E

ECC (error correcting code), Disk Sector Format, NAND-Type Flash Memory, PFN Data Structures
echo command, Multiple Data Streams
ECP (extended create parameters), Opening Devices
EFI (Extensible Firmware Interface), Winload, Basic DisksGUID Partition Table Partitioning, GUID Partition Table Partitioning, GUID Partition Table Partitioning, Startup and Shutdown, Boot Process, The UEFI Boot Process, The UEFI Boot Process
APIs, The UEFI Boot Process
BCD in, Winload
boot process, Startup and Shutdown
file extensions, The UEFI Boot Process
partitioning and, Basic DisksGUID Partition Table Partitioning, GUID Partition Table Partitioning, GUID Partition Table Partitioning
Unified EFI (EFI 2.0), Boot Process
EFI Boot Manager, The UEFI Boot Process
EFI system partition, The UEFI Boot Process
EFS (Encrypting File System), BitLocker Drive Encryption, Encryption, Encryption, File Records, Encrypting File System Security, Encrypting File System Security, Encrypting File System Security, Encrypting File System Security, Encrypting a File for the First Time, Encrypting File Data, Backing Up Encrypted Files
EFSDump utility, Backing Up Encrypted Files
EISA devices, The BIOS Boot Sector and Bootmgr
eject events, Structure and Operation of a KMDF Driver
EKU (enhanced key usage), Encrypting File Data
El Torito CDFS, The BIOS Boot Sector and Bootmgr
Elephant diffuser, Encryption Keys, Full-Volume Encryption Driver
embedded links (OLE), Link Tracking
embedded spaces (file names), File Names
emd (External Memory Device), ReadyBoost
emergency hibernation files, The Power Manager
Emergency Management Services (EMS), The BIOS Boot Sector and Bootmgr, Initializing the Kernel and Executive Subsystems
EMET (Enhanced Mitigation Experience Toolkit), Controlling Security Mitigations
empty pages, Shared Memory and Mapped Files
EMS (Emergency Management Services), The BIOS Boot Sector and Bootmgr
ems element, The BIOS Boot Sector and Bootmgr
emsbaudrate element, The BIOS Boot Sector and Bootmgr
emsport element, The BIOS Boot Sector and Bootmgr
emulation (advanced format disks), Disk Sector Format
EncodeSystemPointer API, Software Data Execution Prevention
Encrypted Data Recovery Agents policy, Encrypting a File for the First Time
EncryptFile function, Encryption
Encrypting File System (EFS), BitLocker Drive Encryption, Encryption, POSIX Support, File Names, Encrypting File System Security, Encrypting File System Security, Encrypting File System Security, Encrypting a File for the First Time, Encrypting a File for the First Time, Encrypting File Data, Backing Up Encrypted Files
encryption, BitLocker Drive EncryptionBitLocker To Go, BitLocker Drive Encryption, BitLocker Drive Encryption, BitLocker Drive Encryption, Encryption KeysTrusted Platform Module (TPM), Encryption Keys, Encryption Keys, Trusted Platform Module (TPM), Trusted Platform Module (TPM), Trusted Platform Module (TPM), Trusted Platform Module (TPM), BitLocker Boot Process, BitLocker Key Recovery, Full-Volume Encryption Driver, BitLocker Management, BitLocker To GoBitLocker To Go, BitLocker To Go, BitLocker To Go, BitLocker To Go, BitLocker To Go, ReadyBoostUnified Caching, ReadyDrive, Unified Caching, Process Monitor, Link TrackingDefragmentation, Encryption, Defragmentation, File Records, File Records, The Change Journal File, Encrypting File System SecurityBoot Process, Encrypting File System Security, Encrypting File System Security, Encrypting File System Security, Encrypting a File for the First Time, Encrypting File Data, The Decryption Process, Backing Up Encrypted Files, Backing Up Encrypted Files, Boot Process
backing up files, Backing Up Encrypted Files
