| I tried googling for KiInitializeContextThread and there are lot of search results for this name. For example, a presentation in Chinese dated 2005 year described process creating and mentions this function: [1] The sequence of events that happens inside KeInitThread() can be obtained from reverse engineering. If you compare the code of this function in WRK [2] and in Reactos [3] code, you'll see that while they do similar things, the code is not the same. Regarding NpxFrame, I don't know why this name is used in KiExitV86Mode, but if you compare functions KiInitializeContextThread in WRK and in Reactos, you'll see that in WRK the variable is named NpxFrame [4], and in Reactos a similar variable is named FxSaveArea (which matches structure FX_SAVE_AREA). The variable named NpxFrame in Reactos is used in other function, KiExitV86Mode. [1] https://slideplayer.com/slide/6561298/ [2] https://github.com/Zer0Mem0ry/ntoskrnl/blob/master/Ke/thredo... [3] https://github.com/reactos/reactos/blob/master/ntoskrnl/ke/t... [4] https://github.com/Zer0Mem0ry/ntoskrnl/blob/a1eded2d8efb0716... [5] https://github.com/reactos/reactos/blob/893a3c9d030fd8b078cb... |