A

abort records, Logging Implementation
absolute paths, Symbolic (Soft) Links and Junctions
abstraction (I/O system), I/O System Components
access bit tracking (Superfetch), Tracing and Logging
access fault trap handler, Memory Manager Components
access violations, Fault Tolerant Heap, Page Fault Handling, Virtual Address Descriptors, Driver Verifier, Crash Dump Analysis
crashes, Crash Dump Analysis
heap-related, Fault Tolerant Heap
page faults, Page Fault Handling
special pool, Driver Verifier
VADs and, Virtual Address Descriptors
access-denied errors, Process Monitor Troubleshooting Techniques
Accessed bit (PTEs), Page Tables and Page Table Entries, Physical Address Extension (PAE), Working Set Management
ACLs (access control lists), Opening Devices, Protecting Memory, UDF, System File Corruption
I/O process and, Opening Devices
section objects, Protecting Memory
UDF format, UDF
Windows Resource Protection, System File Corruption
ACPI (Advanced Configuration and Power Interface), Device Stack Driver Loading, The Power Manager, The Power Manager, The BIOS Boot Sector and Bootmgr
Action Center, Windows Error Reporting, Online Crash Analysis
Active Directory, BitLocker Management, x86 Address Space Layouts, Safe Mode
active pages, Prototype PTEs, PFN Data Structures, Components
Active PFN state, Page Frame Number Database, Page Frame Number Database
Active Template Library (ATL), No Execute Page Protection
active threads, The IoCompletion Object, Using Completion Ports
active VACBs, Systemwide Cache Data Structures, Systemwide Cache Data Structures
Add Recovery Agent Wizard, Encrypting a File for the First Time
add-device routines, Structure of a Driver, Structure and Operation of a KMDF Driver, Driver Support for Plug and Play, Driver Support for Plug and Play, Driver Installation
AddiSNSSever command, iSCSI Drivers
address space, Internal Synchronization, Internal Synchronization, Kernel-Mode Heaps (System Memory Pools), Virtual Address Space Layouts, x86 Address Space Layouts, x86 System Address Space Layout, x86 Session Space, x86 Session SpaceSystem Page Table Entries, x86 Session Space, x86 Session Space, System Page Table EntriesSystem Page Table Entries, System Page Table Entries, System Page Table Entries, x64 Virtual Addressing LimitationsDynamic System Virtual Address Space Management, Windows x64 16-TB Limitation, Dynamic System Virtual Address Space Management, Dynamic System Virtual Address Space Management, System Virtual Address Space QuotasUser Address Space Layout, User Address Space Layout, User Address Space LayoutControlling Security Mitigations, User Address Space Layout, User Address Space Layout, Controlling Security Mitigations, Commit Charge and the System Commit LimitCommit Charge and the System Commit Limit, Commit Charge and the System Commit Limit, Commit Charge and the System Commit Limit, Commit Charge and the System Commit Limit, Process VADs, Cache Virtual Memory Management, Crash Dump Files
commit charge, Commit Charge and the System Commit LimitCommit Charge and the System Commit Limit, Commit Charge and the System Commit Limit, Commit Charge and the System Commit Limit, Commit Charge and the System Commit Limit
locks, Internal Synchronization
memory management, Internal Synchronization
paged and nonpaged pools, Kernel-Mode Heaps (System Memory Pools)
status, Process VADs
switching for processes, Crash Dump Files
system PTEs, System Page Table EntriesSystem Page Table Entries, System Page Table Entries
user layouts, User Address Space LayoutControlling Security Mitigations, User Address Space Layout, Controlling Security Mitigations
views, Cache Virtual Memory Management
virtual address space quotas, System Virtual Address Space QuotasUser Address Space Layout, User Address Space Layout, User Address Space Layout
x64 virtual address limitations, x64 Virtual Addressing LimitationsDynamic System Virtual Address Space Management, Windows x64 16-TB Limitation, Dynamic System Virtual Address Space Management, Dynamic System Virtual Address Space Management
