What does the "Zw" prefix mean?

If you spend time in kernel mode, you’re accustomed to seeing functions with two-letter (or occasionally, three-letter) prefixes that indicate which component they belong to.

Prefix	Component	Example
`Ex`	Executive	`ExAllocatePool`
`Hal`	Hardware abstraction layer	`HalGetBusData`
`Io`	I/O manager	`IoAllocateIrp`
`Ke`	Kernel	`KeBugCheck`
`Ks`	Kernel streaming	`KsAcquireControl`
`Mm`	Memory manager	`MmGetPhysicalAddress`
`Ob`	Object manager	`ObReferenceObjectByHandle`
`Po`	Power management	`PoSetSystemState`
`Se`	Security	`SeAccessCheck`
`Tdi`	Transport driver interface	`TdiProviderReady`
`Zw`	????	`ZwCancelTimer`

What does the “Zw” mean?

Answer: Nothing.

The people who chose the letters wanted to pick something that was unlikely to collide with anything. Perhaps they had a prior bad experience with having chosen a prefix, only to find that somebody ahead of them claimed it already?

Author

Raymond Chen

Raymond has been involved in the evolution of Windows for more than 30 years. In 2003, he began a Web site known as The Old New Thing which has grown in popularity far beyond his wildest imagination, a development which still gives him the heebie-jeebies. The Web site spawned a book, coincidentally also titled The Old New Thing (Addison Wesley 2007). He occasionally appears on the Windows Dev Docs Twitter account to tell stories which convey no useful information.

What does the “Zw” prefix mean?

Author

0 comments

Read next

Why does MS-DOS use 8.3 filenames instead of, say, 11.2 or 16.16?

Why do some file operations take file names and others take handles?

Author

0 comments

Read next

Why does MS-DOS use 8.3 filenames instead of, say, 11.2 or 16.16?

Why do some file operations take file names and others take handles?

Stay informed