Windows internals / Mark E. Russinovich, David A. Solomon ; with Alex Ionescu.

Format:

Book

Author/Creator:

Russinovich, Mark E.

Contributor:

Solomon, David A.

Ionescu, Alex.

Microsoft Corporation.

Language:

English

Subjects (All):

Microsoft Windows (Computer file).

Microsoft Windows server.

Computer network architectures.

Operating systems (Computers).

Physical Description:

1 online resource (xxvi, 1181 p. ) ill., ports.

Edition:

5th ed.

Other Title:

Microsoft Windows internals.

Place of Publication:

Redmond, Wash. : Microsoft Press, c2009.

System Details:

text file

Summary:

See how the core components of the Windows operating system work behind the scenes—guided by a team of internationally renowned internals experts. Fully updated for Windows Server(R) 2008 and Windows Vista(R), this classic guide delivers key architectural insights on system design, debugging, performance, and support—along with hands-on experiments to experience Windows internal behavior firsthand. Delve inside Windows architecture and internals: Understand how the core system and management mechanisms work—from the object manager to services to the registry Explore internal system data structures using tools like the kernel debugger Grasp the scheduler's priority and CPU placement algorithms Go inside the Windows security model to see how it authorizes access to data Understand how Windows manages physical and virtual memory Tour the Windows networking stack from top to bottom—including APIs, protocol drivers, and network adapter drivers Troubleshoot file-system access problems and system boot problems Learn how to analyze crashes

Contents:

Foreword

Acknowledgments

Introduction

Concepts and Tools

Windows Operating System Versions

Foundation Concepts and Terms

Windows API

Services, Functions, and Routines

Processes, Threads, and Jobs

Virtual Memory

Kernel Mode vs. User Mode

Terminal Services and Multiple Sessions

Objects and Handles

Security

Registry

Unicode

Digging into Windows Internals

Reliability and Performance Monitor

Kernel Debugging

Windows Software Development Kit

Windows Driver Kit

Sysinternals Tools

Conclusion

System Architecture

Requirements and Design Goals

Operating System Model

Architecture Overview

Portability

Symmetric Multiprocessing

Scalability

Differences Between Client and Server Versions

Checked Build

Key System Components

Environment Subsystems and Subsystem DLLs

Ntdll.dll

Executive

Kernel

Hardware Abstraction Layer

Device Drivers

System Processes

System Mechanisms

Trap Dispatching

Interrupt Dispatching

Exception Dispatching

System Service Dispatching

Object Manager

Executive Objects

Object Structure

Synchronization

High-IRQL Synchronization

Low-IRQL Synchronization

System Worker Threads

Windows Global Flags

Advanced Local Procedure Calls (ALPCs)

Kernel Event Tracing

Wow64

Wow64 Process Address Space Layout

System Calls

User Callbacks

File System Redirection

Registry Redirection and Reflection

I/O Control Requests

16-Bit Installer Applications

Printing

Restrictions

User-Mode Debugging

Kernel Support

Native Support

Windows Subsystem Support

Image Loader

Early Process Initialization

Loaded Module Database

Import Parsing

Post Import Process Initialization

Hypervisor (Hyper-V)

Partitions

Root Partition.

Child Partitions

Hardware Emulation and Support

Kernel Transaction Manager

Hotpatch Support

Kernel Patch Protection

Code Integrity

Management Mechanisms

The Registry

Viewing and Changing the Registry

Registry Usage

Registry Data Types

Registry Logical Structure

Transactional Registry (TxR)

Monitoring Registry Activity

Registry Internals

Services

Service Applications

The Service Control Manager

Service Startup

Startup Errors

Accepting the Boot and Last Known Good

Service Failures

Service Shutdown

Shared Service Processes

Service Tags

Service Control Programs

Windows Management Instrumentation

Providers

The Common Information Model and the Managed Object Format Language

Class Association

WMI Implementation

WMI Security

Windows Diagnostic Infrastructure

WDI Instrumentation

Diagnostic Policy Service

Diagnostic Functionality

Process Internals

Data Structures

Kernel Variables

Performance Counters

Relevant Functions

Protected Processes

Flow of CreateProcess

Stage 1: Converting and Validating Parameters and Flags

Stage 2: Opening the Image to Be Executed

Stage 3: Creating the Windows Executive Process Object (PspAllocateProcess)

Stage 4: Creating the Initial Thread and Its Stack and Context

Stage 5: Performing Windows Subsystem-Specific Post-Initialization

Stage 6: Starting Execution of the Initial Thread

Stage 7: Performing Process Initialization in the Context of the New Process

Thread Internals

Birth of a Thread

Examining Thread Activity

Limitations on Protected Process Threads

Worker Factories (Thread Pools)

Thread Scheduling.

