Windows Executive component function prefix

Windows Executive component function prefix

Pattern

<Prefix><Operation><Object> ex. ExAllocatePoolWithTag

Prefix

Alpc = Advanced Local Inter-Process Communication

Cc = Common Cache

Cm = Configuration Manager

Dbgk = Debugging Framework for User-Mode

Em = Errata Manager

Etw = Event Tracing for Windows

Ex = Executive support routines

FsRtl = File System driver Run-Time Library 

Hal = Hardware Abstraction Layer

Hvl = Hyper visor Library

Io = I/O Manager

Kd = Kernel Debugger

Ke = Kernel

Lsa = Local Security Authority

Mm = Memory Manager

Nt = NT System Services

Ob = Object Manager

Pf = Prefetcher

Po = Power Manager

Pp = PnP Manager

Ps = Process Support

Rtl = Run-time Library

Se = Security

Tm = Transaction Manager

Vf = Verifier (Driver Verifier)

Whea = Windows Hardware Error Architecture

Wmi = Windows Management Instrumentation

Wdi = Windows Diagnostic Infrastructure

Zw = The mirror entry point for system service , similar to NT, but sets access mode to Kernel, which in turn eliminates any parameter validation. because, Only In the user mode, Nt system service validate parameters.