Log In
Or create an account ->
Imperial Library
Home
About
News
Upload
Forum
Help
Login/SignUp
Index
Windows® Internals, Sixth Edition, Part 2
Dedication
Introduction
Structure of the Book
History of the Book
Sixth Edition Changes
Hands-on Experiments
Topics Not Covered
A Warning and a Caveat
Acknowledgments
Errata & Book Support
We Want to Hear from You
Stay in Touch
8. I/O System
I/O System Components
The I/O Manager
Typical I/O Processing
Device Drivers
Types of Device Drivers
WDM Drivers
Layered Drivers
Structure of a Driver
Driver Objects and Device Objects
Opening Devices
I/O Processing
Types of I/O
Synchronous and Asynchronous I/O
Fast I/O
Mapped File I/O and File Caching
Scatter/Gather I/O
I/O Request Packets
IRP Stack Locations
IRP Buffer Management
I/O Request to a Single-Layered Driver
Servicing an Interrupt
Completing an I/O Request
Synchronization
I/O Requests to Layered Drivers
Thread Agnostic I/O
I/O Cancellation
User-Initiated I/O Cancellation
I/O Cancellation for Thread Termination
I/O Completion Ports
The IoCompletion Object
Using Completion Ports
I/O Completion Port Operation
I/O Prioritization
I/O Priorities
Prioritization Strategies
I/O Priority Inversion Avoidance (I/O Priority Inheritance)
I/O Priority Boosts and Bumps
Bandwidth Reservation (Scheduled File I/O)
Container Notifications
Driver Verifier
Kernel-Mode Driver Framework (KMDF)
Structure and Operation of a KMDF Driver
KMDF Data Model
KMDF I/O Model
User-Mode Driver Framework (UMDF)
The Plug and Play (PnP) Manager
Level of Plug and Play Support
Driver Support for Plug and Play
Driver Loading, Initialization, and Installation
The Start Value
Device Enumeration
Device Stacks
Device Stack Driver Loading
Driver Installation
The Power Manager
Power Manager Operation
Driver Power Operation
Driver and Application Control of Device Power
Power Availability Requests
Processor Power Management (PPM)
Core Parking Policies
Utility Function
Algorithm Overrides
Increase/Decrease Actions
Thresholds and Policy Settings
Performance Check
Conclusion
9. Storage Management
Storage Terminology
Disk Devices
Rotating Magnetic Disks
Disk Sector Format
Solid State Disks
NAND-Type Flash Memory
File Deletion and the Trim Command
Disk Drivers
Winload
Disk Class, Port, and Miniport Drivers
iSCSI Drivers
Multipath I/O (MPIO) Drivers
Disk Device Objects
Partition Manager
Volume Management
Basic Disks
MBR-Style Partitioning
GUID Partition Table Partitioning
Basic Disk Volume Manager
Dynamic Disks
The LDM Database
LDM and GPT or MBR-Style Partitioning
Dynamic Disk Volume Manager
Multipartition Volume Management
Spanned Volumes
Striped Volumes
Mirrored Volumes
RAID-5 Volumes
The Volume Namespace
The Mount Manager
Mount Points
Volume Mounting
Volume I/O Operations
Virtual Disk Service
Virtual Hard Disk Support
Attaching VHDs
Nested File Systems
BitLocker Drive Encryption
Encryption Keys
Trusted Platform Module (TPM)
BitLocker Boot Process
BitLocker Key Recovery
Full-Volume Encryption Driver
BitLocker Management
BitLocker To Go
Volume Shadow Copy Service
Shadow Copies
Clone Shadow Copies
Copy-on-Write Shadow Copies
VSS Architecture
VSS Operation
Shadow Copy Provider
Uses in Windows
Backup
Previous Versions and System Restore
Conclusion
10. Memory Management
Introduction to the Memory Manager
Memory Manager Components
Internal Synchronization
Examining Memory Usage
Services Provided by the Memory Manager
Large and Small Pages
Reserving and Committing Pages
Commit Limit
Locking Memory
Allocation Granularity
Shared Memory and Mapped Files
Protecting Memory
No Execute Page Protection
Software Data Execution Prevention
Copy-on-Write
Address Windowing Extensions
Kernel-Mode Heaps (System Memory Pools)
Pool Sizes
Monitoring Pool Usage
Look-Aside Lists
Heap Manager
Types of Heaps
Heap Manager Structure
Heap Synchronization
The Low Fragmentation Heap
Heap Security Features
Heap Debugging Features
Pageheap
Fault Tolerant Heap
Virtual Address Space Layouts
x86 Address Space Layouts
x86 System Address Space Layout
x86 Session Space
System Page Table Entries
64-Bit Address Space Layouts
x64 Virtual Addressing Limitations
Windows x64 16-TB Limitation
Dynamic System Virtual Address Space Management
System Virtual Address Space Quotas
User Address Space Layout
Image Randomization
Stack Randomization
Heap Randomization
ASLR in Kernel Address Space
Controlling Security Mitigations
Address Translation
x86 Virtual Address Translation
Page Directories
Page Tables and Page Table Entries
Hardware vs. Software Write Bits in Page Table Entries
Byte Within Page
Translation Look-Aside Buffer
Physical Address Extension (PAE)
x64 Virtual Address Translation
IA64 Virtual Address Translation
Page Fault Handling
Invalid PTEs
Prototype PTEs
In-Paging I/O
Collided Page Faults
Clustered Page Faults
Page Files
Commit Charge and the System Commit Limit
Commit Charge and Page File Size
