects
SetupDiGetDeviceInterfaceDetail function, Driver Objects and Device Objects
SET_REPAIR flags, Self-Healing
SE_LOCK_MEMORY privilege, Thread Agnostic I/O
shadow copies, Volume Shadow Copy ServiceConclusion, VSS Architecture, VSS OperationUses in Windows, Shadow Copy Provider, Shadow Copy Provider, Shadow Copy Provider, Shadow Copy Provider, Shadow Copy Provider, Uses in WindowsPrevious Versions and System Restore, Uses in Windows, Backup, Backup, Previous Versions and System Restore, Previous Versions and System Restore, Previous Versions and System Restore, Previous Versions and System Restore, Previous Versions and System Restore, Conclusion
backup operations, Uses in WindowsPrevious Versions and System Restore, Backup, Previous Versions and System Restore
operations, VSS OperationUses in Windows, Shadow Copy Provider, Shadow Copy Provider, Uses in Windows
set IDs, Previous Versions and System Restore
Volume Shadow Copy Service, Volume Shadow Copy ServiceConclusion, VSS Architecture, Shadow Copy Provider, Shadow Copy Provider, Shadow Copy Provider, Backup, Previous Versions and System Restore, Previous Versions and System Restore, Previous Versions and System Restore, Conclusion
Shadow Copies for Shared Folders, Previous Versions and System Restore
shadow copy device objects, Previous Versions and System Restore
Shadow Copy Provider, Shadow Copy ProviderUses in Windows, Shadow Copy Provider, Shadow Copy Provider, Uses in Windows
shadow copy volumes, Previous Versions and System Restore
share counts, Modified Page Writer, PFN Data Structures, PFN Data Structures, PFN Data Structures
share modes (file objects), Opening Devices
share-access checks, Opening Devices
shareable address space, User Address Space Layout
shareable pages, Reserving and Committing Pages, Reserving and Committing Pages
shared access leases, Locking
shared access locks, Locking
shared cache maps, Per-File Cache Data Structures, Per-File Cache Data Structures, Per-File Cache Data Structures, Per-File Cache Data Structures, Explicit File I/O
shared encrypted files, Encrypting File System Security
shared heaps, read-only, Types of Heaps
shared memory, Shared Memory and Mapped Files, Shared Memory and Mapped Files, Shared Memory and Mapped Files, Protecting Memory, Virtual Address Space Layouts
shared pages, Address Windowing Extensions, Prototype PTEs, Prototype PTEs, Prototype PTEs
shell, Link Tracking, Link Tracking, Smss, Csrss, and Wininit, Online Crash Analysis
shell namespace, Link TrackingEncryption, Link Tracking, Encryption
shim mechanisms, Fault Tolerant Heap
short names, File Records, File Names, File Names, File Names
ShrinkAbort request, Dynamic Partitioning
ShrinkCommit request, Dynamic Partitioning
shrinking engine (partitions), Dynamic Partitioning
ShrinkPrepare request, Dynamic Partitioning
shutdown, Driver Verifier, Windows Recovery Environment (WinRE), Shutdown, Shutdown, Shutdown, Shutdown
SideShow-compatible devices, User-Mode Driver Framework (UMDF)
SIDs (security IDs), Per-User Volume Quotas, Quota Tracking, Consolidated Security
signatures, Driver Installation, Driver Installation, Driver Installation, Driver Installation, Driver Installation, Heap Security Features
driver signing, Driver Installation, Driver Installation, Driver Installation, Driver Installation
heap tail checking, Heap Security Features
verification, Driver Installation
simple volumes, Storage Terminology, Mirrored Volumes
single bit corruption, Buffer Overruns, Memory Corruption, and Special Pool
single-layered drivers, I/O Request to a Single-Layered DriverSynchronization, Completing an I/O Request, Synchronization, Synchronization, Synchronization
single-level cell (SLC) memory, NAND-Type Flash Memory
single-page granularity, Allocation Granularity
singly linked lists, Windows x64 16-TB Limitation
sleep states, Level of Plug and Play Support, The Power Manager, Power Manager Operation, Power Manager Operation, Driver and Application Control of Device Power, Power Availability Requests, Processor Power Management (PPM)
