Windows Internals, Part 1: System architecture, processes, threads, memory management, and more, 7th Edition

About

Features

• Delve inside Windows architecture and internals
• See how core components work behind the scenes
• Experience internal behavior firsthand

Description

The definitive guide–fully updated for Windows 10 and Windows Server 2016

Delve inside Windows architecture and internals, and see how core components work behind the scenes. Led by a team of internals experts, this classic guide has been fully updated for Windows 10 and Windows Server 2016.

Whether you are a developer or an IT professional, you’ll get critical, insider perspectives on how Windows operates. And through hands-on experiments, you’ll experience its internal behavior firsthand–knowledge you can apply to improve application design, debugging, system performance, and support.

This book will help you:

· Understand the Window system architecture and its most important entities, such as processes and threads

· Examine how processes manage resources and threads scheduled for execution inside processes

· Observe how Windows manages virtual and physical memory

· Dig into the Windows I/O system and see how device drivers work and integrate with the rest of the system

· Go inside the Windows security model to see how it manages access, auditing, and authorization, and learn about the new mechanisms in Windows 10 and Server 2016

Downloads

Downloads

Follow the instructions to download this book's lesson files.

1. Click the Download button below to start the download.
2. If prompted, click Save.
3. Locate the .zip file on your computer. Right-click the file, click Extract All, and then follow the instructions.

Sample Content

Table of Contents

Chapter 1: Concepts and tools

Windows operating system versions

Foundation concepts and terms

Digging into Windows internals

Conclusion

Chapter 2: System architecture

Requirements and design goals

Operating system model

Architecture overview

Virtualization-based security architecture overview

Key system components

Conclusion

Chapter 3: Processes and jobs

Creating a process

Process internals

Protected processes

Minimal and Pico processes

Trustlets (secure processes)

Flow of CreateProcess

Terminating a process

Image loader

Jobs

Conclusion

Chapter 4: Threads

Creating threads

Thread internals

Examining thread activity

Thread scheduling

Group-based scheduling

Worker factories (thread pools)

Conclusion

Chapter 5: Memory management

Introduction to the memory manager

Services provided by the memory manager

Kernel-mode heaps (system memory pools)

Heap manager

Virtual address space layouts

Address translation

Page fault handling

Stacks

Virtual address descriptors

NUMA

Section objects

Working sets

Page frame number database

Physical memory limits

Memory compression

Memory partitions

Memory combining

Memory enclaves

Proactive memory management (SuperFetch)

Conclusion

Chapter 6: I/O system

I/O system components

Interrupt Request Levels and Deferred Procedure Calls

Device drivers

I/O processing

Driver Verifier

The Plug and Play manager

General driver loading and installation

The Windows Driver Foundation

The power manager

Conclusion

Chapter 7: Security

Security ratings

Security system components

Virtualization-based security

Protecting objects

The AuthZ API

Account rights and privileges

Access tokens of processes and threads

Security auditing

AppContainers

Logon

User Account Control and virtualization

Exploit mitigations

Application Identification

AppLocker

Software Restriction Policies

Kernel Patch Protection

PatchGuard

HyperGuard

Conclusion

Updates

Errata

We've made every effort to ensure the accuracy of this book and its companion content. Any errors that have been confirmed since this book was published can be downloaded below.

Download the errata

Submit Errata