BitLocker Drive Encryption, BitLocker Drive EncryptionBitLocker To Go, BitLocker Drive Encryption, BitLocker Drive Encryption, Encryption Keys, Encryption Keys, Trusted Platform Module (TPM), Trusted Platform Module (TPM), BitLocker Boot Process, BitLocker Key Recovery, Full-Volume Encryption Driver, BitLocker Management, BitLocker To Go, BitLocker To Go, BitLocker To Go
BitLocker To Go, BitLocker To GoBitLocker To Go, BitLocker To Go
change journal and, The Change Journal File
decryption, The Decryption Process
EFS, BitLocker Drive Encryption, Encryption, File Records, Encrypting File System SecurityBoot Process, Encrypting File System Security, Encrypting File System Security, Encrypting File System Security, Encrypting a File for the First Time, Encrypting File Data, Backing Up Encrypted Files, Boot Process
file attributes, File Records
file system filter drivers and, Process Monitor
keys, Encryption KeysTrusted Platform Module (TPM), Trusted Platform Module (TPM), Trusted Platform Module (TPM)
NTFS design goals, Link TrackingDefragmentation, Defragmentation
ReadyBoost, ReadyBoostUnified Caching, ReadyDrive, Unified Caching
encryption keys, Encryption KeysTrusted Platform Module (TPM), Encryption Keys, Trusted Platform Module (TPM), Trusted Platform Module (TPM)
enhanced key usage (EKU), Encrypting File Data
Enhanced Mitigation Experience Toolkit (EMET), Controlling Security Mitigations
enlistment objects, Initializing the Kernel and Executive Subsystems
enumeration, Driver Objects and Device Objects, The Plug and Play (PnP) Manager, Level of Plug and Play SupportDriver Support for Plug and Play, Driver Support for Plug and Play, Driver Loading, Initialization, and Installation, The Start Value, Device Enumeration, Device EnumerationDevice Enumeration, Device Enumeration, Device Enumeration, Device Enumeration, Device Enumeration, Device Enumeration, Device Enumeration, Device Stacks, Device Stack Driver Loading, Device Stack Driver Loading, Driver Installation, The Power Manager, Basic Disk Volume Manager, VSS Operation, Heap Manager, Heap Synchronization, Indexing, Reparse Points
device interfaces, Driver Objects and Device Objects
device keys, Device Stack Driver Loading, Driver Installation
enumeration-based loading, Driver Loading, Initialization, and Installation
heap entries and regions, Heap Manager, Heap Synchronization
indexing interactions, Indexing
nonenumerable devices, Device Enumeration
PnP loading and initialization process, Device EnumerationDevice Enumeration, Device Enumeration, Device Enumeration
PnP manager, The Plug and Play (PnP) Manager, Level of Plug and Play SupportDriver Support for Plug and Play, Driver Support for Plug and Play, The Start Value, Device Enumeration, Device Enumeration, Device Enumeration, Device Stacks
power management capabilities, The Power Manager
registry keys, Device Enumeration, Device Stack Driver Loading
reparse points, Reparse Points
shadow copy writers, VSS Operation
volume manager, Basic Disk Volume Manager
enumeration keys, device, Device Stack Driver Loading, Driver Installation
enumeration-based loading, Driver Loading, Initialization, and Installation
.enumtag command, Crash Dump Files
environment subsystems, The I/O Manager
environment variables, Smss, Csrss, and Wininit, Smss, Csrss, and Wininit
EPROCESS structure, Crash Dump Files
ERESOURCE structure, I/O Priority Inversion Avoidance (I/O Priority Inheritance), Driver Verifier, Driver Verifier
errata manager, Initializing the Kernel and Executive Subsystems
error correcting code (ECC), Disk Sector Format, PFN Data Structures
error messages (boot problems), MBR CorruptionPost–Splash Screen Crash or Hang, Boot Sector Corruption, System File Corruption, Post–Splash Screen Crash or Hang
error-logging routines, Structure of a Driver
Esentutl.exe (Active Directory Database Utility tool), x86 Address Space Layouts
Ethernet, Booting from iSCSI
