Windows Internals: System architecture, processes, threads, memory management, and more, Part 1

Description
Table of Contents

The definitive guide–fully updated for Windows 10 and Windows Server 2016

Delve inside Windows architecture and internals, and see how core components work behind the scenes. Led by a team of internals experts, this classic guide has been fully updated for Windows 10 and Windows Server 2016.

Whether you are a developer or an IT professional, you’ll get critical, insider perspectives on how Windows operates. And through hands-on experiments, you’ll experience its internal behavior firsthand–knowledge you can apply to improve application design, debugging, system performance, and support.

This book will help you:

· Understand the Window system architecture and its most important entities, such as processes and threads

· Examine how processes manage resources and threads scheduled for execution inside processes

· Observe how Windows manages virtual and physical memory

· Dig into the Windows I/O system and see how device drivers work and integrate with the rest of the system

· Go inside the Windows security model to see how it manages access, auditing, and authorization, and learn about the new mechanisms in Windows 10 and Server 2016

Chapter 1: Concepts and tools

Windows operating system versions

Foundation concepts and terms

Digging into Windows internals

Conclusion

Chapter 2: System architecture

Requirements and design goals

Operating system model

Architecture overview

Virtualization-based security architecture overview

Key system components

Conclusion

Chapter 3: Processes and jobs

Creating a process

Process internals

Protected processes

Minimal and Pico processes

Trustlets (secure processes)

Flow of CreateProcess

Terminating a process

Image loader

Jobs

Conclusion

Chapter 4: Threads

Creating threads

Thread internals

Examining thread activity

Thread scheduling

Group-based scheduling

Worker factories (thread pools)

Conclusion

Chapter 5: Memory management

Introduction to the memory manager

Services provided by the memory manager

Kernel-mode heaps (system memory pools)

Heap manager

Virtual address space layouts

Address translation

Page fault handling

Stacks

Virtual address descriptors

NUMA

Section objects

Working sets

Page frame number database

Physical memory limits

Memory compression

Memory partitions

Memory combining

Memory enclaves

Proactive memory management (SuperFetch)

Conclusion

Chapter 6: I/O system

I/O system components

Interrupt Request Levels and Deferred Procedure Calls

Device drivers

I/O processing

Driver Verifier

The Plug and Play manager

General driver loading and installation

The Windows Driver Foundation

The power manager

Conclusion

Chapter 7: Security

Security ratings

Security system components

Virtualization-based security

Protecting objects

The AuthZ API

Account rights and privileges

Access tokens of processes and threads

Security auditing

AppContainers

Logon

User Account Control and virtualization

Exploit mitigations

Application Identification

AppLocker

Software Restriction Policies

Kernel Patch Protection

PatchGuard

HyperGuard

Conclusion