Windows Internals, Part 1: Covering Windows Server 2008 R2 and Windows 7
- Length: 752 pages
- Edition: Sixth Edition
- Language: English
- Publisher: Microsoft Press
- Publication Date: 2012-04-04
- ISBN-10: 0735648735
- ISBN-13: 9780735648739
- Sales Rank: #642851 (See Top 100 Books)
Windows Internals, Part 1: Covering Windows Server 2008 R2 and Windows 7
Delve inside Windows architecture and internals—guided by a team of internationally renowned internals experts. Fully updated for Windows 7 and Windows Server 2008 R2, this classic guide delivers key architectural insights on system design, debugging, performance, and support—along with hands-on experiments to experience Windows internal behavior firsthand.
See how Windows components work behind the scenes:
- Understand how the core system and management mechanisms work
- Explore internal system data structures using tools like the kernel debugger
- Go inside the Windows security model to see how it authorizes access to data
- Understand how Windows manages physical and virtual memory
- Tour the Windows networking stack from top to bottom
- Troubleshoot file-system access problems and system boot problems
- Learn how to analyze crashes
Windows® Internals, Sixth Edition, Part 1 Introduction Structure of the Book History of the Book Sixth Edition Changes Hands-on Experiments Topics Not Covered A Warning and a Caveat Acknowledgments Errata & Book Support We Want to Hear from You Stay in Touch 1. Concepts and Tools Windows Operating System Versions Foundation Concepts and Terms Windows API Services, Functions, and Routines Processes, Threads, and Jobs Virtual Memory Kernel Mode vs. User Mode Terminal Services and Multiple Sessions Objects and Handles Security Registry Unicode Digging into Windows Internals Performance Monitor Kernel Debugging Symbols for Kernel Debugging Debugging Tools for Windows LiveKd Tool Windows Software Development Kit Windows Driver Kit Sysinternals Tools Conclusion 2. System Architecture Requirements and Design Goals Operating System Model Architecture Overview Portability Symmetric Multiprocessing Scalability Differences Between Client and Server Versions Checked Build Key System Components Environment Subsystems and Subsystem DLLs Subsystem Startup Windows Subsystem Subsystem for Unix-based Applications Ntdll.dll Executive Kernel Kernel Objects Kernel Processor Control Region and Control Block (KPCR and KPRCB) Hardware Support Hardware Abstraction Layer Device Drivers Windows Driver Model (WDM) Windows Driver Foundation System Processes System Idle Process System Process and System Threads Session Manager (Smss) Windows Initialization Process (Wininit.exe) Service Control Manager (SCM) Local Session Manager (Lsm.exe) Winlogon, LogonUI, and Userinit Conclusion 3. System Mechanisms Trap Dispatching Interrupt Dispatching Hardware Interrupt Processing x86 Interrupt Controllers x64 Interrupt Controllers IA64 Interrupt Controllers Software Interrupt Request Levels (IRQLs) Software Interrupts Dispatch or Deferred Procedure Call (DPC) Interrupts Asynchronous Procedure Call Interrupts Timer Processing Timer Expiration Processor Selection Intelligent Timer Tick Distribution Timer Coalescing Exception Dispatching Unhandled Exceptions Windows Error Reporting System Service Dispatching System Service Dispatching Service Descriptor Tables Object Manager Executive Objects Object Structure Object Headers and Bodies Type Objects Object Methods Object Handles and the Process Handle Table Reserve Objects Object Security Object Retention Resource Accounting Object Names Object Directories Symbolic Links Session Namespace Object Filtering Synchronization High-IRQL Synchronization Interlocked Operations Spinlocks Queued Spinlocks Instack Queued Spinlocks Executive Interlocked Operations Low-IRQL Synchronization Kernel Dispatcher Objects Waiting for Dispatcher Objects What Signals an Object? Data Structures Keyed Events Fast Mutexes and Guarded Mutexes Executive Resources Pushlocks Critical Sections User-Mode Resources Condition Variables Slim Reader-Writer Locks Run Once Initialization System Worker Threads Windows Global Flags Advanced Local Procedure Call Connection Model Message Model Asynchronous Operation Views, Regions, and Sections Attributes Blobs, Handles, and