ETHREAD structure, I/O Priority Inversion Avoidance (I/O Priority Inheritance), Crash Dump Files
ETW (Event Tracing for Windows), Multipath I/O (MPIO) Drivers, Initializing the Kernel and Executive Subsystems
event dispatcher objects, Page List Dynamics
Event Tracing for Windows (ETW), Multipath I/O (MPIO) Drivers, Initializing the Kernel and Executive Subsystems
Event Viewer, Fault Tolerant Heap
events, Structure and Operation of a KMDF Driver, Structure and Operation of a KMDF Driver, In-Paging I/OCollided Page Faults, Collided Page Faults, Memory Notification EventsMemory Notification Events, Memory Notification Events, Common Log File System, Common Log File System, Initializing the Kernel and Executive Subsystems
CLFS, Common Log File System
in-paging I/O, In-Paging I/OCollided Page Faults, Collided Page Faults
KDMF drivers, Structure and Operation of a KMDF Driver
KDMF runtime states, Structure and Operation of a KMDF Driver
logging, Common Log File System
memory notification events, Memory Notification EventsMemory Notification Events, Memory Notification Events
object types, Initializing the Kernel and Executive Subsystems
evstore element, The BIOS Boot Sector and Bootmgr
EvtDeviceFileCreate event, KMDF I/O Model
EvtDriverDeviceAdd callback, Structure and Operation of a KMDF Driver
EvtDriverDeviceAdd event, Structure and Operation of a KMDF Driver
EvtFileCleanup callback, KMDF I/O Model
EvtFileClose callback, KMDF I/O Model
EvtIo routines, Structure and Operation of a KMDF Driver
EvtIoDefault callback, KMDF I/O Model
Ex functions, Services Provided by the Memory Manager
ExAdjustLookasideDepth function, Look-Aside Lists
ExAllocatePool functions, Driver Verifier
ExAllocatePoolWithTag function, Driver Verifier
exception codes, Software Data Execution Prevention, Causes of Windows Crashes, Causes of Windows Crashes
exception handlers, Software Data Execution Prevention
exceptions, Memory Manager Components, Why Does Windows Crash?, When There Is No Crash Dump
EXCEPTION_DOUBLE_FAULT exception, 0x7F - UNEXPECTED_KERNEL_MODE_TRAP
exclusive access locks, LockingLocking, Locking, Locking
exclusive leases, Locking
ExDeleteResource function, Driver Verifier
Executable Dispatch Mitigation, Software Data Execution Prevention
executables, Shared Memory and Mapped Files, Protecting MemoryProtecting Memory, Protecting Memory, Protecting Memory, No Execute Page Protection, User Address Space Layout, User Address Space Layout
address space, User Address Space Layout, User Address Space Layout
execute-only, Shared Memory and Mapped Files
execution protection, No Execute Page Protection
PAGE attributes and, Protecting MemoryProtecting Memory, Protecting Memory, Protecting Memory
execution protection, No Execute Page Protection
executive components, Look-Aside Lists, Section Objects, Initializing the Kernel and Executive Subsystems, Initializing the Kernel and Executive Subsystems, Shutdown
executive objects, Initializing the Kernel and Executive Subsystems
executive resource locks, Hung or Unresponsive Systems
executive subsystems, Memory Manager Components, BIOS Preboot, Initializing the Kernel and Executive Subsystems, Initializing the Kernel and Executive Subsystems, Initializing the Kernel and Executive Subsystems, Initializing the Kernel and Executive Subsystems, Initializing the Kernel and Executive Subsystems, Initializing the Kernel and Executive Subsystems, Shutdown
executive worker threads, System Threads
exFAT file system, exFATNTFS, exFAT, NTFS
Exfat.sys, Local FSDs
ExFreePool function, Driver Verifier
ExInitializeNPagedLookasideList function, Look-Aside Lists
ExInitializePagedLookasideList function, Look-Aside Lists
ExitWindowsEx function, Shutdown
expanding, Balance Set Manager and SwapperSystem Working Sets, System Working Sets, System Working Sets