SLIST_HEADER data structure, Windows x64 16-TB Limitation, Windows x64 16-TB Limitation
small memory dumps (minidumps), Process Reflection, Crash Dump Files, Crash Dump Files, Crash Dump Files, Hung or Unresponsive Systems
small pages, Large and Small Pages, Large and Small Pages, Large and Small Pages
small-IRP look-aside lists, I/O Request Packets
SMB Server Message Block (SMB) protocol, Remote FSDs, Remote FSDs, Locking
SMP system processors, Initializing the Kernel and Executive Subsystems
SmpCheckForCrashDump function, Causes of Windows Crashes
SmpConfigureSharedSession­­Data function, Smss, Csrss, and Wininit
SmpCreateDynamicEnvironment­Variables function, Smss, Csrss, and Wininit
SmpCreateInitialSession function, Smss, Csrss, and Wininit
SmpCreatePagingFiles function, Smss, Csrss, and Wininit
SmpExecuteCommand function, Smss, Csrss, and Wininit
SmpInit function, Smss, Csrss, and Wininit
SmpInitializeDosDevices function, Smss, Csrss, and Wininit
SmpInitializeKnownDlls function, Smss, Csrss, and Wininit
SmpLoadDataFromRegistry function, Smss, Csrss, and Wininit
SmpProcessFileRenames function, Smss, Csrss, and Wininit
SmpStartCsr function, Smss, Csrss, and Wininit
SMT cores, Core Parking Policies, Utility Function
snapshot devices, VSS Operation
snapshots, Volume Shadow Copy ServiceConclusion, Previous Versions and System Restore, Conclusion
soft faults, Logical Prefetcher
soft links, Symbolic (Soft) Links and JunctionsCompression and Sparse Files, Symbolic (Soft) Links and Junctions, Symbolic (Soft) Links and Junctions, Compression and Sparse Files
soft page faults, NUMA
soft partitions, The LDM Database, The LDM Database, LDM and GPT or MBR-Style Partitioning
software attacks, Encryption Keys
software data execution prevention, Software Data Execution PreventionCopy-on-Write, Software Data Execution Prevention, Copy-on-Write
software DEP, Software Data Execution PreventionCopy-on-Write, Software Data Execution Prevention, Copy-on-Write
software mirroring, Clone Shadow Copies
software PTEs, Invalid PTEsInvalid PTEs, Invalid PTEs, Prototype PTEs
software resumption from power states, The Power Manager
software Write bits, Hardware vs. Software Write Bits in Page Table Entries
sos element, The BIOS Boot Sector and Bootmgr
space quotas, Dynamic System Virtual Address Space ManagementUser Address Space Layout, User Address Space Layout, User Address Space Layout
spaces (file names), File Names
spanned volumes, Spanned Volumes
spare bits, NAND-Type Flash Memory
sparse files, UDF, Compression and Sparse Files, Compression and Sparse Files, Data Compression and Sparse Files, Data Compression and Sparse Files, Compressing Sparse Data
sparse matrix, Compressing Sparse Data
sparse multilevel VACB arrays, Per-File Cache Data Structures
spatial locality (cache), Cache Manager’s Read-Ahead Thread
special agents (prefetch), Page Priority and Rebalancing
special pool, Dynamic System Virtual Address Space Management, Driver VerifierDriver Verifier, Driver Verifier, Driver Verifier, Buffer Overruns, Memory Corruption, and Special Pool, Buffer Overruns, Memory Corruption, and Special PoolBuffer Overruns, Memory Corruption, and Special Pool, Buffer Overruns, Memory Corruption, and Special Pool, 0xC5 - DRIVER_CORRUPTED_EXPOOL, 0xC5 - DRIVER_CORRUPTED_EXPOOL
Driver Verifier option, Buffer Overruns, Memory Corruption, and Special Pool, 0xC5 - DRIVER_CORRUPTED_EXPOOL, 0xC5 - DRIVER_CORRUPTED_EXPOOL
enabling, Buffer Overruns, Memory Corruption, and Special PoolBuffer Overruns, Memory Corruption, and Special Pool, Buffer Overruns, Memory Corruption, and Special Pool
expanding, Dynamic System Virtual Address Space Management
registry settings, Driver Verifier
verification, Driver VerifierDriver Verifier, Driver Verifier
speed, cluster size and, Clusters
spinlocks, Synchronization, KMDF Data Model, KMDF Data Model, Look-Aside Lists, Windows x64 16-TB Limitation
