Log In
Or create an account -> 
Imperial Library
  • Home
  • About
  • News
  • Upload
  • Forum
  • Help
  • Login/SignUp

Index
Windows® Internals, Sixth Edition, Part 1 Dedication Introduction
Structure of the Book History of the Book Sixth Edition Changes Hands-on Experiments Topics Not Covered A Warning and a Caveat Acknowledgments Errata & Book Support We Want to Hear from You Stay in Touch
1. Concepts and Tools
Windows Operating System Versions Foundation Concepts and Terms
Windows API Services, Functions, and Routines Processes, Threads, and Jobs Virtual Memory Kernel Mode vs. User Mode Terminal Services and Multiple Sessions Objects and Handles Security Registry Unicode
Digging into Windows Internals
Performance Monitor Kernel Debugging
Symbols for Kernel Debugging Debugging Tools for Windows LiveKd Tool
Windows Software Development Kit Windows Driver Kit Sysinternals Tools
Conclusion
2. System Architecture
Requirements and Design Goals Operating System Model Architecture Overview
Portability Symmetric Multiprocessing Scalability Differences Between Client and Server Versions Checked Build
Key System Components
Environment Subsystems and Subsystem DLLs
Subsystem Startup Windows Subsystem Subsystem for Unix-based Applications
Ntdll.dll Executive Kernel
Kernel Objects Kernel Processor Control Region and Control Block (KPCR and KPRCB) Hardware Support
Hardware Abstraction Layer Device Drivers
Windows Driver Model (WDM) Windows Driver Foundation
System Processes
System Idle Process System Process and System Threads Session Manager (Smss) Windows Initialization Process (Wininit.exe) Service Control Manager (SCM) Local Session Manager (Lsm.exe) Winlogon, LogonUI, and Userinit
Conclusion
3. System Mechanisms
Trap Dispatching
Interrupt Dispatching
Hardware Interrupt Processing x86 Interrupt Controllers x64 Interrupt Controllers IA64 Interrupt Controllers Software Interrupt Request Levels (IRQLs) Software Interrupts
Dispatch or Deferred Procedure Call (DPC) Interrupts Asynchronous Procedure Call Interrupts
Timer Processing
Timer Expiration Processor Selection Intelligent Timer Tick Distribution Timer Coalescing
Exception Dispatching
Unhandled Exceptions Windows Error Reporting
System Service Dispatching
System Service Dispatching Service Descriptor Tables
Object Manager
Executive Objects Object Structure
Object Headers and Bodies Type Objects Object Methods Object Handles and the Process Handle Table Reserve Objects Object Security Object Retention Resource Accounting Object Names Object Directories
Symbolic Links
Session Namespace Object Filtering
Synchronization
High-IRQL Synchronization
Interlocked Operations Spinlocks Queued Spinlocks Instack Queued Spinlocks Executive Interlocked Operations
Low-IRQL Synchronization
Kernel Dispatcher Objects Waiting for Dispatcher Objects What Signals an Object? Data Structures Keyed Events Fast Mutexes and Guarded Mutexes Executive Resources Pushlocks Critical Sections User-Mode Resources Condition Variables Slim Reader-Writer Locks Run Once Initialization
System Worker Threads Windows Global Flags Advanced Local Procedure Call
Connection Model Message Model Asynchronous Operation Views, Regions, and Sections Attributes Blobs, Handles, and Resources Security Performance Debugging and Tracing
Kernel Event Tracing Wow64
Wow64 Process Address Space Layout System Calls Exception Dispatching User APC Dispatching Console Support User Callbacks File System Redirection Registry Redirection I/O Control Requests 16-Bit Installer Applications Printing Restrictions
User-Mode Debugging
Kernel Support Native Support Windows Subsystem Support
Image Loader
Early Process Initialization DLL Name Resolution and Redirection
DLL Name Redirection
Loaded Module Database Import Parsing Post-Import Process Initialization SwitchBack API Sets
Hypervisor (Hyper-V)
Partitions Parent Partition
