WindowsInternals:IncludingWindowsServer2008andWindowsVista,FifthEdition资源-CSDN下载

共1个文件

pdf：1个

Windows

Internals

5星 · 超过95%的资源需积分: 9 52 浏览量 2010-02-28 20:00:40 上传评论收藏 15.14MB RAR 举报

资源推荐

资源详情

资源评论

收起资源包目录

MS Press - Windows Internals, Including Windows Server 2008 and Windows Vista 5th Edition (2009).rar （1个子文件）

MS Press - Windows Internals, Including Windows Server 2008 and Windows Vista 5th Edition (2009).pdf 18.74MB

Table of Contents

Table of Contents..............................................................................i

1. Concepts and Tools .....................................................................1

1.1 Windows Operating System Versions ...........................................................1

1.2 Foundation Concepts and Terms...................................................................2

1.2.1 Windows API.........................................................................................2

1.2.2 Services, Functions, and Routines.......................................................4

1.2.3 Processes, Threads, and Jobs...............................................................4

1.2.4 Virtual Memory...................................................................................14

1.2.5 Kernel Mode vs. User Mode...............................................................17

1.2.6 Terminal Services and Multiple Sessions..........................................20

1.2.7 Objects and Handles...........................................................................21

1.2.8 Security ................................................................................................22

1.2.9 Registry................................................................................................23

1.2.10 Unicode...............................................................................................24

1.3 Digging into Windows internals...................................................................24

1.3.1 Reliability and Performance Monitor...............................................25

1.3.2 Kernel Debugging ...............................................................................27

1.3.3 Windows Software Development Kit ................................................32

1.3.4 Windows Driver Kit............................................................................32

1.3.5 Sysinternals Tools................................................................................32

1.4 Conclusion .....................................................................................................33

2. System Architecture..................................................................34

2.1 Requirements and Design Goals..................................................................34

2.2 Operating System Model..............................................................................35

2.3 Architecture Overview..................................................................................36

2.3.1 Portability............................................................................................38

2.3.2 Symmetric Multiprocessing ...............................................................39

2.3.3 Scalability.............................................................................................44

2.3.4 Differences Between Client and Server Versions .............................44

2.3.5 Checked Build .....................................................................................48

2.4 Key System Components..............................................................................50

2.4.1 Environment Subsystems and Subsystem DLLs..............................51

2.4.2 Ntdll.dll ................................................................................................57

2.4.3 Executive..............................................................................................58

2.4.4 Kernel...................................................................................................61

2.4.5 Hardware Abstraction Layer.............................................................64

2.4.6 Device Drivers .....................................................................................67

2.4.7 System Processes.................................................................................72

2.5 Conclusion .....................................................................................................83

3. System Mechanisms ..................................................................84

3.1 Trap Dispatching...........................................................................................84

3.1.1 Interrupt Dispatching.........................................................................86

3.1.2 Exception Dispatching......................................................................113

3.1.3 System Service Dispatching .............................................................123

3.2 Object Manager ..........................................................................................134

3.2.1 Executive Objects..............................................................................137

3.2.2 Object Structure................................................................................138

3.3 Synchronization...........................................................................................171

3.3.1 High-IRQL Synchronization............................................................172

3.3.2 Low-IRQL Synchronization.............................................................177

3.4 System Worker Threads.............................................................................196

3.5 Windows global Flags.................................................................................198

3.6 Advanced Local Procedure Calls (ALPCs)...............................................201

3.7 Kernel event Tracing ..................................................................................205

3.8 Wow64..........................................................................................................210

3.8.1 Wow64 Process Address Space Layout...........................................211

3.8.2 System Calls.......................................................................................211

3.8.3 Exception Dispatching......................................................................212

3.8.4 User Callbacks...................................................................................212

3.8.5 File System Redirection....................................................................212

3.8.6 Registry Redirection and Reflection ...............................................213

3.8.7 I/O Control Requests......................................................................214

3.8.8 16-Bit Installer Applications ............................................................214

3.8.9 Printing............................................................................................214

3.8.10 Restrictions....................................................................................215

3.9 user-Mode Debugging.................................................................................215

