Windows Internals, Part 2, 6th Edition
- Length: 674 pages
- Edition: Sixth Edition
- Language: English
- Publisher: Microsoft Press
- Publication Date: 2012-10-02
- ISBN-10: 0735665877
- ISBN-13: 9780735665873
- Sales Rank: #580939 (See Top 100 Books)
Delve inside Windows architecture and internals—and see how core components work behind the scenes. Led by three renowned internals experts, this classic guide is fully updated for Windows 7 and Windows Server 2008 R2—and now presents its coverage in two volumes.
As always, you get critical insider perspectives on how Windows operates. And through hands-on experiments, you’ll experience its internal behavior firsthand—knowledge you can apply to improve application design, debugging, system performance, and support.
In Part 2, you’ll examine:
- Core subsystems for I/O, storage, memory management, cache manager, and file systems
- Startup and shutdown processes
- Crash-dump analysis, including troubleshooting tools and techniques
Windows® Internals, Sixth Edition, Part 2 Dedication Introduction Structure of the Book History of the Book Sixth Edition Changes Hands-on Experiments Topics Not Covered A Warning and a Caveat Acknowledgments Errata & Book Support We Want to Hear from You Stay in Touch 8. I/O System I/O System Components The I/O Manager Typical I/O Processing Device Drivers Types of Device Drivers WDM Drivers Layered Drivers Structure of a Driver Driver Objects and Device Objects Opening Devices I/O Processing Types of I/O Synchronous and Asynchronous I/O Fast I/O Mapped File I/O and File Caching Scatter/Gather I/O I/O Request Packets IRP Stack Locations IRP Buffer Management I/O Request to a Single-Layered Driver Servicing an Interrupt Completing an I/O Request Synchronization I/O Requests to Layered Drivers Thread Agnostic I/O I/O Cancellation User-Initiated I/O Cancellation I/O Cancellation for Thread Termination I/O Completion Ports The IoCompletion Object Using Completion Ports I/O Completion Port Operation I/O Prioritization I/O Priorities Prioritization Strategies I/O Priority Inversion Avoidance (I/O Priority Inheritance) I/O Priority Boosts and Bumps Bandwidth Reservation (Scheduled File I/O) Container Notifications Driver Verifier Kernel-Mode Driver Framework (KMDF) Structure and Operation of a KMDF Driver KMDF Data Model KMDF I/O Model User-Mode Driver Framework (UMDF) The Plug and Play (PnP) Manager Level of Plug and Play Support Driver Support for Plug and Play Driver Loading, Initialization, and Installation The Start Value Device Enumeration Device Stacks Device Stack Driver Loading Driver Installation The Power Manager Power Manager Operation Driver Power Operation Driver and Application Control of Device Power Power Availability Requests Processor Power Management (PPM) Core Parking Policies Utility Function Algorithm Overrides Increase/Decrease Actions Thresholds and Policy Settings Performance Check Conclusion 9. Storage Management Storage Terminology Disk Devices Rotating Magnetic Disks Disk Sector Format Solid State Disks NAND-Type Flash Memory File Deletion and the Trim Command Disk Drivers Winload Disk Class, Port, and Miniport Drivers iSCSI Drivers Multipath I/O (MPIO) Drivers Disk Device Objects Partition Manager Volume Management Basic Disks MBR-Style Partitioning GUID Partition Table Partitioning Basic Disk Volume Manager Dynamic Disks The LDM Database LDM and GPT or MBR-Style Partitioning Dynamic Disk Volume Manager Multipartition Volume Management Spanned Volumes Striped Volumes Mirrored Volumes RAID-5 Volumes The Volume Namespace The Mount Manager Mount Points Volume Mounting Volume I/O Operations Virtual Disk Service Virtual Hard Disk Support Attaching VHDs Nested File Systems BitLocker Drive Encryption Encryption Keys Trusted Platform Module (TPM) BitLocker Boot Process BitLocker Key Recovery Full-Volume Encryption Driver BitLocker Management BitLocker To Go Volume Shadow Copy Service Shadow Copies Clone Shadow Copies Copy-on-Write Shadow Copies VSS Architecture VSS Operation Shadow Copy Provider Uses in Windows Backup Previous Versions and System Restore Conclusion 10. Memory Management Introduction to the Memory Manager Memory Manager Components Internal Synchronization Examining Memory Usage Services Provided by the Memory Manager Large and Small Pages Reserving and Committing Pages Commit Limit Locking Memory Allocation Granularity Shared Memory and Mapped Files Protecting Memory No Execute Page Protection Software Data Execution Prevention Copy-on-Write Address Windowing Extensions Kernel-Mode Heaps (System Memory Pools) Pool Sizes Monitoring Pool Usage Look-Aside Lists Heap Manager Types of Heaps Heap Manager Structure Heap Synchronization The Low Fragmentation Heap Heap Security Features Heap Debugging Features Pageheap Fault Tolerant Heap Virtual Address Space Layouts x86 Address Space Layouts x86 System Address Space Layout x86 Session Space System Page Table Entries 64-Bit Address Space Layouts x64 Virtual Addressing Limitations Windows x64 16-TB Limitation Dynamic System Virtual Address Space Management System Virtual Address Space Quotas User Address Space Layout Image Randomization Stack Randomization Heap Randomization ASLR in Kernel Address Space Controlling Security Mitigations Address Translation x86 Virtual Address Translation Page Directories Page Tables and Page Table Entries Hardware vs. Software Write Bits