Parent Partition Operating System Virtual Machine Manager Service and Worker Processes Virtualization Service Providers VM Infrastructure Driver and Hypervisor API Library Hypervisor
Child Partitions
Virtualization Service Clients Enlightenments
Hardware Emulation and Support
Emulated Devices Synthetic Devices Virtual Processors Memory Virtualization Intercepts Live Migration
Kernel Transaction Manager Hotpatch Support Kernel Patch Protection Code Integrity Conclusion
4. Management Mechanisms
The Registry
Viewing and Changing the Registry Registry Usage Registry Data Types Registry Logical Structure
HKEY_CURRENT_USER HKEY_USERS HKEY_CLASSES_ROOT HKEY_LOCAL_MACHINE HKEY_CURRENT_CONFIG HKEY_PERFORMANCE_DATA
Transactional Registry (TxR) Monitoring Registry Activity Process Monitor Internals
Process Monitor Troubleshooting Techniques Logging Activity in Unprivileged Accounts or During Logon/Logoff
Registry Internals
Hives Hive Size Limits Registry Symbolic Links Hive Structure Cell Maps The Registry Namespace and Operation Stable Storage Registry Filtering Registry Optimizations
Services
Service Applications
Service Accounts The Local System Account The Network Service Account The Local Service Account Running Services in Alternate Accounts Running with Least Privilege Service Isolation Interactive Services and Session 0 Isolation
The Service Control Manager Service Startup Startup Errors Accepting the Boot and Last Known Good Service Failures Service Shutdown Shared Service Processes Service Tags
Unified Background Process Manager
Initialization UBPM API Provider Registration Consumer Registration Task Host Service Control Programs
Windows Management Instrumentation
WMI Architecture Providers The Common Information Model and the Managed Object Format Language
The WMI Namespace
Class Association WMI Implementation WMI Security
Windows Diagnostic Infrastructure
WDI Instrumentation Diagnostic Policy Service Diagnostic Functionality
Conclusion
5. Processes, Threads, and Jobs
Process Internals
Data Structures
Protected Processes Flow of CreateProcess
Stage 1: Converting and Validating Parameters and Flags Stage 2: Opening the Image to Be Executed Stage 3: Creating the Windows Executive Process Object (PspAllocateProcess)
Stage 3A: Setting Up the EPROCESS Object Stage 3B: Creating the Initial Process Address Space Stage 3C: Creating the Kernel Process Structure Stage 3D: Concluding the Setup of the Process Address Space Stage 3E: Setting Up the PEB Stage 3F: Completing the Setup of the Executive Process Object (PspInsertProcess)
Stage 4: Creating the Initial Thread and Its Stack and Context Stage 5: Performing Windows Subsystem–Specific Post-Initialization Stage 6: Starting Execution of the Initial Thread Stage 7: Performing Process Initialization in the Context of the New Process
Thread Internals
Data Structures Birth of a Thread
Examining Thread Activity
Limitations on Protected Process Threads
Worker Factories (Thread Pools) Thread Scheduling
Overview of Windows Scheduling Priority Levels
Real-Time Priorities Interrupt Levels vs. Priority Levels Using Tools to Interact with Priority
Thread States Dispatcher Database Quantum
Quantum Accounting Controlling the Quantum Variable Quantums Quantum Settings Registry Value
Priority Boosts
Boosts Due to Scheduler/Dispatcher Events Unwait Boosts Lock Ownership Boosts Priority Boosting After I/O Completion Boosts During Waiting on Executive Resources Priority Boosts for Foreground Threads After Waits Priority Boosts After GUI Threads Wake Up Priority Boosts for CPU Starvation Applying Boosts Removing Boosts Priority Boosts for Multimedia Applications and Games
Context Switching Scheduling Scenarios
Voluntary Switch Preemption Quantum End Termination
Idle Threads Thread Selection
Idle Scheduler
Multiprocessor Systems
Package Sets and SMT Sets NUMA Systems Processor Group Assignment Logical Processors per Group Logical Processor State Scheduler Scalability Affinity Extended Affinity Mask System Affinity Mask Ideal and Last Processor Ideal Node