working sets, Balance Set Manager and SwapperSystem Working Sets, System Working Sets, System Working Sets
experiments, Layered DriversLayered Drivers, Layered Drivers, Layered Drivers, Driver Objects and Device Objects, Driver Objects and Device Objects, Driver Objects and Device Objects, Opening DevicesOpening Devices, Opening Devices, Opening Devices, Opening Devices, Fast I/O, IRP Stack Locations, IRP Stack Locations, I/O Requests to Layered DriversI/O Requests to Layered Drivers, I/O Requests to Layered Drivers, I/O Requests to Layered Drivers, I/O Priority Boosts and BumpsBandwidth Reservation (Scheduled File I/O), I/O Priority Boosts and Bumps, Bandwidth Reservation (Scheduled File I/O), Bandwidth Reservation (Scheduled File I/O), Structure and Operation of a KMDF DriverKMDF Data Model, KMDF Data Model, KMDF Data Model, Device Stack Driver Loading, Driver Installation, Driver Installation, Driver Power OperationDriver Power Operation, Driver Power Operation, Driver Power Operation, Power Availability Requests, Utility FunctionUtility Function, Utility Function, Utility Function, Thresholds and Policy SettingsThresholds and Policy Settings, Thresholds and Policy Settings, Thresholds and Policy Settings, Performance CheckPerformance Check, Performance Check, Multipath I/O (MPIO) Drivers, The LDM Database, The LDM Database, LDM and GPT or MBR-Style Partitioning, Mirrored VolumesMirrored Volumes, Mirrored Volumes, Mirrored Volumes, Volume MountingVolume Mounting, Volume Mounting, Shadow Copy Provider, Backup, Previous Versions and System Restore, Previous Versions and System RestoreConclusion, Conclusion, Examining Memory UsageExamining Memory Usage, Examining Memory Usage, Examining Memory Usage, Examining Memory Usage, Reserving and Committing PagesReserving and Committing Pages, Reserving and Committing Pages, Reserving and Committing Pages, Shared Memory and Mapped Files, No Execute Page Protection, Monitoring Pool UsageLook-Aside Lists, Monitoring Pool Usage, Look-Aside Lists, Look-Aside Lists, x86 Address Space Layouts, x86 Session SpaceSystem Page Table Entries, x86 Session Space, x86 Session Space, System Page Table EntriesSystem Page Table Entries, System Page Table Entries, System Page Table Entries, Dynamic System Virtual Address Space Management, Dynamic System Virtual Address Space Management, User Address Space LayoutUser Address Space Layout, User Address Space Layout, Controlling Security Mitigations, Page Directories, Physical Address Extension (PAE)Physical Address Extension (PAE), Physical Address Extension (PAE), Physical Address Extension (PAE), Physical Address Extension (PAE), Page Files, User Stacks, Kernel Stacks, Process VADs, Page Frame Number Database, Page List DynamicsPage List Dynamics, Page List Dynamics, Page List Dynamics, Page Priority, Page Priority, Page Priority, PFN Data Structures, Logical Prefetcher, Logical Prefetcher, Working Set Management, Working Set ManagementWorking Set Management, Working Set ManagementBalance Set Manager and Swapper, Working Set Management, Working Set Management, Working Set Management, Balance Set Manager and Swapper, Process ReflectionProcess Reflection, Process Reflection, Systemwide Cache Data Structures, Per-File Cache Data StructuresFile System Interfaces, Per-File Cache Data Structures, File System Interfaces, Write-Back Caching and Lazy WritingWrite-Back Caching and Lazy Writing, Write-Back Caching and Lazy Writing, Write-Back Caching and Lazy Writing, Write-Back Caching and Lazy Writing, Write-Back Caching and Lazy Writing, Write-Back Caching and Lazy Writing, Forcing the Cache to Write Through to DiskWrite Throttling, Write Throttling, Write Throttling, Write Throttling, LockingLocking, Locking, Process Monitor, Process