执行体方法通用格式定义
执行体方法通用格式为:<Prefix><Operation><Object>,其中
- Prefix:表示导出例程的内部组件
- Operation:表示这个方法的行为,怎么操作对象或者资源
- Object:标识要操作的对象或资源
常见的 Prefix:
| Prefix | Component |
|---|---|
| Alpc | Advanced Local Procedure Calls |
| Cc | Common Cache |
| Cm | Configuration manager |
| Dbg | Kernel debug support |
| Dbgk | Debugging Framework for user mode |
| Em | Errata manager |
| Etw | Event Tracing for Windows |
| Ex | Executive support routines |
| FsRtl | File System Runtime Library |
| Hv | Hive library |
| Hvl | Hypervisor library |
| Io | I/O manager |
| Kd | Kernel debugger |
| Ke | Kernel |
| Kse | Kernel Shim Engine |
| Lsa | Local Security Authority |
| Mm | Memory manager |
| Nt | NT system services (accessible from user mode through system calls) |
| Ob | Object manager |
| Pf | Prefetcher |
| Po | Power manager |
| PoFx | Power framework |
| Pp | PnP manager |
| Ppm | Processor power manager |
| Ps | Process support |
| Rtl | Run-time library |
| Se | Security Reference Monitor |
| Sm | Store Manager |
| Tm | Transaction manager |
| Ttm | Terminal timeout manager |
| Vf | Driver Verifier |
| Vsl | Virtual Secure Mode library |
| Wdi | Windows Diagnostic Infrastructure |
| Wfp | Windows FingerPrint |
| Whea | Windows Hardware Error Architecture |
| Wmi | Windows Management Instrumentation |
| Zw | Mirror entry point for system services (beginning with Nt) that sets previous access mode to kernel, which eliminates parameter validation, because Nt system services validate parameters only if previous access mode is user |
每天编程两小时,不想变大牛都难!
