Windows Internals for Developers
Description
This five-day instructor-led course provides students with the knowledge and skills to develop, debug and troubleshoot low-level Windows applications. The course provides a detailed view of the Windows operating system architecture, its key components, undocumented interfaces and core interactions through the use of debugging utilities, inspection tools and exercises.
Intended audience
This course is intended for systems programmers, device driver developers and other Win32 developers with at least 1 year of experience programming native applications for Windows.
Topics
Module 1: Windows History and Characteristics
The Evolution of Windows: Windows 1.0 through Windows Vista
Back to 1989: Windows NT Design Goals
Windows Versions and Editions
Windows Programming Interfaces: Win32, COM, .NET
Lab 1: Basic Win32 Concepts
Module 2: Tools
Sysinternals Tools – Process Explorer, Process Monitor
Resource Kit and Support Kit Tools
Debugging Tools for Windows
Understanding Debugging Symbols
Kernel Debuggers
Lab 2: Symbols, Process Explorer and WinDbg
Lab 3: Virtual Kernel Debugging (Optional)
Module 3: System Architecture
Kernel-Mode vs. User-Mode Execution
Primary System Components
Types of User-Mode Processes
Hard-Wired System Processes
Module 4: Startup and Shutdown
Windows Startup – from Setup to Shell
Windows Shutdown – Applications, Services and Drivers
Module 5: System Mechanisms
Trap and Interrupt Dispatching
Interrupt Request Levels (IRQL)
Exception Handling in User-Mode and Kernel-Mode
Deferred Procedure Calls (DPC)
Asynchronous Procedure Calls (APC) in User-Mode and Kernel-Mode
The LPC Facility
System Worker Threads
Lab 4: Understanding System Mechanisms
Lab 5: Using User-Mode APCs
Module 6: The Object Manager
Resource Management in the Operating System
Handles and Handle Tables
Creating, Naming, Sharing and Duplicating Kernel Objects
Executive Object Types
Lab 6: Inspecting Objects
Lab 7: Listing Objects using NTDLL
Module 7: Process and Thread Internals
Process Data Structures: Kernel, Executive, Environment Subsystem
Process Creation Flow
Thread Data Structures: Kernel, Executive, Environment Subsystem
Thread Creation Flow
Lab 8: Examining Processes and Threads
Module 8: Thread Scheduling
Thread Scheduling in a Preemptive Multitasking Operating System
Thread Execution States and Transitions
Dispatcher Database
Quantum Length, Tuning and Boosts
Thread Priority and Priority Boosts
Thread Scheduling on a Multi-Processor System
Thread CPU Affinity and Non-Uniform Memory Access (NUMA)
Lab 9: Demonstrating Thread Priority Boosts
Module 9: Synchronization Mechanisms
Concurrency and the Need for Synchronization
Kernel Synchronization: IRQL, Spinlocks and Queued Spinlocks
Executive Synchronization: Dispatcher Objects and Wait Blocks
Waiting for and Signaling Dispatcher Objects
Tracing Dispatcher Objects and Wait Chain Traversal
Lab 10: Using Wait Chain Traversal
Module 10: The Memory Manager
Virtual Memory and Paging
Allocating Memory: Reserve, Commit, Heap
Address Space Layout: User-Mode and Kernel-Mode, 32-bit and 64-bit
Virtual Address Translation, Translation Look-Aside Buffer (TLB)
Protecting Memory
Locking Pages into Memory, Address Windowing Extensions (AWE)
System Memory Pools and Look-Aside Lists
Working Set Management: Fetch, Placement and Replacement Policies
Page Frame Number (PFN) Database
Module 11: The I/O System
The I/O Manager, Power Manager and Plug-and-Play Manager
Device Driver Structure
I/O Data Structures: File Objects, Driver Object, Device Object
I/O Flow: I/O Request Packets
A Glimpse Towards Windows Driver Foundation (WDF)
Module 12: The Cache Manager
Operating System File Caching vs. CPU Caching
Cache Structure: Cache Control Blocks, Private Control Blocks
Cache Operation: Read and Write, Fast I/O
Controlling the Cache Manager: Hints to CreateFile
Module 13: User-Mode Debugging
Understanding the Role of Debugging Symbols
Generating Dump Files: Crash and Hang Scenarios
Debugging Application Crashes
Debugging Application Hangs and Deadlocks
Lab 11: User-Mode Dumps and Debugging
Module 14: Kernel-Mode Debugging
Blue Screen of Death: When Does the Operating System Crash?
Manually Obtaining a Dump of the System
Debugging Crashes
Using Driver Verifier to Pinpoint Faulting Drivers
Lab 12: Kernel-Mode Dumps
Module 15: What's New in Windows Vista?
Application Restart and Recovery, Restart Manager
Kernel Transaction Manager: Transactional File System and Registry
I/O and Memory Management Improvements
Overview of Networking Changes
Module 16: What's Different in 64-Bit Windows?
64-Bit Processor Architecture (AMD64)
Windows on Windows 64 (WOW64) Architecture
File System and Registry Redirection and Virtualization
Performance Improvements on 64-Bit Windows
האם אתה בטוח שאתה רוצה לסגור את הטופס ולאבד את כל השינויים?