accessing directly, Synchronization
context areas, KMDF Data Model
eliminating need for, Windows x64 16-TB Limitation
KMDF objects, KMDF Data Model
pools and, Look-Aside Lists
splash screens, hangs and, Post–Splash Screen Crash or Hang
split log blocks, Owner Pages
split mirrors (clone shadow copies), Clone Shadow Copies
Spoolsvc.exe, Power Availability Requests
SRTM (Static Root of Trust Measurement), Trusted Platform Module (TPM)
SSDs (solid state disks), NAND-Type Flash Memory, NAND-Type Flash Memory, NAND-Type Flash MemoryFile Deletion and the Trim Command, File Deletion and the Trim CommandFile Deletion and the Trim Command, File Deletion and the Trim Command, File Deletion and the Trim Command, File Deletion and the Trim Command, Disk Drivers, ReadyBoost, Unified Caching
file deletion and trim, File Deletion and the Trim CommandFile Deletion and the Trim Command, File Deletion and the Trim Command, Disk Drivers
ReadyBoost, ReadyBoost, Unified Caching
slowing down, NAND-Type Flash Memory
wear-leveling, NAND-Type Flash MemoryFile Deletion and the Trim Command, File Deletion and the Trim Command, File Deletion and the Trim Command
wearing out, NAND-Type Flash Memory
stack bases, 0x7F - UNEXPECTED_KERNEL_MODE_TRAP
stack cookies, Software Data Execution Prevention
stack limits, 0x7F - UNEXPECTED_KERNEL_MODE_TRAP
stack locations, I/O Request Packets, IRP Stack LocationsIRP Stack Locations, IRP Stack Locations, IRP Stack Locations, IRP Stack Locations, Completing an I/O RequestSynchronization, Completing an I/O Request, Completing an I/O Request, Synchronization, I/O Requests to Layered Drivers
I/O request packets (IRPs), IRP Stack LocationsIRP Stack Locations, IRP Stack Locations, IRP Stack Locations, IRP Stack Locations
IRP reuse and, I/O Requests to Layered Drivers
large-IRP look-aside list, I/O Request Packets
request completion, Completing an I/O RequestSynchronization, Completing an I/O Request, Completing an I/O Request, Synchronization
stack overruns (stack trashes), Stack TrashesHung or Unresponsive Systems, Stack Trashes, Stack Trashes, Hung or Unresponsive Systems
stack pointer register, Stack Trashes, Stack Trashes, 0x7F - UNEXPECTED_KERNEL_MODE_TRAP
stack randomization, Stack Randomization, Stack Randomization
stack traces, Heap Debugging Features, Write-Back Caching and Lazy Writing, Write-Back Caching and Lazy Writing, Verbose AnalysisVerbose Analysis, Verbose Analysis, Advanced Crash Dump Analysis, 0xD1 - DRIVER_IRQL_NOT_LESS_OR_EQUAL, 0xC5 - DRIVER_CORRUPTED_EXPOOL0xC5 - DRIVER_CORRUPTED_EXPOOL, 0xC5 - DRIVER_CORRUPTED_EXPOOL
displaying device driver, 0xD1 - DRIVER_IRQL_NOT_LESS_OR_EQUAL
heap debugging, Heap Debugging Features
pool corruption, 0xC5 - DRIVER_CORRUPTED_EXPOOL0xC5 - DRIVER_CORRUPTED_EXPOOL, 0xC5 - DRIVER_CORRUPTED_EXPOOL
processors, Advanced Crash Dump Analysis
read-ahead operations, Write-Back Caching and Lazy Writing
verbose analysis, Verbose AnalysisVerbose Analysis, Verbose Analysis
write-behind operations, Write-Back Caching and Lazy Writing
stack trashes, Stack TrashesHung or Unresponsive Systems, Hung or Unresponsive Systems
StackRandomizationDisabled, Stack Randomization
stacks, Software Data Execution Prevention, User Address Space Layout, Stack RandomizationASLR in Kernel Address Space, Heap Randomization, ASLR in Kernel Address Space, StacksVirtual Address Descriptors, Stacks, Stacks, Kernel StacksVirtual Address Descriptors, Kernel Stacks, Kernel Stacks, DPC Stack, Virtual Address DescriptorsProcess VADs, Virtual Address Descriptors, Virtual Address Descriptors, Process VADs, Stack TrashesHung or Unresponsive Systems, Stack Trashes, Stack TrashesHung or Unresponsive Systems, Stack Trashes, Hung or Unresponsive Systems, Hung or Unresponsive Systems
address space, User Address Space Layout
analyzing, Stack TrashesHung or Unresponsive Systems, Hung or Unresponsive Systems
crash dump analysis, Stack TrashesHung or Unresponsive Systems, Stack Trashes, Hung or Unresponsive Systems
