Book description
Delve inside Windows architecture and internals—and see how core components work behind the scenes. Led by three renowned internals experts, this classic guide is fully updated for Windows 7 and Windows Server 2008 R2—and now presents its coverage in two volumes.
As always, you get critical insider perspectives on how Windows operates. And through hands-on experiments, you’ll experience its internal behavior firsthand—knowledge you can apply to improve application design, debugging, system performance, and support.
In Part 1, you will:
Understand how core system and management mechanisms work—including the object manager, synchronization, Wow64, Hyper-V, and the registry
Examine the data structures and activities behind processes, threads, and jobs
Go inside the Windows security model to see how it manages access, auditing, and authorization
Explore the Windows networking stack from top to bottom—including APIs, BranchCache, protocol and NDIS drivers, and layered services
Dig into internals hands-on using the kernel debugger, performance monitor, and other tools
Table of contents
- Windows® Internals, Sixth Edition, Part 1
- Dedication
- Introduction
- 1. Concepts and Tools
- 2. System Architecture
-
3. System Mechanisms
- Trap Dispatching
- Object Manager
- Synchronization
- System Worker Threads
- Windows Global Flags
- Advanced Local Procedure Call
- Kernel Event Tracing
- Wow64
- User-Mode Debugging
- Image Loader
- Hypervisor (Hyper-V)
- Kernel Transaction Manager
- Hotpatch Support
- Kernel Patch Protection
- Code Integrity
- Conclusion
-
4. Management Mechanisms
- The Registry
- Services
- Unified Background Process Manager
- Windows Management Instrumentation
- Windows Diagnostic Infrastructure
- Conclusion
-
5. Processes, Threads, and Jobs
- Process Internals
- Protected Processes
-
Flow of CreateProcess
- Stage 1: Converting and Validating Parameters and Flags
- Stage 2: Opening the Image to Be Executed
-
Stage 3: Creating the Windows Executive Process Object (PspAllocateProcess)
- Stage 3A: Setting Up the EPROCESS Object
- Stage 3B: Creating the Initial Process Address Space
- Stage 3C: Creating the Kernel Process Structure
- Stage 3D: Concluding the Setup of the Process Address Space
- Stage 3E: Setting Up the PEB
- Stage 3F: Completing the Setup of the Executive Process Object (PspInsertProcess)
- Stage 4: Creating the Initial Thread and Its Stack and Context
- Stage 5: Performing Windows Subsystem–Specific Post-Initialization
- Stage 6: Starting Execution of the Initial Thread
- Stage 7: Performing Process Initialization in the Context of the New Process
- Thread Internals
- Examining Thread Activity
- Worker Factories (Thread Pools)
-
Thread Scheduling
- Overview of Windows Scheduling
- Priority Levels
- Thread States
- Dispatcher Database
- Quantum
-
Priority Boosts
- Boosts Due to Scheduler/Dispatcher Events
- Unwait Boosts
- Lock Ownership Boosts
- Priority Boosting After I/O Completion
- Boosts During Waiting on Executive Resources
- Priority Boosts for Foreground Threads After Waits
- Priority Boosts After GUI Threads Wake Up
- Priority Boosts for CPU Starvation
- Applying Boosts
- Removing Boosts
- Priority Boosts for Multimedia Applications and Games
- Context Switching
- Scheduling Scenarios
- Idle Threads
- Thread Selection
- Multiprocessor Systems
- Thread Selection on Multiprocessor Systems
- Processor Selection
- Processor Share-Based Scheduling
- Dynamic Processor Addition and Replacement
- Job Objects
- Conclusion
- 6. Security
-
7. Networking
- Windows Networking Architecture
- Networking APIs
- Multiple Redirector Support
- Distributed File System Namespace
- Distributed File System Replication
- Offline Files
- BranchCache
- Name Resolution
- Location and Topology
- Protocol Drivers
- NDIS Drivers
- Binding
- Layered Network Services
- Conclusion
- A. About the Authors
- B. More Resources for Developers
- C. Find the Right Resource for You
- Index
- About the Authors
- Copyright
Product information
- Title: Windows® Internals, Sixth Edition, Part 1
- Author(s):
- Release date: March 2012
- Publisher(s): Microsoft Press
- ISBN: 9780735671294
You might also like
book
Windows® Internals, Sixth Edition, Part 2
Delve inside Windows architecture and internals—and see how core components work behind the scenes. Led by …
book
Windows Internals, Fifth Edition
See how the core components of the Windows operating system work behind the scenes—guided by a …
book
Windows Security Internals
Windows Security Internals is a must-have for anyone needing to understand the Windows operating system's low-level …
book
Windows® via C/C++, 5th Edition
Master the intricacies of application development with unmanaged C++ code—straight from the experts. Jeffrey Richter’s classic …