Windows Internals, Part 1, 7th Edition
- Length: 800 pages
- Edition: 7
- Language: English
- Publisher: Microsoft Press
- Publication Date: 2017-05-15
- ISBN-10: 0735684189
- ISBN-13: 9780735684188
- Sales Rank: #38507 (See Top 100 Books)
The definitive guide–fully updated for Windows 10 and Windows Server 2016
Delve inside Windows architecture and internals, and see how core components work behind the scenes. Led by a team of internals experts, this classic guide has been fully updated for Windows 10 and Windows Server 2016.
Whether you are a developer or an IT professional, you’ll get critical, insider perspectives on how Windows operates. And through hands-on experiments, you’ll experience its internal behavior firsthand–knowledge you can apply to improve application design, debugging, system performance, and support.
This book will help you:
- Understand the Window system architecture and its most important entities, such as processes and threads
- Examine how processes manage resources and threads scheduled for execution inside processes
- Observe how Windows manages virtual and physical memory
- Dig into the Windows I/O system and see how device drivers work and integrate with the rest of the system
- Go inside the Windows security model to see how it manages access, auditing, and authorization, and learn about the new mechanisms in Windows 10 and Server 2016
Table of Contents
Chapter 1 Concepts and tools
Chapter 2 System architecture
Chapter 3 Processes and jobs
Chapter 4 Threads
Chapter 5 Memory management
Chapter 6 I/O system
Chapter 7 Security
Title Page Copyright Page Dedication Page Contents Introduction Chapter 1 Concepts and tools Windows operating system versions Windows 10 and future Windows versions Windows 10 and OneCore Foundation concepts and terms Windows API Services, functions, and routines Processes Threads Jobs Virtual memory Kernel mode vs. user mode Hypervisor Firmware Terminal Services and multiple sessions Objects and handles Security Registry Unicode Digging into Windows internals Performance Monitor and Resource Monitor Kernel debugging Windows Software Development Kit Windows Driver Kit Sysinternals tools Conclusion Chapter 2 System architecture Requirements and design goals Operating system model Architecture overview Portability Symmetric multiprocessing Scalability Differences between client and server versions Checked build Virtualization-based security architecture overview Key system components Environment subsystems and subsystem DLLs Other subsystems Executive Kernel Hardware abstraction layer Device drivers System processes Conclusion Chapter 3 Processes and jobs Creating a process CreateProcess* functions arguments Creating Windows modern processes Creating other kinds of processes Process internals Protected processes Protected Process Light (PPL) Third-party PPL support Minimal and Pico processes Minimal processes Pico processes Trustlets (secure processes) Trustlet structure Trustlet policy metadata Trustlet attributes System built-in Trustlets Trustlet identity Isolated user-mode services Trustlet-accessible system calls Flow of CreateProcess Stage 1: Converting and validating parameters and flags Stage 2: Opening the image to be executed Stage 3: Creating the Windows executive process object Stage 4: Creating the initial thread and its stack and context Stage 5: Performing Windows subsystem–specific initialization Stage 6: Starting execution of the initial thread Stage 7: Performing process initialization in the context of the new process Terminating a process Image loader Early process initialization DLL name resolution and redirection Loaded module database Import parsing Post-import process initialization SwitchBack API Sets Jobs Job limits Working with a job Nested jobs Windows containers (server silos) Conclusion Chapter 4 Threads Creating threads Thread internals Data structures Birth of a thread Examining thread activity Limitations on protected process threads Thread scheduling Overview of Windows scheduling Priority levels Thread states Dispatcher database Quantum Priority boosts Context switching Scheduling scenarios Idle threads Thread suspension (Deep) freeze Thread selection Multiprocessor systems Thread selection on multiprocessor systems Processor selection Heterogeneous scheduling (big.LITTLE) Group-based scheduling Dynamic fair share scheduling CPU rate limits Dynamic processor addition and replacement Worker factories (thread pools) Worker factory creation Conclusion Chapter 5 Memory management Introduction to the memory manager Memory manager components Large and small pages Examining memory usage