x86 layouts, Virtual Address Space Layouts, x86 Address Space Layouts, x86 System Address Space Layout, x86 Session Space
x86 session space, x86 Session SpaceSystem Page Table Entries, x86 Session Space, x86 Session Space, System Page Table Entries
address translation, Large and Small Pages, x86 Virtual Address TranslationTranslation Look-Aside Buffer, x86 Virtual Address Translation, x86 Virtual Address Translation, Page Directories, Page Directories, Page Tables and Page Table Entries, Page Tables and Page Table Entries, Byte Within Page, Translation Look-Aside BufferPhysical Address Extension (PAE), Translation Look-Aside Buffer, Physical Address Extension (PAE)Physical Address Extension (PAE), Physical Address Extension (PAE), Physical Address Extension (PAE), Physical Address Extension (PAE), Physical Address Extension (PAE), Physical Address Extension (PAE), x64 Virtual Address TranslationPage Fault Handling, x64 Virtual Address Translation, IA64 Virtual Address TranslationPage Fault Handling, Page Fault Handling, Page Fault Handling, Page Fault Handling
AS64 translation, x64 Virtual Address TranslationPage Fault Handling, Page Fault Handling
IA64 systems, IA64 Virtual Address TranslationPage Fault Handling, Page Fault Handling, Page Fault Handling
PAE, Physical Address Extension (PAE)Physical Address Extension (PAE), Physical Address Extension (PAE), Physical Address Extension (PAE), Physical Address Extension (PAE), Physical Address Extension (PAE)
page sizes and, Large and Small Pages
translation look-aside buffer, Translation Look-Aside BufferPhysical Address Extension (PAE), Physical Address Extension (PAE)
x64 translation, x64 Virtual Address Translation
x86 translation, x86 Virtual Address TranslationTranslation Look-Aside Buffer, x86 Virtual Address Translation, x86 Virtual Address Translation, Page Directories, Page Directories, Page Tables and Page Table Entries, Page Tables and Page Table Entries, Byte Within Page, Translation Look-Aside Buffer
Address Windowing Extensions (AWE), Address Windowing Extensions, Address Windowing Extensions, Address Windowing Extensions, Commit Charge and the System Commit Limit, PFN Data Structures
AddTarget command, iSCSI Drivers
AddTargetPortal command, iSCSI Drivers
AddUsersToEncryptedFile API, Encrypting File System Security
Adelson-Velskii and Landis (AVL), Process VADs
administrator privileges, Driver Installation
Advanced Configuration and Power Interface (ACPI), Device Enumeration, The Power Manager, The BIOS Boot Sector and Bootmgr
advanced format (disks), Disk Sector Format, Disk Sector Format, Unified Caching
advanced local procedure calls (ALPC), User-Mode Driver Framework (UMDF), Initializing the Kernel and Executive Subsystems
advancedoptions element, The BIOS Boot Sector and Bootmgr
AES (Advanced Encryption Standard), Encryption Keys, Encryption Keys, BitLocker Key Recovery, BitLocker To GoBitLocker To Go, BitLocker To Go, ReadyDrive, Encrypting File System Security
AES-CCM keys, BitLocker Key Recovery
AES128-CBC encryption, Encryption Keys
AES256-CBC encryption, Encryption Keys
BitLocker To Go, BitLocker To GoBitLocker To Go, BitLocker To Go
EFS usage, Encrypting File System Security
ReadyBoost, ReadyDrive
affinitized cores, Performance Check
affinity counts, Algorithm Overrides
affinity history policies, Thresholds and Policy Settings
affinity manager, The Low Fragmentation Heap
aged pages, Working Set Management, Tracing and Logging
agents (Superfetch), Components
AGP ports, Rotate VADs
Algorithm for Recovery and Isolation Exploiting Semantics (ARIES), Marshalling
AllocateUserPhysicalPages function, Address Windowing Extensions
AllocateUserPhysicalPagesNuma function, Address Windowing Extensions
allocation, Monitoring Pool Usage, System Page Table Entries, Master File Table, Buffer Overruns, Memory Corruption, and Special Pool
master file table entries, Master File Table
pool, Monitoring Pool Usage, Buffer Overruns, Memory Corruption, and Special Pool
