Cargando…
Windows internals /
See how the core components of the Windows operating system work behind the scenes--guided by a team of internationally renowned internals experts. Fully updated for Windows Server(R) 2008 and Windows Vista(R), this classic guide delivers key architectural insights on system design, debugging, perfo...
| Clasificación: | Libro Electrónico |
|---|---|
| Autor principal: | |
| Autor Corporativo: | |
| Otros Autores: | , , |
| Formato: | Electrónico eBook |
| Idioma: | Inglés |
| Publicado: |
Redmond, Wash. :
Microsoft Press,
©2009.
|
| Edición: | 5th ed. |
| Temas: | |
| Acceso en línea: | Texto completo (Requiere registro previo con correo institucional) |
Tabla de Contenidos:
- Foreword
- Acknowledgments
- Introduction
- Concepts and Tools
- Windows Operating System Versions
- Foundation Concepts and Terms
- Windows API
- Services, Functions, and Routines
- Processes, Threads, and Jobs
- Virtual Memory
- Kernel Mode vs. User Mode
- Terminal Services and Multiple Sessions
- Objects and Handles
- Security
- Registry
- Unicode
- Digging into Windows Internals
- Reliability and Performance Monitor
- Kernel Debugging
- Windows Software Development Kit
- Windows Driver Kit
- Sysinternals Tools
- Conclusion
- System Architecture
- Requirements and Design Goals
- Operating System Model
- Architecture Overview
- Portability
- Symmetric Multiprocessing
- Scalability
- Differences Between Client and Server Versions
- Checked Build
- Key System Components
- Environment Subsystems and Subsystem DLLs
- Ntdll.dll
- Executive
- Kernel
- Hardware Abstraction Layer
- Device Drivers
- System Processes
- Conclusion
- System Mechanisms
- Trap Dispatching
- Interrupt Dispatching
- Exception Dispatching
- System Service Dispatching
- Object Manager
- Executive Objects
- Object Structure
- Synchronization
- High-IRQL Synchronization
- Low-IRQL Synchronization
- System Worker Threads
- Windows Global Flags
- Advanced Local Procedure Calls (ALPCs)
- Kernel Event Tracing
- Wow64
- Wow64 Process Address Space Layout
- System Calls
- Exception Dispatching
- User Callbacks
- File System Redirection
- Registry Redirection and Reflection
- I/O Control Requests
- 16-Bit Installer Applications
- Printing
- Restrictions
- User-Mode Debugging
- Kernel Support
- Native Support
- Windows Subsystem Support
- Image Loader
- Early Process Initialization
- Loaded Module Database
- Import Parsing
- Post Import Process Initialization
- Hypervisor (Hyper-V)
- Partitions
- Root Partition.
- Child Partitions
- Hardware Emulation and Support
- Kernel Transaction Manager
- Hotpatch Support
- Kernel Patch Protection
- Code Integrity
- Conclusion
- Management Mechanisms
- The Registry
- Viewing and Changing the Registry
- Registry Usage
- Registry Data Types
- Registry Logical Structure
- Transactional Registry (TxR)
- Monitoring Registry Activity
- Registry Internals
- Services
- Service Applications
- The Service Control Manager
- Service Startup
- Startup Errors
- Accepting the Boot and Last Known Good
- Service Failures
- Service Shutdown
- Shared Service Processes
- Service Tags
- Service Control Programs
- Windows Management Instrumentation
- Providers
- The Common Information Model and the Managed Object Format Language
- Class Association
- WMI Implementation
- WMI Security
- Windows Diagnostic Infrastructure
- WDI Instrumentation
- Diagnostic Policy Service
- Diagnostic Functionality
- Conclusion
- Processes, Threads, and Jobs
- Process Internals
- Data Structures
- Kernel Variables
- Performance Counters
- Relevant Functions
- Protected Processes
- Flow of CreateProcess
- Stage 1: Converting and Validating Parameters and Flags
- Stage 2: Opening the Image to Be Executed
- Stage 3: Creating the Windows Executive Process Object (PspAllocateProcess)
- Stage 4: Creating the Initial Thread and Its Stack and Context
- Stage 5: Performing Windows Subsystem-Specific Post-Initialization
- Stage 6: Starting Execution of the Initial Thread
- Stage 7: Performing Process Initialization in the Context of the New Process
- Thread Internals
- Data Structures
- Kernel Variables
- Performance Counters
- Relevant Functions
- Birth of a Thread
- Examining Thread Activity
- Limitations on Protected Process Threads
- Worker Factories (Thread Pools)
- Thread Scheduling.