DEP stack cookies, Software Data Execution Prevention
DPC, DPC Stack
kernel, Stacks, Kernel StacksVirtual Address Descriptors, Kernel Stacks, Virtual Address Descriptors
memory manager, StacksVirtual Address Descriptors, Stacks, Kernel Stacks, Virtual Address DescriptorsProcess VADs, Virtual Address Descriptors, Process VADs
pointer register, Stack Trashes
randomization, Stack RandomizationASLR in Kernel Address Space, Heap Randomization, ASLR in Kernel Address Space
stampdisks element, The BIOS Boot Sector and Bootmgr
standard BitLocker operation, BitLocker Drive Encryption
standby cache, Examining Memory Usage
standby lists, Clustered Page Faults, Page Priority, Page Priority, Components, Components, Cache Size, Cache Physical Size
prefetched pages, Clustered Page Faults
prioritized, Page Priority, Page Priority
rebalancer, Components
Superfetch service, Components
system cache, Cache Size, Cache Physical Size
standby mode, Driver Power Operation, Components
standby page lists, Examining Memory Usage, Page Fault Handling
standby pages, PFN Data Structures
Standby PFN state, Page Frame Number Database, Page Frame Number Database
standby scenario, Scenarios
start I/O routines, Structure of a Driver
Start values, The Start Value, The Start Value, Device Enumeration
start-device command, Driver Support for Plug and Play
start-device IRPs, Driver Objects and Device Objects
Startup Repair tool, Windows Recovery Environment (WinRE), Windows Recovery Environment (WinRE)
Startup.com, The BIOS Boot Sector and Bootmgr
state-transition table, Driver Support for Plug and PlayThe Start Value, The Start Value
static physical NVRAM cache, Unified Caching
Static Root of Trust Measurement (SRTM), Trusted Platform Module (TPM)
STATUS_ACCESS_ VIOLATION exception, No Execute Page Protection, 0x8E - KERNEL_MODE_EXCEPTION_NOT_HANDLED
STATUS_BREAKPOINT exception, 0x8E - KERNEL_MODE_EXCEPTION_NOT_HANDLED0x7F - UNEXPECTED_KERNEL_MODE_TRAP, 0x8E - KERNEL_MODE_EXCEPTION_NOT_HANDLED, 0x7F - UNEXPECTED_KERNEL_MODE_TRAP, 0x7F - UNEXPECTED_KERNEL_MODE_TRAP
STATUS_INVALID_DEVICE_REQUEST exception, KMDF I/O Model
STATUS_REPARSE code, Symbolic (Soft) Links and Junctions
step model (PPM), Increase/Decrease Actions, Performance Check
stolen USB keys, Encryption Keys
stop code analysis, Causes of Windows Crashes, Verbose AnalysisVerbose Analysis, Verbose Analysis, 0xD1 - DRIVER_IRQL_NOT_LESS_OR_EQUAL0x8E - KERNEL_MODE_EXCEPTION_NOT_HANDLED, 0x8E - KERNEL_MODE_EXCEPTION_NOT_HANDLED0x7F - UNEXPECTED_KERNEL_MODE_TRAP, 0x8E - KERNEL_MODE_EXCEPTION_NOT_HANDLED, 0x7F - UNEXPECTED_KERNEL_MODE_TRAP0xC5 - DRIVER_CORRUPTED_EXPOOL, 0x7F - UNEXPECTED_KERNEL_MODE_TRAP, 0xC5 - DRIVER_CORRUPTED_EXPOOL0xC5 - DRIVER_CORRUPTED_EXPOOL, 0xC5 - DRIVER_CORRUPTED_EXPOOL, 0xC5 - DRIVER_CORRUPTED_EXPOOL
DRIVER_CORRUPTED_EXPOOL, 0xC5 - DRIVER_CORRUPTED_EXPOOL0xC5 - DRIVER_CORRUPTED_EXPOOL, 0xC5 - DRIVER_CORRUPTED_EXPOOL
DRIVER_IRQL_NOT_LESS_OR_EQUAL, 0xD1 - DRIVER_IRQL_NOT_LESS_OR_EQUAL0x8E - KERNEL_MODE_EXCEPTION_NOT_HANDLED, 0x8E - KERNEL_MODE_EXCEPTION_NOT_HANDLED
IRQL_NOT_LESS_OR_EQUAL, Causes of Windows Crashes
KERNEL_MODE_EXCEPTION_NOT_HANDLED, 0x8E - KERNEL_MODE_EXCEPTION_NOT_HANDLED0x7F - UNEXPECTED_KERNEL_MODE_TRAP, 0x7F - UNEXPECTED_KERNEL_MODE_TRAP
UNEXPECTED_KERNEL_MODE_TRAP, 0x7F - UNEXPECTED_KERNEL_MODE_TRAP0xC5 - DRIVER_CORRUPTED_EXPOOL, 0xC5 - DRIVER_CORRUPTED_EXPOOL
verbose analysis, Verbose AnalysisVerbose Analysis, Verbose Analysis
stop codes (bugchecks), Initializing the Kernel and Executive Subsystems, The Blue Screen, Basic Crash Dump Analysis, Basic Crash Dump Analysis, Code Overwrite and System Code Write ProtectionAdvanced Crash Dump Analysis, Advanced Crash Dump Analysis, Advanced Crash Dump Analysis, 0xD1 - DRIVER_IRQL_NOT_LESS_OR_EQUAL
bugcheck parameters, Basic Crash Dump Analysis, 0xD1 - DRIVER_IRQL_NOT_LESS_OR_EQUAL
bugcheck screens, Initializing the Kernel and Executive Subsystems