Internal synchronization Services provided by the memory manager Page states and memory allocations Commit charge and commit limit Locking memory Allocation granularity Shared memory and mapped files Protecting memory Data Execution Prevention Copy-on-write Address Windowing Extensions Kernel-mode heaps (system memory pools) Pool sizes Monitoring pool usage Look-aside lists Heap manager Process heaps Heap types The NT heap Heap synchronization The low-fragmentation heap The segment heap Heap security features Heap debugging features Pageheap Fault-tolerant heap Virtual address space layouts x86 address space layouts x86 system address space layout x86 session space System page table entries ARM address space layout 64-bit address space layout x64 virtual addressing limitations Dynamic system virtual address space management System virtual address space quotas User address space layout Address translation x86 virtual address translation Translation look-aside buffer x64 virtual address translation ARM virtual address translation Page fault handling Invalid PTEs Prototype PTEs In-paging I/O Collided page faults Clustered page faults Page files Commit charge and the system commit limit Commit charge and page file size Stacks User stacks Kernel stacks DPC stack Virtual address descriptors Process VADs Rotate VADs NUMA Section objects Working sets Demand paging Logical prefetcher and ReadyBoot Placement policy Working set management Balance set manager and swapper System working sets Memory notification events Page frame number database Page list dynamics Page priority Modified page writer and mapped page writer PFN data structures Page file reservation Physical memory limits Windows client memory limits Memory compression Compression illustration Compression architecture Memory partitions Memory combining The search phase The classification phase The page combining phase From private to shared PTE Combined pages release Memory enclaves Programmatic interface Memory enclave initializations Enclave construction Loading data into an enclave Initializing an enclave Proactive memory management (SuperFetch) Components Tracing and logging Scenarios Page priority and rebalancing Robust performance ReadyBoost ReadyDrive Process reflection Conclusion Chapter 6 I/O system I/O system components The I/O manager Typical I/O processing Interrupt Request Levels and Deferred Procedure Calls Interrupt Request Levels Deferred Procedure Calls Device drivers Types of device drivers Structure of a driver Driver objects and device objects Opening devices I/O processing Types of I/O I/O request packets I/O request to a single-layered hardware-based driver I/O requests to layered drivers Thread-agnostic I/O I/O cancellation I/O completion ports I/O prioritization Container notifications Driver Verifier I/O-related verification options Memory-related verification options The Plug and Play manager Level of Plug and Play support Device enumeration Device stacks Driver support for Plug and Play Plug-and-play driver installation General driver loading and installation Driver loading Driver installation The Windows Driver Foundation Kernel-Mode Driver Framework User-Mode Driver Framework The power manager Connected Standby and Modern Standby Power manager operation Driver power operation Driver and application control of device power Power management framework Power availability requests Conclusion Chapter 7 Security Security ratings Trusted Computer System Evaluation Criteria The Common Criteria Security system components Virtualization-based security Credential Guard Device Guard Protecting objects Access checks Security identifiers Virtual service accounts Security descriptors and access control Dynamic Access Control The AuthZ API Conditional ACEs Account rights and privileges Account rights Privileges Super privileges Access tokens of processes and threads Security auditing Object access auditing Global audit policy Advanced Audit Policy settings AppContainers Overview of UWP apps The AppContainer Logon Winlogon initialization User logon steps Assured authentication Windows Biometric Framework Windows Hello User Account Control and virtualization File system and registry virtualization Elevation Exploit mitigations Process-mitigation policies Control Flow Integrity Security assertions Application Identification AppLocker Software Restriction Policies Kernel Patch Protection PatchGuard HyperGuard Conclusion Index
Donate to keep this site alive
1. Disable the AdBlock plugin. Otherwise, you may not get any links.
2. Solve the CAPTCHA.
3. Click download link.
4. Lead to download server to download.