- Overview of Windows Scheduling
- Priority Levels
- Windows Scheduling APIs
- Relevant Tools
- Real-Time Priorities
- Thread States
- Dispatcher Database
- Quantum
- Scheduling Scenarios
- Context Switching
- Idle Thread
- Priority Boosts
- Multiprocessor Systems
- Multiprocessor Thread-Scheduling Algorithms
- CPU Rate Limits
- Job Objects
- Conclusion
- Security
- Security Ratings
- Trusted Computer System Evaluation Criteria
- The Common Criteria
- Security System Components
- Protecting Objects
- Access Checks
- Security Descriptors and Access Control
- Account Rights and Privileges
- Account Rights
- Privileges
- Super Privileges
- Security Auditing
- Logon
- Winlogon Initialization
- User Logon Steps
- User Account Control
- Virtualization
- Elevation
- Software Restriction Policies
- Conclusion
- I/O System
- I/O System Components
- The I/O Manager
- Typical I/O Processing
- Device Drivers
- Types of Device Drivers
- Structure of a Driver
- Driver Objects and Device Objects
- Opening Devices
- I/O Processing
- Types of I/O
- I/O Request to a Single-Layered Driver
- I/O Requests to Layered Drivers
- I/O Cancellation
- I/O Completion Ports
- I/O Prioritization
- Driver Verifier
- Kernel-Mode Driver Framework (KMDF)
- Structure and Operation of a KMDF Driver
- KMDF Data Model
- KMDF I/O Model
- User-Mode Driver Framework (UMDF)
- The Plug and Play (PnP) Manager
- Level of Plug and Play Support
- Driver Support for Plug and Play
- Driver Loading, Initialization, and Installation
- Driver Installation
- The Power Manager
- Power Manager Operation
- Driver Power Operation
- Driver and Application Control of Device Power
- Conclusion
- Storage Management
- Storage Terminology
- Disk Drivers
- Winload
- Disk Class, Port, and Miniport Drivers
- Disk Device Objects.
- Partition Manager
- Volume Management
- Basic Disks
- Dynamic Disks
- Multipartition Volume Management
- The Volume Namespace
- Volume I/O Operations
- Virtual Disk Service
- BitLocker Drive Encryption
- BitLocker Architecture
- Encryption Keys
- Trusted Platform Module (TPM)
- BitLocker Boot Process
- BitLocker Key Recovery
- Full Volume Encryption Driver
- BitLocker Management
- Volume Shadow Copy Service
- Shadow Copies
- VSS Architecture
- VSS Operation
- Uses in Windows
- Conclusion
- Memory Management
- Introduction to the Memory Manager
- Memory Manager Components
- Internal Synchronization
- Examining Memory Usage
- Services the Memory Manager Provides
- Large and Small Pages
- Reserving and Committing Pages
- Locking Memory
- Allocation Granularity
- Shared Memory and Mapped Files
- Protecting Memory
- No Execute Page Protection
- Copy-on-Write
- Address Windowing Extensions
- Kernel-Mode Heaps (System Memory Pools)
- Pool Sizes
- Monitoring Pool Usage
- Look-Aside Lists
- Heap Manager
- Types of Heaps
- Heap Manager Structure
- Heap Synchronization
- The Low Fragmentation Heap
- Heap Security Features
- Heap Debugging Features
- Pageheap
- Virtual Address Space Layouts
- x86 Address Space Layouts
- x86 System Address Space Layout
- x86 Session Space
- System Page Table Entries
- 64-Bit Address Space Layouts
- 64-Bit Virtual Addressing Limitations
- Dynamic System Virtual Address Space Management
- System Virtual Address Space Quotas
- User Address Space Layout
- Address Translation
- x86 Virtual Address Translation
- Translation Look-Aside Buffer
- Physical Address Extension (PAE)
- IA64 Virtual Address Translation
- x64 Virtual Address Translation
- Page Fault Handling
- Invalid PTEs
- Prototype PTEs
- In-Paging I/O
- Collided Page Faults
- Clustered Page Faults.
- Page Files
- Stacks
- User Stacks
- Kernel Stacks
- DPC Stack
- Virtual Address Descriptors
- Process VADs
- Rotate VADs
- NUMA
- Section Objects
- Driver Verifier
- Page Frame Number Database
- Page List Dynamics
- Page Priority
- Modified Page Writer
- PFN Data Structures
- Physical Memory Limits
- Windows Client Memory Limits
- Working Sets
- Demand Paging
- Logical Prefetcher
- Placement Policy
- Working Set Management
- Balance Set Manager and Swapper
- System Working Set
- Memory Notification Events
- Proactive Memory Management (SuperFetch)
- Components
- Tracing and Logging
- Scenarios
- Page Priority and Rebalancing
- Robust Performance
- ReadyBoost
- ReadyDrive
- Conclusion
- Cache Manager
- Key Features of the Cache Manager
- Single, Centralized System Cache
- The Memory Manager
- Cache Coherency
- Virtual Block Caching
- Stream-Based Caching
- Recoverable File System Support
- Cache Virtual Memory Management
- Cache Size
- Cache Virtual Size
- Cache Working Set Size
- Cache Physical Size
- Cache Data Structures
- Systemwide Cache Data Structures
- Per-File Cache Data Structures
- File System Interfaces
- Copying to and from the Cache
- Caching with the Mapping and Pinning Interfaces
- Caching with the Direct Memory Access Interfaces
- Fast I/O
- Read Ahead and Write Behind
- Intelligent Read-Ahead
- Write-Back Caching and Lazy Writing
- Write Throttling
- System Threads
- Conclusion
- File Systems
- Windows File System Formats
- CDFS
- UDF
- FAT12, FAT16, and FAT32
- exFAT
- NTFS
- File System Driver Architecture
- Local FSDs
- Remote FSDs
- File System Operation
- File System Filter Drivers
- Troubleshooting File System Problems
- Process Monitor Basic vs. Advanced Modes
- Process Monitor Troubleshooting Techniques
- Common Log File System.