illegal instruction fault crashes, Code Overwrite and System Code Write ProtectionAdvanced Crash Dump Analysis, Advanced Crash Dump Analysis, Advanced Crash Dump Analysis
manual crashes, Basic Crash Dump Analysis
numeric identifiers, The Blue Screen
storage area networks (SANs), Storage Management, iSCSI Drivers
storage device states, The Plug and Play (PnP) Manager
storage devices, ReadyBoost, Unified Caching, Unified Caching, Booting from iSCSI
storage drivers, Prioritization Strategies, Storage Management, WinloadMultipath I/O (MPIO) Drivers, iSCSI Drivers, iSCSI Drivers, Multipath I/O (MPIO) Drivers, Local FSDs, Local FSDs
device drivers, Storage Management, Local FSDs, Local FSDs
management, WinloadMultipath I/O (MPIO) Drivers, iSCSI Drivers, iSCSI Drivers, Multipath I/O (MPIO) Drivers
port drivers, Prioritization Strategies
storage management, Storage TerminologyDisk Sector Format, Disk Sector Format, Multipath I/O (MPIO) Drivers, Volume Management, Volume Management, Basic Disks, GUID Partition Table Partitioning, GUID Partition Table Partitioning, Basic Disk Volume Manager, Basic Disk Volume Manager, Dynamic Disks, The LDM Database, The LDM Database, The LDM Database, The LDM Database, The LDM Database, LDM and GPT or MBR-Style Partitioning, Dynamic Disk Volume ManagerMultipartition Volume Management, Dynamic Disk Volume Manager, Multipartition Volume ManagementRAID-5 Volumes, Multipartition Volume Management, Spanned Volumes, Striped Volumes, Mirrored Volumes, Mirrored Volumes, RAID-5 Volumes, RAID-5 Volumes, The Mount Manager, The Mount Manager, Mount Points, Volume Mounting, Volume Mounting, Volume Mounting, Volume I/O OperationsVirtual Disk Service, Volume I/O Operations, Virtual Disk Service, Virtual Disk Service, Virtual Disk Service, Virtual Disk Service, Virtual Hard Disk SupportBitLocker Drive Encryption, Virtual Hard Disk Support, BitLocker Drive EncryptionBitLocker To Go, BitLocker Drive Encryption, BitLocker Drive Encryption, Encryption Keys, Encryption Keys, Encryption Keys, Trusted Platform Module (TPM), Trusted Platform Module (TPM), BitLocker Boot Process, BitLocker Key Recovery, Full-Volume Encryption Driver, Full-Volume Encryption Driver, Full-Volume Encryption Driver, BitLocker To Go, BitLocker To Go, BitLocker To Go, Volume Shadow Copy Service
basic disks, Volume Management, GUID Partition Table Partitioning, Basic Disk Volume Manager
BitLocker, BitLocker Drive EncryptionBitLocker To Go, BitLocker Drive Encryption, Encryption Keys, Encryption Keys, Encryption Keys, Trusted Platform Module (TPM), Trusted Platform Module (TPM), BitLocker Boot Process, BitLocker Key Recovery, Full-Volume Encryption Driver, Full-Volume Encryption Driver, BitLocker To Go, BitLocker To Go
BitLocker To Go, BitLocker To Go
disk drivers, Multipath I/O (MPIO) Drivers
dynamic disks, Dynamic Disks, The LDM Database, LDM and GPT or MBR-Style Partitioning, Dynamic Disk Volume ManagerMultipartition Volume Management, Multipartition Volume Management
full-volume encryption driver, Full-Volume Encryption Driver
multipartition volume management, Multipartition Volume ManagementRAID-5 Volumes, Spanned Volumes, Striped Volumes, Mirrored Volumes, Mirrored Volumes, RAID-5 Volumes, RAID-5 Volumes
terminology, Storage TerminologyDisk Sector Format, Disk Sector Format
virtual hard disk support, Virtual Hard Disk SupportBitLocker Drive Encryption, BitLocker Drive Encryption
volume I/O operations, Volume I/O OperationsVirtual Disk Service, Virtual Disk Service, Virtual Disk Service
volume management, Volume Management, Basic Disks, GUID Partition Table Partitioning, Basic Disk Volume Manager, The LDM Database, The LDM Database, The LDM Database, The LDM Database, Dynamic Disk Volume Manager, The Mount Manager, The Mount Manager, Mount Points, Volume Mounting, Volume Mounting, Volume Mounting, Volume I/O Operations, Virtual Disk Service, Virtual Disk Service, Virtual Hard Disk Support
Volume Shadow Copy Service, Volume Shadow Copy Service