Thread Selection on Multiprocessor Systems Processor Selection
Choosing a Processor for a Thread When There Are Idle Processors Choosing a Processor for a Thread When There Are No Idle Processors
Processor Share-Based Scheduling
Dynamic Fair Share Scheduling
DFSS Initialization Per-Session CPU Quota Blocks Charging of Cycles to Throttled Threads CPU Throttling and Quota Enforcement Resuming Execution DFSS Idle-Only Queue Scheduling Session Weight Configuration
CPU Rate Limits
Dynamic Processor Addition and Replacement Job Objects
Job Limits Job Sets
Conclusion
6. Security
Security Ratings
Trusted Computer System Evaluation Criteria The Common Criteria
Security System Components Protecting Objects
Access Checks Security Identifiers
Integrity Levels Tokens Impersonation Restricted Tokens Filtered Admin Token
Virtual Service Accounts Security Descriptors and Access Control
ACL Assignment Determining Access
The AuthZ API
Conditional ACEs
Account Rights and Privileges
Account Rights Privileges Super Privileges
Access Tokens of Processes and Threads Security Auditing
Object Access Auditing Global Audit Policy Advanced Audit Policy Settings
Logon
Winlogon Initialization User Logon Steps Assured Authentication Biometric Framework for User Authentication
User Account Control and Virtualization
File System and Registry Virtualization
File Virtualization Registry Virtualization
Elevation
Running with Administrator Rights Requesting Administrative Rights Auto-Elevation Controlling UAC Behavior
Application Identification (AppID) AppLocker Software Restriction Policies Conclusion
7. Networking
Windows Networking Architecture
The OSI Reference Model Windows Networking Components
Networking APIs
Windows Sockets
Winsock Client Operation Winsock Server Operation Winsock Extensions Extending Winsock Winsock Implementation
Winsock Kernel
WSK Implementation
Remote Procedure Call
RPC Operation RPC Security RPC Implementation
Web Access APIs
WinInet HTTP
Named Pipes and Mailslots
Named-Pipe Operation Mailslot Operation Named Pipe and Mailslot Implementation
NetBIOS
NetBIOS Names NetBIOS Operation NetBIOS API Implementation
Other Networking APIs
Background Intelligent Transfer Service Peer-to-Peer Infrastructure DCOM Message Queuing UPnP with PnP-X
Multiple Redirector Support
Multiple Provider Router Multiple UNC Provider Surrogate Providers Redirector Mini-Redirectors Server Message Block and Sub-Redirectors
Distributed File System Namespace Distributed File System Replication Offline Files
Caching Modes
Online Offline (Slow Connection) Offline (Working Offline) Offline (Not Connected) Offline (Need to Sync)
Ghosts Data Security Cache Structure
BranchCache
Caching Modes
Configuration
BranchCache Optimized Application Retrieval: SMB Sequence BranchCache Optimized Application Retrieval: HTTP Sequence
Name Resolution
Domain Name System Peer Name Resolution Protocol
PNRP Resolution and Publication
Location and Topology
Network Location Awareness Network Connectivity Status Indicator
Passive Poll Network Change Monitoring Registry Change Monitoring Active Probe
Link-Layer Topology Discovery
Protocol Drivers
Windows Filtering Platform
Network Address Translation IP Filtering Internet Protocol Security
NDIS Drivers
Variations on the NDIS Miniport Connection-Oriented NDIS Remote NDIS QoS
Binding Layered Network Services
Remote Access Active Directory Network Load Balancing Network Access Protection Direct Access
Conclusion
A. About the Authors B. More Resources for Developers
Microsoft Press® books
Visual Studio Web Development .Net Framework Data Access/Database Other Topics
C. Find the Right Resource for You Index About the Authors Copyright
  • ← Prev
  • Back
  • Next →
  • ← Prev
  • Back
  • Next →

Chief Librarian: Las Zenow <zenow@riseup.net>
Fork the source code from gitlab.

This is a mirror of the Tor onion service:
http://kx5thpx2olielkihfyo4jgjqfb7zx7wxr3sd4xzt26ochei4m6f7tayd.onion