Monitor Basic vs. Advanced Modes, Multiple Data Streams, Symbolic (Soft) Links and Junctions, Symbolic (Soft) Links and Junctions, Master File Table, File Names, The Change Journal FileThe Change Journal File, The Change Journal File, IsolationTransactional APIs, Isolation, Transactional APIs, Resource ManagersOn-Disk Implementation, Resource Managers, On-Disk Implementation, Backing Up Encrypted Files, Shutdown, Crash Dump FilesCrash Dump Generation, Crash Dump Files, Crash Dump Generation, Buffer Overruns, Memory Corruption, and Special Pool, When There Is No Crash DumpWhen There Is No Crash Dump, When There Is No Crash Dump, When There Is No Crash Dump, When There Is No Crash Dump
ASLR protection, Controlling Security Mitigations
cache flushing, Forcing the Cache to Write Through to DiskWrite Throttling, Write Throttling, Write Throttling
cache manager operations, Write-Back Caching and Lazy WritingWrite-Back Caching and Lazy Writing, Write-Back Caching and Lazy Writing, Write-Back Caching and Lazy Writing, Write-Back Caching and Lazy Writing, Write-Back Caching and Lazy Writing, Write-Back Caching and Lazy Writing
catalog files, Driver Installation
change journal, The Change Journal FileThe Change Journal File, The Change Journal File
core parking policies, Thresholds and Policy SettingsThresholds and Policy Settings, Thresholds and Policy Settings, Thresholds and Policy Settings
DEP protection, No Execute Page Protection
device handles, Opening DevicesOpening Devices, Opening Devices, Opening Devices
device name mappings, Opening Devices
device objects, Driver Objects and Device Objects, Driver Objects and Device Objects
devnode information, Device Stack Driver Loading
driver dispatch routines, IRP Stack Locations
driver objects, Driver Objects and Device Objects
dump file analysis, Crash Dump FilesCrash Dump Generation, Crash Dump Files, Crash Dump Generation
EFS encryption, Backing Up Encrypted Files
fast I/O routines, Fast I/O
free and zero page lists, Page List DynamicsPage List Dynamics, Page List Dynamics, Page List Dynamics
hard links, Symbolic (Soft) Links and Junctions
history, processor utility and frequency, Utility Function
hung program timeouts, Shutdown
I/O priorities, I/O Priority Boosts and BumpsBandwidth Reservation (Scheduled File I/O), I/O Priority Boosts and Bumps, Bandwidth Reservation (Scheduled File I/O), Bandwidth Reservation (Scheduled File I/O)
idle system activity, Process Monitor Basic vs. Advanced Modes
INF files, Driver Installation
IRPs, I/O Requests to Layered DriversI/O Requests to Layered Drivers, I/O Requests to Layered Drivers, I/O Requests to Layered Drivers
kernel debugging, When There Is No Crash DumpWhen There Is No Crash Dump, When There Is No Crash Dump, When There Is No Crash Dump, When There Is No Crash Dump
kernel stack usage, Kernel Stacks
KMDF drivers, Structure and Operation of a KMDF DriverKMDF Data Model, KMDF Data Model, KMDF Data Model
large address aware applications, x86 Address Space Layouts
LDM database, The LDM Database, The LDM Database, LDM and GPT or MBR-Style Partitioning
loaded driver lists, Layered DriversLayered Drivers, Layered Drivers, Layered Drivers
mapping volume shadow device objects, Previous Versions and System RestoreConclusion, Conclusion
maximum number of threads, User Stacks
memory mapped files, Shared Memory and Mapped Files
mirrored volume I/O, Mirrored VolumesMirrored Volumes, Mirrored Volumes, Mirrored Volumes
NTFS volume information, Master File Table
PAE and addresses, Physical Address Extension (PAE)Physical Address Extension (PAE), Physical Address Extension (PAE), Physical Address Extension (PAE), Physical Address Extension (PAE)
page directories and PDEs, Page Directories
page files, Page Files
PFN database, Page Frame Number Database