PTE failures, System Page Table Entries
allocation granularity, Allocation GranularityShared Memory and Mapped Files, Shared Memory and Mapped Files, Shared Memory and Mapped Files, No Execute Page Protection, Heap Manager, Image RandomizationImage Randomization, Image Randomization, Image Randomization
defined, Allocation GranularityShared Memory and Mapped Files, Shared Memory and Mapped Files, Shared Memory and Mapped Files
in load offset number, Image RandomizationImage Randomization, Image Randomization, Image Randomization
no execute page protection, No Execute Page Protection
smaller blocks (heaps), Heap Manager
ALPC (advanced local procedure calls), User-Mode Driver Framework (UMDF), Initializing the Kernel and Executive Subsystems, Smss, Csrss, and Wininit
alternate data streams, UDF, Multiple Data Streams, Resource Managers, Copying Encrypted Files
ALUA (asymmetrical logical unit arrays), Multipath I/O (MPIO) Drivers
AlwaysOff or AlwaysOn mode, No Execute Page Protection
analysis pass (recovery), Analysis PassUndo Pass, Analysis Pass, Undo Pass
APCs (asynchronous procedure calls), Completing an I/O Request
APIC (Advanced Programmable Interrupt Controller), The BIOS Boot Sector and Bootmgr, The BIOS Boot Sector and Bootmgr, The BIOS Boot Sector and Bootmgr
APIs, IsolationResource Managers, Transactional APIs, Resource Managers, The UEFI Boot Process, Smss, Csrss, and Wininit
EFI, The UEFI Boot Process
transactions, IsolationResource Managers, Transactional APIs, Resource Managers
Windows native, Smss, Csrss, and Wininit
Apple Macintosh machines, The UEFI Boot Process
application launch agent, Page Priority and Rebalancing
application threads, The I/O ManagerDevice Drivers, Device Drivers
Application Verifier, Driver Verifier
applications, The I/O ManagerDevice Drivers, Typical I/O Processing, Device Drivers, User-Mode Driver Framework (UMDF), Driver and Application Control of Device Power, Shadow Copy Provider, Introduction to the Memory Manager, Services Provided by the Memory Manager, Large and Small Pages, Locking Memory, Types of Heaps, Components, Cache Coherency, Process Monitor Troubleshooting Techniques, Driver Loading in Safe Mode
cache coherency, Cache Coherency
calling functions, The I/O ManagerDevice Drivers, Typical I/O Processing, Device Drivers
default heap, Types of Heaps
failed, traces, Process Monitor Troubleshooting Techniques
large page sizes, Large and Small Pages
large-address-space aware, Introduction to the Memory Manager
locking pages in memory, Locking Memory
memory management, Services Provided by the Memory Manager
power management control, Driver and Application Control of Device Power
safe mode boots, Driver Loading in Safe Mode
shadow copies, Shadow Copy Provider
Superfetch agents, Components
UMDF interaction, User-Mode Driver Framework (UMDF)
archival utilities, Multiple Data Streams
archived files, File Records
areal density (disk), Disk Sector FormatNAND-Type Flash Memory, NAND-Type Flash Memory
ARIES (Algorithm for Recovery and Isolation Exploiting Semantics), Marshalling
AS64 address translation, x64 Virtual Address TranslationPage Fault Handling, Page Fault Handling, Page Fault Handling
ASLR (Address Space Layout Randomization), Internal Synchronization, User Address Space LayoutImage Randomization, Image Randomization, Image Randomization, Heap Randomization, ASLR in Kernel Address Space, Controlling Security Mitigations, Controlling Security Mitigations
heap randomization, Heap Randomization
kernel address space, ASLR in Kernel Address Space
load offset numbers, User Address Space LayoutImage Randomization, Image Randomization, Image Randomization
memory manager, Internal Synchronization
security mitigations, Controlling Security Mitigations
viewing processes, Controlling Security Mitigations
ASR (Automated System Recovery), Windows Recovery Environment (WinRE)
assembly language, Structure of a Driver
ASSERT macros, 0x8E - KERNEL_MODE_EXCEPTION_NOT_HANDLED
Assign API, KMDF Data Model