Stacks
User Stacks
Kernel Stacks
DPC Stack
Virtual Address Descriptors
Process VADs
Rotate VADs
NUMA
Section Objects
Driver Verifier
Page Frame Number Database
Page List Dynamics
Page Priority
Modified Page Writer
PFN Data Structures
Physical Memory Limits
Windows Client Memory Limits
32-Bit Client Effective Memory Limits
Working Sets
Demand Paging
Logical Prefetcher
Placement Policy
Working Set Management
Balance Set Manager and Swapper
System Working Sets
Memory Notification Events
Proactive Memory Management (Superfetch)
Components
Tracing and Logging
Scenarios
Page Priority and Rebalancing
Robust Performance
ReadyBoost
ReadyDrive
Unified Caching
Process Reflection
Conclusion
11. Cache Manager
Key Features of the Cache Manager
Single, Centralized System Cache
The Memory Manager
Cache Coherency
Virtual Block Caching
Stream-Based Caching
Recoverable File System Support
Cache Virtual Memory Management
Cache Size
Cache Virtual Size
Cache Working Set Size
Cache Physical Size
Cache Data Structures
Systemwide Cache Data Structures
Per-File Cache Data Structures
File System Interfaces
Copying to and from the Cache
Caching with the Mapping and Pinning Interfaces
Caching with the Direct Memory Access Interfaces
Fast I/O
Read-Ahead and Write-Behind
Intelligent Read-Ahead
Write-Back Caching and Lazy Writing
Disabling Lazy Writing for a File
Forcing the Cache to Write Through to Disk
Flushing Mapped Files
Write Throttling
System Threads
Conclusion
12. File Systems
Windows File System Formats
CDFS
UDF
FAT12, FAT16, and FAT32
exFAT
NTFS
File System Driver Architecture
Local FSDs
Remote FSDs
Locking
File System Operation
Explicit File I/O
Memory Manager’s Modified and Mapped Page Writer
Cache Manager’s Lazy Writer
Cache Manager’s Read-Ahead Thread
Memory Manager’s Page Fault Handler
File System Filter Drivers
Process Monitor
Troubleshooting File System Problems
Process Monitor Basic vs. Advanced Modes
Process Monitor Troubleshooting Techniques
Common Log File System
Marshalling
Marshalling
Log Types
Log Layout
Log Sequence Numbers
Log Blocks
Owner Pages
Translating Virtual LSNs to Physical LSNs
Management Policies
NTFS Design Goals and Features
High-End File System Requirements
Recoverability
Security
Data Redundancy and Fault Tolerance
Advanced Features of NTFS
Multiple Data Streams
Unicode-Based Names
General Indexing Facility
Dynamic Bad-Cluster Remapping
Hard Links
Symbolic (Soft) Links and Junctions
Compression and Sparse Files
Change Logging
Per-User Volume Quotas
Link Tracking
Encryption
POSIX Support
Defragmentation
Dynamic Partitioning
NTFS File System Driver
NTFS On-Disk Structure
Volumes
Clusters
Master File Table
File Record Numbers
File Records
File Names
Resident and Nonresident Attributes
Data Compression and Sparse Files
Compressing Sparse Data
Compressing Nonsparse Data
Sparse Files
The Change Journal File
Indexing
Object IDs
Quota Tracking
Consolidated Security
Reparse Points
Transaction Support
Isolation
Transactional APIs
Resource Managers
On-Disk Implementation
Logging Implementation
Recovery Implementation
NTFS Recovery Support
Design
Metadata Logging
Log File Service
Log Record Types
Recovery
Analysis Pass
Redo Pass
Undo Pass
NTFS Bad-Cluster Recovery
Self-Healing
Encrypting File System Security
Encrypting a File for the First Time
Encrypting File Data
The Decryption Process
Backing Up Encrypted Files
Copying Encrypted Files
Conclusion
13. Startup and Shutdown
Boot Process
BIOS Preboot
The BIOS Boot Sector and Bootmgr
The UEFI Boot Process
Booting from iSCSI
Initializing the Kernel and Executive Subsystems
Smss, Csrss, and Wininit
ReadyBoot
Images That Start Automatically
Troubleshooting Boot and Startup Problems
Last Known Good
Safe Mode
Driver Loading in Safe Mode
Safe-Mode-Aware User Programs
Boot Logging in Safe Mode
Windows Recovery Environment (WinRE)
Solving Common Boot Problems
MBR Corruption
Boot Sector Corruption
BCD Misconfiguration
System File Corruption
System Hive Corruption
Post–Splash Screen Crash or Hang
Shutdown
Conclusion
14. Crash Dump Analysis
Why Does Windows Crash?
The Blue Screen
Causes of Windows Crashes
Troubleshooting Crashes
Crash Dump Files
Crash Dump Generation
Windows Error Reporting
Online Crash Analysis
Basic Crash Dump Analysis
Notmyfault
Basic Crash Dump Analysis
Verbose Analysis
Using Crash Troubleshooting Tools
Buffer Overruns, Memory Corruption, and Special Pool
Code Overwrite and System Code Write Protection
Advanced Crash Dump Analysis
Stack Trashes
Hung or Unresponsive Systems
When There Is No Crash Dump
Analysis of Common Stop Codes
0xD1 - DRIVER_IRQL_NOT_LESS_OR_EQUAL
0x8E - KERNEL_MODE_EXCEPTION_NOT_HANDLED
0x7F - UNEXPECTED_KERNEL_MODE_TRAP
0xC5 - DRIVER_CORRUPTED_EXPOOL
Hardware Malfunctions
Conclusion
A. Contents of Windows Internals, Sixth Edition, Part 1
Index
About the Authors
Copyright
← Prev
Back
Next →
← Prev
Back
Next →