storage stacks, Prioritization Strategies, I/O Priority Inversion Avoidance (I/O Priority Inheritance), Disk Drivers, Multipath I/O (MPIO) Drivers, Multipath I/O (MPIO) Drivers
store keys, Unified Caching
Store Manager (unified caching), Unified Caching, Unified Caching, Initializing the Kernel and Executive Subsystems
store pages, Unified Caching
Storport minidriver, Attaching VHDs
Storport.sys driver, Disk Class, Port, and Miniport Drivers, Disk Class, Port, and Miniport Drivers
stream names, Stream-Based Caching
stream-based caching, Stream-Based Caching
stream-controlled block (SCB), NTFS File System Driver
streaming playback, I/O Prioritization
streams, Tracing and Logging, Stream-Based Caching, Common Log File System, Multiple Data Streams, Multiple Data StreamsMultiple Data Streams, Multiple Data Streams, Multiple Data Streams, Multiple Data Streams, The Change Journal File, The Change Journal File, Resource Managers
associated with file names, Tracing and Logging
attributes, Multiple Data Streams
caching, Stream-Based Caching
change journal, The Change Journal File, The Change Journal File
CLFS, Common Log File System
multiple, NTFS design goals, Multiple Data StreamsMultiple Data Streams, Multiple Data Streams, Multiple Data Streams, Multiple Data Streams
TxF, Resource Managers
strings, Buffer Overruns, Memory Corruption, and Special Pool
Strings utility, Monitoring Pool Usage, Logical Prefetcher, Buffer Overruns, Memory Corruption, and Special Pool
striped arrays, Dynamic Disks
striped volumes, The LDM Database, Volume I/O Operations, Data Redundancy and Fault Tolerance
data redundancy, Data Redundancy and Fault Tolerance
I/O operations, Volume I/O Operations
LDM partition entries, The LDM Database
Structured Exception Handler Overwrite Protection (SEHOP), Software Data Execution Prevention
subkeys, Device Enumeration
subst command, Opening Devices
Subst.exe utility, Previous Versions and System Restore
subsystem DLLs, I/O Request to a Single-Layered Driver, Smss, Csrss, and Wininit
success codes, I/O Completion Port Operation, KMDF I/O Model
successful boots, Troubleshooting Crashes
Superfetch service (proactive memory management), I/O Priorities, I/O Priority Boosts and Bumps, Logical Prefetcher, Logical Prefetcher, ComponentsComponents, Components, Components, Tracing and Logging, Scenarios, Page Priority and RebalancingRobust Performance, Page Priority and RebalancingRobust Performance, Page Priority and Rebalancing, Robust Performance, Robust Performance, Robust Performance, ReadyBoost, ReadyDrive, Unified Caching, Unified CachingUnified Caching, Unified Caching, Unified Caching, Process Reflection, Process Reflection
components, ComponentsComponents, Components, Components
I/O priorities, I/O Priorities
idle I/O, I/O Priority Boosts and Bumps
logical prefetcher, Logical Prefetcher
organizing files, Logical Prefetcher
page priority, Page Priority and RebalancingRobust Performance, Robust Performance
process reflection, Process Reflection, Process Reflection
ReadyBoost, ReadyBoost, Unified Caching
ReadyDrive, ReadyDrive
rebalancing, Page Priority and RebalancingRobust Performance, Page Priority and Rebalancing, Robust Performance
robust performance, Robust Performance
scenarios, Scenarios
tracing and logging, Tracing and Logging
unified caching, Unified CachingUnified Caching, Unified Caching, Unified Caching
surprise-remove command, Driver Support for Plug and Play
suspending, BitLocker Boot Process
BitLocker, BitLocker Boot Process
Svchost.exe (Service Hosting Process), Logical Prefetcher
swapper thread, Balance Set Manager and Swapper
switching CPU contexts, Hung or Unresponsive Systems
Swprov.dll (shadow copy provider), Shadow Copy ProviderUses in Windows, Uses in Windows
symbol files, Basic Crash Dump Analysis, 0xC5 - DRIVER_CORRUPTED_EXPOOL
symbol server, Crash Dump Files
symbol-file paths, Basic Crash Dump Analysis
symbolic exception registration records, Software Data Execution Prevention