Resources Security Performance Debugging and Tracing Kernel Event Tracing Wow64 Wow64 Process Address Space Layout System Calls Exception Dispatching User APC Dispatching Console Support User Callbacks File System Redirection Registry Redirection I/O Control Requests 16-Bit Installer Applications Printing Restrictions User-Mode Debugging Kernel Support Native Support Windows Subsystem Support Image Loader Early Process Initialization DLL Name Resolution and Redirection DLL Name Redirection Loaded Module Database Import Parsing Post-Import Process Initialization SwitchBack API Sets Hypervisor (Hyper-V) Partitions Parent Partition Parent Partition Operating System Virtual Machine Manager Service and Worker Processes Virtualization Service Providers VM Infrastructure Driver and Hypervisor API Library Hypervisor Child Partitions Virtualization Service Clients Enlightenments Hardware Emulation and Support Emulated Devices Synthetic Devices Virtual Processors Memory Virtualization Intercepts Live Migration Kernel Transaction Manager Hotpatch Support Kernel Patch Protection Code Integrity Conclusion 4. Management Mechanisms The Registry Viewing and Changing the Registry Registry Usage Registry Data Types Registry Logical Structure HKEY_CURRENT_USER HKEY_USERS HKEY_CLASSES_ROOT HKEY_LOCAL_MACHINE HKEY_CURRENT_CONFIG HKEY_PERFORMANCE_DATA Transactional Registry (TxR) Monitoring Registry Activity Process Monitor Internals Process Monitor Troubleshooting Techniques Logging Activity in Unprivileged Accounts or During Logon/Logoff Registry Internals Hives Hive Size Limits Registry Symbolic Links Hive Structure Cell Maps The Registry Namespace and Operation Stable Storage Registry Filtering Registry Optimizations Services Service Applications Service Accounts The Local System Account The Network Service Account The Local Service Account Running Services in Alternate Accounts Running with Least Privilege Service Isolation Interactive Services and Session 0 Isolation The Service Control Manager Service Startup Startup Errors Accepting the Boot and Last Known Good Service Failures Service Shutdown Shared Service Processes Service Tags Unified Background Process Manager Initialization UBPM API Provider Registration Consumer Registration Task Host Service Control Programs Windows Management Instrumentation WMI Architecture Providers The Common Information Model and the Managed Object Format Language The WMI Namespace Class Association WMI Implementation WMI Security Windows Diagnostic Infrastructure WDI Instrumentation Diagnostic Policy Service Diagnostic Functionality Conclusion 5. Processes, Threads, and Jobs Process Internals Data Structures Protected Processes Flow of CreateProcess Stage 1: Converting and Validating Parameters and Flags Stage 2: Opening the Image to Be Executed Stage 3: Creating the Windows Executive Process Object (PspAllocateProcess) Stage 3A: Setting Up the EPROCESS Object Stage 3B: Creating the Initial Process Address Space Stage 3C: Creating the Kernel Process Structure Stage 3D: Concluding the Setup of the Process Address Space Stage 3E: Setting Up the PEB Stage 3F: Completing the Setup of the Executive Process Object (PspInsertProcess) Stage 4: Creating the Initial Thread and Its Stack and Context Stage 5: Performing Windows Subsystem–Specific Post-Initialization Stage 6: Starting Execution of the Initial Thread Stage 7: Performing Process Initialization in the Context of the New Process Thread Internals Data Structures Birth of a Thread Examining Thread Activity Limitations on Protected Process Threads Worker Factories (Thread Pools) Thread Scheduling Overview of Windows Scheduling Priority Levels Real-Time Priorities Interrupt Levels vs. Priority Levels Using Tools to Interact with Priority Thread States Dispatcher Database Quantum Quantum Accounting Controlling the Quantum Variable Quantums Quantum Settings Registry Value Priority Boosts Boosts Due to Scheduler/Dispatcher Events Unwait Boosts Lock Ownership Boosts Priority Boosting After I/O Completion Boosts During Waiting on Executive Resources Priority Boosts for Foreground Threads After Waits Priority Boosts After GUI Threads Wake Up Priority Boosts for CPU Starvation Applying Boosts Removing Boosts Priority Boosts for Multimedia Applications