Leaderboard

Dupa cum vedeti Aici a fost scoasa moderarea pe RST Market deja au inceput sa curga...topicurile facute cu,,, conturi care au...cateva ore/zile vechime...nu o sa treaca mult timp si o sa inceapa sa curga si tepele. Propun reintroducerea aprobarii fiecarui topic nou postat pe RST Market.

Catalog of key Windows kernel data structures During our Windows internals and debugging classes, students frequently ask us questions along the lines of - "What data structure does the Windows kernel use for a mutex?". This article attempts to answer such questions by describing some of the key data structures that are used by the Windows kernel and device drivers. This article lays emphasis on the relationship of a structure with others in the system, helping the reader navigate through these structures in the kernel debugger. While reading this article, the reader is encouraged to have a kernel debugger readily available to try out the debugger commands and examine the structures and their fields. This article is intended to be a reference, not a tutorial. For each structure, this article provides a high level description of the structure, followed by details of some of the important fields that point to other structures. If applicable, debugger commands that apply to the structure and functions that manipulate the structure are provided. Most of the data structures mentioned in this article are allocated by the kernel from paged or non-paged pool, which is a part of the kernel virtual address space. The following data structures are discussed in this document, click on any of them to directly go to the description. Doubly Linked List : LIST_ENTRY Process and Thread : EPROCESS, KPROCESS, ETHREAD, KTHREAD Kernel and HAL : KPCR, KINTERRUPT, CONTEXT, KTRAP_FRAME, KDPC, KAPC, KAPC_STATE Synchronization Objects : DISPATCHER_HEADER, KEVENT, KSEMAPHORE, KMUTANT, KTIMER, KGATE, KQUEUE Executive & RTL : IO_WORKITEM I/O Manager : IRP, IO_STACK_LOCATION, DRIVER_OBJECT, DEVICE_OBJECT, DEVICE_NODE, FILE_OBJECT Objects and Handles : OBJECT_HEADER, OBJECT_TYPE, HANDLE_TABLE_ENTRY Memory Manager : MDL, MMPTE, MMPFN, MMPFNLIST, MMWSL, MMWSLE, POOL_HEADER, MMVAD Cache Manager : VACB, VACB_ARRAY_HEADER, SHARED_CACHE_MAP, PRIVATE_CACHE_MAP, SECTION_OBJECT_POINTERS Gasiti tot aici: CodeMachine - Article - Catalog of key Windows kernel data structures

David Kennedy(ReL1K) Rob Simon