associated IRPs, I/O Requests to Layered Drivers, I/O Requests to Layered Drivers, Volume I/O Operations
asymmetric key pair certificate hashes, Encrypting a File for the First Time
asymmetrical logical unit arrays (ALUA), Multipath I/O (MPIO) Drivers
asynchronous callbacks, Container Notifications
asynchronous I/O, I/O System Components, Opening Devices, Synchronous and Asynchronous I/O, Scatter/Gather I/O, Completing an I/O Request, Completing an I/O Request, I/O Requests to Layered DriversI/O Requests to Layered Drivers, I/O Requests to Layered Drivers, User-Initiated I/O Cancellation, I/O Cancellation for Thread Termination, I/O Completion Port Operation, Write ThrottlingWrite Throttling, Write Throttling
APC calls, Completing an I/O Request
cancellation, User-Initiated I/O Cancellation, I/O Cancellation for Thread Termination
completion, Completing an I/O Request
completion context, I/O Completion Port Operation
file object attributes, Opening Devices
layered drivers, I/O Requests to Layered DriversI/O Requests to Layered Drivers, I/O Requests to Layered Drivers
packet-based I/O, I/O System Components
scatter/gather I/O, Scatter/Gather I/O
testing status, Synchronous and Asynchronous I/O
write throttling, Write ThrottlingWrite Throttling, Write Throttling
asynchronous procedures calls (APCs), Completing an I/O Request, Completing an I/O Request, In-Paging I/O
asynchronous read or write, Fast I/O, Intelligent Read-Ahead
ATA (AT attachment), Prioritization Strategies
ATA-8, ReadyDrive
ATAPI-based IDE devices, Disk Class, Port, and Miniport Drivers
Atapi.sys driver, Disk Class, Port, and Miniport Drivers
Ataport.sys driver, Disk Class, Port, and Miniport Drivers
ATL (Active Template Library), No Execute Page Protection
ATL thunk emulation, No Execute Page ProtectionSoftware Data Execution Prevention, No Execute Page Protection, Software Data Execution Prevention
atomic transactions, RecoverabilityData Redundancy and Fault Tolerance, Recoverability, Data Redundancy and Fault Tolerance
attaching memory to processes, Reserving and Committing Pages
Attachment Execution Service, Multiple Data Streams
attachments, web or mail, Multiple Data Streams
ATTEMPTED_EXECUTE_OF_NOEXECUTE_MEMORY code, No Execute Page Protection
attribute definition table (AttrDef), Master File Table
attribute streams, File Records
attributes, File RecordsFile Names, File Records, File Names, Resident and Nonresident AttributesData Compression and Sparse Files, Resident and Nonresident Attributes, Resident and Nonresident Attributes, Data Compression and Sparse Files
files, list, File RecordsFile Names, File Records, File Names
resident and nonresident, Resident and Nonresident AttributesData Compression and Sparse Files, Resident and Nonresident Attributes, Resident and Nonresident Attributes, Data Compression and Sparse Files
audio adapters, Windows Client Memory Limits
auditing, Initializing the Kernel and Executive Subsystems
authentication schemes (BitLocker), Encryption Keys, BitLocker Management
authorization (NTFS security), Security
auto-recovery BCD element behavior, The BIOS Boot Sector and Bootmgr
auto-start (2) value, The Start Value, Device Enumeration
auto-start device drivers, BIOS Preboot, Smss, Csrss, and Wininit
Autochk.exe, Volume Mounting
automated crash analysis, Online Crash Analysis
Automated System Recovery (ASR), Windows Recovery Environment (WinRE)
automatic rebooting, The BIOS Boot Sector and Bootmgr
Autoruns tool, Images That Start Automatically, Images That Start Automatically
auxiliary displays, User-Mode Driver Framework (UMDF)
available memory, Examining Memory Usage, Examining Memory Usage
available pages, Modified Page Writer, PFN Data Structures
average frequency (processors), Utility Function
AVL trees, Process VADs
avoidlowmemory element, The BIOS Boot Sector and Bootmgr
AWE (Address Windowing Extensions), Address Windowing Extensions, Address Windowing Extensions, Commit Charge and the System Commit Limit, PFN Data Structures