Windows Internals, Part 1

Series
Microsoft Press
Author
Pavel Yosifovich / Mark E. Russinovich / David A. Solomon / Alex Ionescu  
Publisher
Microsoft Press
Cover
Softcover
Edition
7
Language
English
Total pages
900
Pub.-date
May 2017
ISBN13
9780735684188
ISBN
0735684189


Product detail

Product Price CHF Available  
9780735684188
Windows Internals, Part 1
55.90 approx. 7-9 days

Description

Delve inside Windows architecture and internals - and see how core components work behind the scenes. This classic guide has been fully updated for Windows 10 and Windows Server 2016.

Features

  • Delve inside Windows architecture and internals
  • See how core components work behind the scenes
  • Experience internal behavior firsthand

New to this Edition

fully updated for Windows 10 and Windows Server 2016, and now presents its coverage in three volumes: Book 1, User Mode; Book 2, Kernel Mode; Book 3, Device Driver Models.

Table of Contents

Chapter 1: Concepts and tools       

Windows operating system versions   

Foundation concepts and terms

Digging into Windows internals   

Conclusion

Chapter 2:  System architecture   

Requirements and design goals   

Operating system model

Architecture overview   

Virtualization-based security architecture overview

Key system components   

Conclusion

Chapter 3: Processes and jobs        

Creating a process  

Process internals

Protected processes 

Minimal and Pico processes

Trustlets (secure processes)  

Flow of CreateProcess  

Terminating a process

Image loader   

Jobs      

Conclusion

Chapter 4: Threads          

Creating threads  

Thread internals

Examining thread activity   

Thread scheduling  

Group-based scheduling

Worker factories (thread pools)  

Conclusion


Chapter 5: Memory management  

Introduction to the memory manager

Services provided by the memory manager  

Kernel-mode heaps (system memory pools)

Heap manager  

Virtual address space layouts  

Address translation 

Page fault handling  

Stacks  

Virtual address descriptors   

NUMA  

Section objects

Working sets  

Page frame number database

Physical memory limits

Memory compression   

Memory partitions

Memory combining  

Memory enclaves

Proactive memory management (SuperFetch)

Conclusion

Chapter 6: I/O system     

I/O system components

Interrupt Request Levels and Deferred Procedure Calls   

Device drivers

I/O processing

Driver Verifier  

The Plug and Play manager

General driver loading and installation   

The Windows Driver Foundation 

The power manager

Conclusion  

 

Chapter 7: Security  

Security ratings

Security system components   

Virtualization-based security

Protecting objects

The AuthZ API  

Account rights and privileges   

Access tokens of processes and threads

Security auditing   

AppContainers

Logon

User Account Control and virtualization  

Exploit mitigations

Application Identification   

AppLocker  

Software Restriction Policies

Kernel Patch Protection   

PatchGuard   

HyperGuard   

Conclusion

 

Author

Pavel Yosifovich is a developer, trainer, and author specializing in Microsoft technologies and tools. He is a Microsoft MVP and a Pluralsight author, and loves all things software. Pavel has been around since the days of 8-bit machines and still looks back fondly on his programming days on his Commodore 64.

 

Alex Ionescu is Vice President of EDR Strategy at CrowdStrike and an internationally recognized expert in low-level system software, operating system research and kernel development, security training, and reverse engineering. He teaches Windows Internals courses around the world and is active in the security research community through conference talks and bug bounty programs.

 

Mark Russinovich is Chief Technology Officer for Microsoft Azure, Microsoft’s global enterprise-grade cloud platform. Mark is a widely recognized expert in distributed systems and operating systems. He co-founded Winternals Software and joined Microsoft in 2006 when it was acquired. He is the primary author of the Sysinternals tools and website, which include dozens of popular Windows administration and diagnostic utilities.

 

David Solomon (retired) taught Windows kernel internals for 20 years to developers and IT professionals worldwide, including at Microsoft. His first book was Windows NT for OpenVMS Professionals. He then authored Inside Windows NT, 2nd edition, and later, with Mark Russinovich, coauthored the 3rd, 4th, 5th, and 6th editions of the Windows Internals series. David has spoken at many Microsoft conferences and was a recipient of the 1993 and 2005 Microsoft Support Most Valuable Professional (MVP) award.