in Page Table Entries Byte Within Page Translation Look-Aside Buffer Physical Address Extension (PAE) x64 Virtual Address Translation IA64 Virtual Address Translation Page Fault Handling Invalid PTEs Prototype PTEs In-Paging I/O Collided Page Faults Clustered Page Faults Page Files Commit Charge and the System Commit Limit Commit Charge and Page File Size Stacks User Stacks Kernel Stacks DPC Stack Virtual Address Descriptors Process VADs Rotate VADs NUMA Section Objects Driver Verifier Page Frame Number Database Page List Dynamics Page Priority Modified Page Writer PFN Data Structures Physical Memory Limits Windows Client Memory Limits 32-Bit Client Effective Memory Limits Working Sets Demand Paging Logical Prefetcher Placement Policy Working Set Management Balance Set Manager and Swapper System Working Sets Memory Notification Events Proactive Memory Management (Superfetch) Components Tracing and Logging Scenarios Page Priority and Rebalancing Robust Performance ReadyBoost ReadyDrive Unified Caching Process Reflection Conclusion 11. Cache Manager Key Features of the Cache Manager Single, Centralized System Cache The Memory Manager Cache Coherency Virtual Block Caching Stream-Based Caching Recoverable File System Support Cache Virtual Memory Management Cache Size Cache Virtual Size Cache Working Set Size Cache Physical Size Cache Data Structures Systemwide Cache Data Structures Per-File Cache Data Structures File System Interfaces Copying to and from the Cache Caching with the Mapping and Pinning Interfaces Caching with the Direct Memory Access Interfaces Fast I/O Read-Ahead and Write-Behind Intelligent Read-Ahead Write-Back Caching and Lazy Writing Disabling Lazy Writing for a File Forcing the Cache to Write Through to Disk Flushing Mapped Files Write Throttling System Threads Conclusion 12. File Systems Windows File System Formats CDFS UDF FAT12, FAT16, and FAT32 exFAT NTFS File System Driver Architecture Local FSDs Remote FSDs Locking File System Operation Explicit File I/O Memory Manager’s Modified and Mapped Page Writer Cache Manager’s Lazy Writer Cache Manager’s Read-Ahead Thread Memory Manager’s Page Fault Handler File System Filter Drivers Process Monitor Troubleshooting File System Problems Process Monitor Basic vs. Advanced Modes Process Monitor Troubleshooting Techniques Common Log File System Marshalling Marshalling Log Types Log Layout Log Sequence Numbers Log Blocks Owner Pages Translating Virtual LSNs to Physical LSNs Management Policies NTFS Design Goals and Features High-End File System Requirements Recoverability Security Data Redundancy and Fault Tolerance Advanced Features of NTFS Multiple Data Streams Unicode-Based Names General Indexing Facility Dynamic Bad-Cluster Remapping Hard Links Symbolic (Soft) Links and Junctions Compression and Sparse Files Change Logging Per-User Volume Quotas Link Tracking Encryption POSIX Support Defragmentation Dynamic Partitioning NTFS File System Driver NTFS On-Disk Structure Volumes Clusters Master File Table File Record Numbers File Records File Names Resident and Nonresident Attributes Data Compression and Sparse Files Compressing Sparse Data Compressing Nonsparse Data Sparse Files The Change Journal File Indexing Object IDs Quota Tracking Consolidated Security Reparse Points Transaction Support Isolation Transactional APIs Resource Managers On-Disk Implementation Logging Implementation Recovery Implementation NTFS Recovery Support Design Metadata Logging Log File Service Log Record Types Recovery Analysis Pass Redo Pass Undo Pass NTFS Bad-Cluster Recovery Self-Healing Encrypting File System Security Encrypting a File for the First Time Encrypting File Data The Decryption Process Backing Up Encrypted Files Copying Encrypted Files Conclusion 13. Startup and Shutdown Boot Process BIOS Preboot The BIOS Boot Sector and Bootmgr The UEFI Boot Process Booting from iSCSI Initializing the Kernel and Executive Subsystems Smss, Csrss, and Wininit ReadyBoot Images That Start Automatically Troubleshooting Boot and Startup Problems Last Known Good Safe Mode Driver Loading in Safe Mode Safe-Mode-Aware User Programs Boot Logging in Safe Mode Windows Recovery Environment (WinRE) Solving Common Boot Problems MBR Corruption Boot Sector Corruption BCD Misconfiguration System File Corruption System Hive Corruption Post–Splash Screen Crash or Hang Shutdown Conclusion 14. Crash Dump Analysis Why Does Windows Crash? The Blue Screen Causes of Windows Crashes Troubleshooting Crashes Crash Dump Files Crash Dump Generation Windows Error Reporting Online Crash Analysis Basic Crash Dump Analysis Notmyfault Basic Crash Dump Analysis Verbose Analysis Using Crash Troubleshooting Tools Buffer Overruns, Memory Corruption, and Special Pool Code Overwrite and System Code Write Protection Advanced Crash Dump Analysis Stack Trashes Hung or Unresponsive Systems When There Is No Crash Dump Analysis of Common Stop Codes 0xD1 - DRIVER_IRQL_NOT_LESS_OR_EQUAL 0x8E - KERNEL_MODE_EXCEPTION_NOT_HANDLED 0x7F - UNEXPECTED_KERNEL_MODE_TRAP 0xC5 - DRIVER_CORRUPTED_EXPOOL Hardware Malfunctions Conclusion A. Contents of Windows Internals, Sixth Edition, Part 1 Index About the Authors Copyright
Donate to keep this site alive
To access the Link, solve the captcha.
1. Disable the AdBlock plugin. Otherwise, you may not get any links.
2. Solve the CAPTCHA.
3. Click download link.
4. Lead to download server to download.