Overview of Windows Scheduling

Priority Levels

Windows Scheduling APIs

Relevant Tools

Real-Time Priorities

Thread States

Dispatcher Database

Quantum

Scheduling Scenarios

Context Switching

Idle Thread

Priority Boosts

Multiprocessor Systems

Multiprocessor Thread-Scheduling Algorithms

CPU Rate Limits

Job Objects

Security Ratings

Trusted Computer System Evaluation Criteria

The Common Criteria

Security System Components

Protecting Objects

Access Checks

Security Descriptors and Access Control

Account Rights and Privileges

Account Rights

Privileges

Super Privileges

Security Auditing

Logon

Winlogon Initialization

User Logon Steps

User Account Control

Virtualization

Elevation

Software Restriction Policies

I/O System

I/O System Components

The I/O Manager

Typical I/O Processing

Types of Device Drivers

Structure of a Driver

Driver Objects and Device Objects

Opening Devices

I/O Processing

Types of I/O

I/O Request to a Single-Layered Driver

I/O Requests to Layered Drivers

I/O Cancellation

I/O Completion Ports

I/O Prioritization

Driver Verifier

Kernel-Mode Driver Framework (KMDF)

Structure and Operation of a KMDF Driver

KMDF Data Model

KMDF I/O Model

User-Mode Driver Framework (UMDF)

The Plug and Play (PnP) Manager

Level of Plug and Play Support

Driver Support for Plug and Play

Driver Loading, Initialization, and Installation

Driver Installation

The Power Manager

Power Manager Operation

Driver Power Operation

Driver and Application Control of Device Power

Storage Management

Storage Terminology

Disk Drivers

Winload

Disk Class, Port, and Miniport Drivers

Disk Device Objects.

Partition Manager

Volume Management

Basic Disks

Dynamic Disks

Multipartition Volume Management

The Volume Namespace

Volume I/O Operations

Virtual Disk Service

BitLocker Drive Encryption

BitLocker Architecture

Encryption Keys

Trusted Platform Module (TPM)

BitLocker Boot Process

BitLocker Key Recovery

Full Volume Encryption Driver

BitLocker Management

Volume Shadow Copy Service

Shadow Copies

VSS Architecture

VSS Operation

Uses in Windows

Memory Management

Introduction to the Memory Manager

Memory Manager Components

Internal Synchronization

Examining Memory Usage

Services the Memory Manager Provides

Large and Small Pages

Reserving and Committing Pages

Locking Memory

Allocation Granularity

Shared Memory and Mapped Files

Protecting Memory

No Execute Page Protection

Copy-on-Write

Address Windowing Extensions

Kernel-Mode Heaps (System Memory Pools)

Pool Sizes

Monitoring Pool Usage

Look-Aside Lists

Heap Manager

Types of Heaps

Heap Manager Structure

Heap Synchronization

The Low Fragmentation Heap

Heap Security Features

Heap Debugging Features

Pageheap

Virtual Address Space Layouts

x86 Address Space Layouts

x86 System Address Space Layout

x86 Session Space

System Page Table Entries

64-Bit Address Space Layouts

64-Bit Virtual Addressing Limitations

Dynamic System Virtual Address Space Management

System Virtual Address Space Quotas

User Address Space Layout

Address Translation

x86 Virtual Address Translation

Translation Look-Aside Buffer

Physical Address Extension (PAE)

IA64 Virtual Address Translation

x64 Virtual Address Translation

Page Fault Handling

Invalid PTEs

Prototype PTEs

In-Paging I/O

Collided Page Faults

Clustered Page Faults.

Page Files

Stacks

User Stacks

Kernel Stacks

DPC Stack

Virtual Address Descriptors

Process VADs

Rotate VADs

NUMA

Section Objects

Page Frame Number Database

Page List Dynamics

Page Priority

Modified Page Writer

PFN Data Structures

Physical Memory Limits

Windows Client Memory Limits

Working Sets

Demand Paging

Logical Prefetcher

Placement Policy

Working Set Management

Balance Set Manager and Swapper

System Working Set

Memory Notification Events

Proactive Memory Management (SuperFetch)

Components

Tracing and Logging

Scenarios

Page Priority and Rebalancing

Robust Performance

ReadyBoost

ReadyDrive

Cache Manager

Key Features of the Cache Manager

Single, Centralized System Cache

The Memory Manager

Cache Coherency

Virtual Block Caching

Stream-Based Caching

Recoverable File System Support

Cache Virtual Memory Management

Cache Size

Cache Virtual Size

Cache Working Set Size

Cache Physical Size

Cache Data Structures

Systemwide Cache Data Structures

Per-File Cache Data Structures

File System Interfaces

Copying to and from the Cache

Caching with the Mapping and Pinning Interfaces

Caching with the Direct Memory Access Interfaces

Fast I/O

Read Ahead and Write Behind

Intelligent Read-Ahead

Write-Back Caching and Lazy Writing

Write Throttling

System Threads

File Systems

Windows File System Formats

CDFS

UDF

FAT12, FAT16, and FAT32

exFAT

NTFS

File System Driver Architecture

Local FSDs

Remote FSDs

File System Operation

File System Filter Drivers

Troubleshooting File System Problems

Process Monitor Basic vs. Advanced Modes

Process Monitor Troubleshooting Techniques

Common Log File System.

NTFS Design Goals and Features.

Notes:

At head of t.p.: Microsoft.

Description based on publisher supplied metadata and other sources.

ISBN:

9780735636064

0735636060

9780735637962

0735637962

OCLC:

460637182