symbolic links, Driver Objects and Device Objects, Opening Devices, Opening Devices, Opening Devices, Disk Device Objects, The Mount Manager, Mount Points, Previous Versions and System Restore, Explicit File I/O, Symbolic (Soft) Links and JunctionsCompression and Sparse Files, Symbolic (Soft) Links and Junctions, Compression and Sparse Files, Compression and Sparse Files, The Change Journal File, Smss, Csrss, and Wininit
change journal, The Change Journal File
device names, Opening Devices
device objects, Driver Objects and Device Objects
file object extensions, Opening Devices
MS-DOS devices, Smss, Csrss, and Wininit
naming conventions, Disk Device Objects
NTFS design goals, Symbolic (Soft) Links and JunctionsCompression and Sparse Files, Symbolic (Soft) Links and Junctions, Compression and Sparse Files, Compression and Sparse Files
reparse points, Mount Points
shadow copies, Previous Versions and System Restore
viewing, Opening Devices
volumes, The Mount Manager, Explicit File I/O
symbols, kernel, Pool Sizes
SymLinkEvaluation option, Symbolic (Soft) Links and Junctions
symmetric encryption, Encrypting File System Security
synchronization, I/O Requests to Layered Drivers, KMDF I/O Model, KMDF I/O Model, Internal Synchronization, Types of Heaps, Heap Synchronization
heap manager, Heap Synchronization
I/O requests, I/O Requests to Layered Drivers
internal memory, Internal Synchronization
KMDF callbacks, KMDF I/O Model
KMDF queues, KMDF I/O Model
not supported by heap functions, Types of Heaps
synchronization objects, Synchronous and Asynchronous I/O, In-Paging I/O, Driver Verifier, Driver Verifier
synchronization scope object attribute, KMDF I/O Model
synchronous I/O, Opening Devices, Completing an I/O Request, User-Initiated I/O Cancellation, Fast I/O, Fast I/O
cancellation, User-Initiated I/O Cancellation
completion, Completing an I/O Request
fast I/O, Fast I/O, Fast I/O
file object attributes, Opening Devices
Synchronous Paging I/O, Write-Back Caching and Lazy Writing
SYSCALL instruction, DPC Stack
SYSENTER instruction, DPC Stack
sysptes command, System Page Table EntriesSystem Page Table Entries, System Page Table Entries, System Page Table Entries
system address space, Virtual Address Space Layouts, Virtual Address Space Layouts, 64-Bit Address Space Layouts, Kernel Stacks
system cache, 64-Bit Address Space Layouts, Dynamic System Virtual Address Space Management, Clustered Page Faults
address space, 64-Bit Address Space Layouts
expanding, Dynamic System Virtual Address Space Management
prefetching pages, Clustered Page Faults
system cache working sets, Virtual Address Space Layouts, System Working Sets, Cache Size, Cache Working Set Size
system code write protection, Code Overwrite and System Code Write ProtectionAdvanced Crash Dump Analysis, Code Overwrite and System Code Write Protection, Advanced Crash Dump Analysis
system code, in system space, Virtual Address Space Layoutsx86 Address Space Layouts, Virtual Address Space Layouts, x86 Address Space Layouts
system commit limit, Commit Limit, Commit Charge and the System Commit Limit, Commit Charge and the System Commit Limit, Commit Charge and the System Commit Limit
System Deployment Image (SDI), The BIOS Boot Sector and Bootmgr
system environment variables, Smss, Csrss, and Wininit
system failures, Recoverable File System Support
System File Checker (Sfc.exe), System File Corruption
system files, Boot Sector CorruptionSystem Hive Corruption, System File Corruption, System File Corruption, System Hive Corruption
backup copies, System File Corruption
repairing corruption, Boot Sector CorruptionSystem Hive Corruption, System File Corruption, System Hive Corruption
SYSTEM hive, The BIOS Boot Sector and Bootmgr, The BIOS Boot Sector and Bootmgr, Initializing the Kernel and Executive Subsystems, Initializing the Kernel and Executive Subsystems, System Hive Corruption
system identifiers (TPM), Encryption Keys