3.9.1 Kernel Support..................................................................................215

3.9.2 Native Support ..................................................................................217

3.9.3 Windows Subsystem Support ..........................................................218

3.10 Image Loader ............................................................................................218

3.10.1 Early Process Initialization ............................................................220

3.10.2 Loaded Module Database...............................................................221

3.10.3 Import Parsing................................................................................224

3.10.4 Post Import Process Initialization.................................................226

3.11 Hypervisor (Hyper-V)...............................................................................226

3.11.1 Partitions..........................................................................................228

3.11.2 Root Partition ..................................................................................228

3.11.3 Child Partitions ...............................................................................230

3.11.4 Hardware Emulation and Support................................................232

3.12 Kernel Transaction Manager...................................................................237

3.13 Hotpatch Support......................................................................................239

iii

3.14 Kernel Patch Protection...........................................................................241

3.15 Code integrity............................................................................................244

3.16 Conclusion .................................................................................................245

4. Management Mechanisms ......................................................246

4.1 The Registry ................................................................................................246

4.1.1 Viewing and Changing the Registry................................................246

4.1.2 Registry Usage...................................................................................246

4.1.3 Registry Data Types..........................................................................247

4.1.4 Registry Logical Structure ...............................................................248

4.1.6 Monitoring Registry Activity ...........................................................258

4.1.7 Registry Internals..............................................................................261

4.2 Services.........................................................................................................275

4.2.1 Service Applications..........................................................................276

4.2.2 The Service Control Manager..........................................................291

4.2.3 Service Startup ..................................................................................293

4.2.4 Startup Errors...................................................................................297

4.2.5 Accepting the Boot and Last Known Good.....................................298

4.2.6 Service Failures.................................................................................300

4.2.7 Service Shutdown..............................................................................300

4.2.8 Shared Service Processes..................................................................302

4.2.9 Service Tags .......................................................................................304

4.2.10 Service Control Programs..............................................................305

4.3 Windows Management instrumentation...................................................306

4.3.1 Providers............................................................................................308

4.3.2 The Common Information Model and the Managed Object Format

Language.....................................................................................................309

4.3.3 Class Association...............................................................................311

4.3.4 WMI Implementation.......................................................................314

4.3.5 WMI Security....................................................................................315

4.4 Windows Diagnostic infrastructure...........................................................316

4.4.1 WDI Instrumentation .......................................................................316

4.4.2 Diagnostic Policy Service..................................................................316

4.4.3 Diagnostic Functionality...................................................................317

4.5 Conclusion ...................................................................................................319

5. Processes, Threads, and Jobs .................................................320

5.1 Process Internals.........................................................................................320

5.1.1 Data Structures..................................................................................320

5.1.2 Kernel Variables................................................................................327

5.1.3 Performance Counters......................................................................327

5.1.4 Relevant Functions............................................................................328

5.2 Protected Processes.....................................................................................330

5.3 Flow of CreateProcess ................................................................................332

5.3.1 Stage 1: Converting and Validating Parameters and Flags ..........333

5.3.2 Stage 2: Opening the Image to Be Executed...................................334

5.3.3 Stage 3: Creating the Windows Executive Process Object

(PspAllocate- Process) ...............................................................................337

5.3.4 Stage 4: Creating the Initial Thread and Its Stack and Context ..341

5.3.5 Stage 5: Performing Windows Subsystem–Specific

Post-Initialization.......................................................................................342

5.3.6 Stage 6: Starting Execution of the Initial Thread ..........................344

5.3.7 Stage 7: Performing Process Initialization in the Context of the New

Process.........................................................................................................344

5.4 Thread Internals .........................................................................................351

5.4.1 Data Structures..................................................................................351

5.4.2 Kernel Variables................................................................................358

5.4.3 Performance Counters......................................................................358

5.4.4 Relevant Functions............................................................................359

5.4.5 Birth of a Thread...............................................................................359

5.5 Examining Thread activity.........................................................................360

5.6 Worker Factories (Thread Pools) ..............................................................364

5.7 Thread Scheduling......................................................................................368

5.7.1 Overview of Windows Scheduling...................................................368

5.7.2 Priority Levels...................................................................................370

5.7.3 Windows Scheduling APIs................................................................372

5.7.4 Relevant Tools ...................................................................................372

5.7.5 Real-Time Priorities..........................................................................374

5.7.6 Thread States.....................................................................................375

5.7.7 Dispatcher Database.........................................................................378

5.7.8 Quantum............................................................................................379

5.7.9 Scheduling Scenarios........................................................................386

5.7.10 Context Switching...........................................................................390

5.7.11 Idle Thread.......................................................................................390

5.7.12 Priority Boosts.................................................................................391

5.7.13 Multiprocessor Systems..................................................................404

5.7.14 Multiprocessor Thread-Scheduling Algorithms...........................412

5.7.15 CPU Rate Limits .............................................................................413

5.8 Job Objects..................................................................................................414

5.9 Conclusion ...................................................................................................419

6. Security.....................................................................................420

6.1 Security Ratings ..........................................................................................420

6.2 Security System Components.....................................................................422

6.3 Protecting Objects.......................................................................................425

6.3.1 Access Checks....................................................................................426

6.3.2 Security Descriptors and Access Control........................................448

6.4 Account Rights and Privileges ...................................................................462

评论收藏

内容反馈

stigmarama

2012-05-05

很好的版本，有书签，但图不大清晰，但不影响阅读，适合研究windows os的人，以及恶意软件研究人员
robindll

2012-03-02

英文版，非常清楚的PDF文件，应该是原版的。
MagicFuzzX

2012-03-28

英文版，非常清楚的PDF文件，应该是原版的。
ApineSD

2013-05-03

重磅好书，从底层技术细节全面介绍了WINDOWS操作系统，值得反复研读。书部头很大，通读下来恐怕要不少精力、毅力和时间。我是为了弄清楚IIS这一小部分内容，非常有收获。超赞！