PFN entries, PFN Data Structures
physical disk I/O, Multipath I/O (MPIO) Drivers
pool leaks, Monitoring Pool UsageLook-Aside Lists, Monitoring Pool Usage, Look-Aside Lists
power availability requests, Power Availability Requests
PPM check information, Performance CheckPerformance Check, Performance Check
prefetch files, Logical Prefetcher, Logical Prefetcher
prioritized standby lists, Page Priority, Page Priority, Page Priority
Process Monitor’s filter driver, Process Monitor
process reflection, Process ReflectionProcess Reflection, Process Reflection
process working sets, Working Set Management
processor utility and frequency, Utility FunctionUtility Function, Utility Function
reserved and committed pages, Reserving and Committing PagesReserving and Committing Pages, Reserving and Committing Pages, Reserving and Committing Pages
resource manager information, Resource ManagersOn-Disk Implementation, Resource Managers, On-Disk Implementation
restore points and previous versions, Previous Versions and System Restore
session space utilization, x86 Session Space
sessions, x86 Session SpaceSystem Page Table Entries, x86 Session Space, System Page Table Entries
shadow copy device objects, Shadow Copy Provider
shadow volume device objects, Backup
shared and private cache maps, Per-File Cache Data StructuresFile System Interfaces, Per-File Cache Data Structures, File System Interfaces
special pool, Buffer Overruns, Memory Corruption, and Special Pool
streams, Multiple Data Streams
symbolic links, Symbolic (Soft) Links and Junctions
system look-aside lists, Look-Aside Lists
system memory information, Examining Memory UsageExamining Memory Usage, Examining Memory Usage, Examining Memory Usage, Examining Memory Usage
system power and policies, Driver Power OperationDriver Power Operation, Driver Power Operation, Driver Power Operation
system PTEs, System Page Table EntriesSystem Page Table Entries, System Page Table Entries
system virtual address usage, Dynamic System Virtual Address Space Management
thread IRPs, IRP Stack Locations
transactions, IsolationTransactional APIs, Isolation, Transactional APIs
tunneling, File Names
user virtual address space, User Address Space LayoutUser Address Space Layout, User Address Space Layout
VACBs, Systemwide Cache Data Structures
viewing registered file systems, LockingLocking, Locking
virtual address descriptors, Process VADs
virtual address limits, Dynamic System Virtual Address Space Management
VPBs, Volume MountingVolume Mounting, Volume Mounting
working set lists, Working Set ManagementBalance Set Manager and Swapper, Working Set Management, Balance Set Manager and Swapper
working sets vs. virtual size, Working Set ManagementWorking Set Management, Working Set Management, Working Set Management
write throttling, Write Throttling
explicit device driver loading, The Start Value
explicit file I/O, Explicit File I/OCache Manager’s Read-Ahead Thread, Explicit File I/O, Explicit File I/O, Explicit File I/O, Explicit File I/O, Cache Manager’s Read-Ahead Thread
explicit memory allocation, Driver Verifier
exportascd element, The BIOS Boot Sector and Bootmgr
exporting control sets, Post–Splash Screen Crash or Hang
express queues (cache), System Threads
extended attributes, File Records, The Change Journal File
extended console input, The BIOS Boot Sector and Bootmgr
extended create parameters (ECP), Opening Devices
Extended File Allocation Table file system (exFat), exFATNTFS, NTFS, NTFS
extended partitions, MBR-Style Partitioning, BIOS Preboot
extendedinput element, The BIOS Boot Sector and Bootmgr
extending data, Sparse Files
extensibility, I/O System Components
extents (runs), Resident and Nonresident Attributes
external disk storage management, Storage Management
External Memory Device (emd), ReadyBoost