and Games Context Switching Scheduling Scenarios Voluntary Switch Preemption Quantum End Termination Idle Threads Thread Selection Idle Scheduler Multiprocessor Systems Package Sets and SMT Sets NUMA Systems Processor Group Assignment Logical Processors per Group Logical Processor State Scheduler Scalability Affinity Extended Affinity Mask System Affinity Mask Ideal and Last Processor Ideal Node Thread Selection on Multiprocessor Systems Processor Selection Choosing a Processor for a Thread When There Are Idle Processors Choosing a Processor for a Thread When There Are No Idle Processors Processor Share-Based Scheduling Distributed Fair Share Scheduling DFSS Initialization Per-Session CPU Quota Blocks Charging of Cycles to Throttled Threads CPU Throttling and Quota Enforcement Resuming Execution DFSS Idle-Only Queue Scheduling Session Weight Configuration CPU Rate Limits Dynamic Processor Addition and Replacement Job Objects Job Limits Job Sets Conclusion 6. Security Security Ratings Trusted Computer System Evaluation Criteria The Common Criteria Security System Components Protecting Objects Access Checks Security Identifiers Integrity Levels Tokens Impersonation Restricted Tokens Filtered Admin Token Virtual Service Accounts Security Descriptors and Access Control ACL Assignment Determining Access The AuthZ API Conditional ACEs Account Rights and Privileges Account Rights Privileges Super Privileges Access Tokens of Processes and Threads Security Auditing Object Access Auditing Global Audit Policy Advanced Audit Policy Settings Logon Winlogon Initialization User Logon Steps Assured Authentication Biometric Framework for User Authentication User Account Control and Virtualization File System and Registry Virtualization File Virtualization Registry Virtualization Elevation Running with Administrator Rights Requesting Administrative Rights Auto-Elevation Controlling UAC Behavior Application Identification (AppID) AppLocker Software Restriction Policies Conclusion 7. Networking Windows Networking Architecture The OSI Reference Model Windows Networking Components Networking APIs Windows Sockets Winsock Client Operation Winsock Server Operation Winsock Extensions Extending Winsock Winsock Implementation Winsock Kernel WSK Implementation Remote Procedure Call RPC Operation RPC Security RPC Implementation Web Access APIs WinInet HTTP Named Pipes and Mailslots Named-Pipe Operation Mailslot Operation Named Pipe and Mailslot Implementation NetBIOS NetBIOS Names NetBIOS Operation NetBIOS API Implementation Other Networking APIs Background Intelligent Transfer Service Peer-to-Peer Infrastructure DCOM Message Queuing UPnP with PnP-X Multiple Redirector Support Multiple Provider Router Multiple UNC Provider Surrogate Providers Redirector Mini-Redirectors Server Message Block and Sub-Redirectors Distributed File System Namespace Distributed File System Replication Offline Files Caching Modes Online Offline (Slow Connection) Offline (Working Offline) Offline (Not Connected) Offline (Need to Sync) Ghosts Data Security Cache Structure BranchCache Caching Modes Configuration BranchCache Optimized Application Retrieval: SMB Sequence BranchCache Optimized Application Retrieval: HTTP Sequence Name Resolution Domain Name System Peer Name Resolution Protocol PNRP Resolution and Publication Location and Topology Network Location Awareness Network Connectivity Status Indicator Passive Poll Network Change Monitoring Registry Change Monitoring Active Probe Link-Layer Topology Discovery Protocol Drivers Windows Filtering Platform Network Address Translation IP Filtering Internet Protocol Security NDIS Drivers Variations on the NDIS Miniport Connection-Oriented NDIS Remote NDIS QoS Binding Layered Network Services Remote Access Active Directory Network Load Balancing Network Access Protection Direct Access Conclusion A. About the Authors B. More Resources for Developers Microsoft Press® books Visual Studio Web Development .Net Framework Data Access/Database Other Topics C. Find the Right Resource for You Index About the Authors
Donate to keep this site alive
To access the Link, solve the captcha.
1. Disable the AdBlock plugin. Otherwise, you may not get any links.
2. Solve the CAPTCHA.
3. Click download link.
4. Lead to download server to download.