System Image Recover (Windows RE), Windows Recovery Environment (WinRE)
System Image Recovery images, System File Corruption
system images, x86 Address Space Layouts, x86 Address Space Layouts, Boot Logging in Safe Mode, System File Corruption
System Information tool, Troubleshooting Crashes
system integrity checks (TPM), Trusted Platform Module (TPM)
system mapped views, Virtual Address Space Layouts, x86 System Address Space Layout, x86 System Address Space Layout
system memory pools (kernel-mode heaps), Kernel-Mode Heaps (System Memory Pools)Look-Aside Lists, Kernel-Mode Heaps (System Memory Pools), Pool Sizes, Pool Sizes, Monitoring Pool Usage, Monitoring Pool Usage, Monitoring Pool Usage, Look-Aside Lists, Look-Aside Lists
system partitions, BIOS Preboot, Smss, Csrss, and Wininit
system paths, Booting from iSCSI
system power policies, Power Manager Operation, Driver Power Operation, Driver Power Operation
system power requests, Power Availability Requests
System process, Memory Manager Components, Internal Synchronization, Process Monitor Basic vs. Advanced Modes
system process shutdowns, ShutdownShutdown, Shutdown, Shutdown
System Properties tool, Crash Dump Files
system PTE working sets, Virtual Address Space Layouts, Balance Set Manager and Swapper
system PTEs, Virtual Address Space Layouts, x86 Address Space Layouts, System Page Table Entries, System Page Table Entries, 64-Bit Address Space Layouts, Dynamic System Virtual Address Space Management
System Recovery Options dialog box, Windows Recovery Environment (WinRE)
system resources, releasing, Structure of a DriverDriver Objects and Device Objects, Structure of a Driver, Driver Objects and Device Objects
System Restore, VSS Architecture, Previous Versions and System Restore, Previous Versions and System Restore, Previous Versions and System Restore, Windows Recovery Environment (WinRE), System Hive Corruption, Post–Splash Screen Crash or Hang
System Restore Wizard, Post–Splash Screen Crash or Hang
system root paths, Initializing the Kernel and Executive Subsystems
system service dispatch tables, Initializing the Kernel and Executive Subsystems
system shutdown notification routines, Structure of a Driver
system start (1) value, Driver Support for Plug and Play, The Start Value
system start device drivers, Causes of Windows Crashes
system storage class device drivers, Prioritization Strategies
system threads, Modified Page Writer, Modified Page Writer
system time, Initializing the Kernel and Executive Subsystems, Advanced Crash Dump Analysis
system variables, PFN Data Structures
system virtual address spaces, Internal Synchronization, Dynamic System Virtual Address Space Management, System Virtual Address Space Quotas, The Memory Manager
system virtual memory limits, Physical Memory Limits32-Bit Client Effective Memory Limits, Windows Client Memory Limits, 32-Bit Client Effective Memory Limits, 32-Bit Client Effective Memory Limits, 32-Bit Client Effective Memory Limits
System Volume Information directory, Shadow Copy Provider
system volumes, LDM and GPT or MBR-Style Partitioning, Mirrored Volumes, BIOS Preboot, Smss, Csrss, and Wininit
system worker threads, System Threads, Initializing the Kernel and Executive Subsystems
system working set lists, PFN Data Structures
system working sets, Driver Verifier, System Working Sets
forcing code out of, Driver Verifier
working sets, System Working Sets
system-managed paging files, Page Files
system-managed shared resources, Commit Charge and the System Commit Limit
system-start values, Device Enumeration
SystemLowPriorityIoInformation class, I/O Priority Boosts and Bumps
systemroot element, The BIOS Boot Sector and Bootmgr
SystemSuperFetchInformation class, Scenarios
systemwide code and data, Virtual Address Space Layouts
systemwide environment variables, When There Is No Crash Dump
SYSTEM_SERVICE_EXCEPTION stop code, Causes of Windows Crashes
SYSTEM_THREAD_EXCEPTION_NOT_HANDLED stop code, Causes of Windows Crashes