CodeMachine - Course - Windows Internal Architecture and Troubleshooting

Windows Internal Architecture and Troubleshooting

5 days lecture + hands-on lab

Target Audience

IT Professionals, System Administrators, Support Engineers and Field Engineers

Description

This course teaches the architecture and internals of the Windows operating system with emphasis on using various tools to troubleshoot common problems and identify offending components on production systems. It helps attendees understand the behind the scenes working of the Windows operating system and troubleshoot various common failures that occur during the operation system.

The hands-on lab familiarizes attendees with the troubleshooting and performance analysis tools (including the debugger) and how to effectively use them to investigate the state of the system, identify common problem symptoms and isolate faulty components.

Pre-requisites

Attendees should be familiar with basic operating system concepts and have hands-on experience using the Windows. This course does NOT require attendees to have a developer (programming) background.

Attendees who have developer background should attend the Windows User Mode Internals, Debugging and Dump Analysis or the Windows Kernel Mode Internals, Debugging and Dump Analysis courses.

Goals

Upon completion of this course attendees would have a good understanding of the behind the scenes working of the Windows OS and be able to apply this knowledge to troubleshoot and diagnose common problems on Windows using various tools.

Topics

Platform Architecture

OS Components
User Mode vs. Kernel Mode
CPU Support
Symmetric Multiprocessing
IRQLs, Interrupts and DPCs
Virtualization

Debugging Tools

Debugging Tools for Windows
Performance Analysis Tools
Performance Monitoring Tools
Profiling Tools
SysInternals Tools

Processes and Threads

Processes
Threads
Sessions
System Service
Thread States
Thread Priorities
Thread Scheduling
Thread Pools
Synchronization
User Mode Scheduling (UMS)

Memory Manager

Physical Memory, PAE & NUMA
Virtual Memory
Process Virtual Address Space
Reserved and Committed Memory
Address Windowing Extension (AWE)
Process Heaps
Thread Stacks
Working Set
Shared Memory
System Virtual Address Space
Sessions Space
File System Cache
Page Tables (PTEs)
Page States
Pools

Objects and Handles

Object Name Space
Session Name Space
Symbolic links
Handle Tables
Objects
Reference Counting

Services

Services Architecture
Service Control Manager
SVCHost
Service Security
Window Stations and Desktops
Session Isolation

Security

Security Identifiers (SID)
Tokens
Impersonation
Security Descriptors
Rights & Privileges
Mandatory Integrity Levels
User Account Control (UAC)
Logon Process & Authentication

Devices and Drivers

Device Hierarchy
Boot & Critical Devices
Driver Staging
INF, PNF & CAT Files
Driver Signing
System & Device Power States
Sleep and Hibernation
Remote Wakeup

Dump Generation & Analysis

Dump Generation
Debugger Configuration
!analyze –v
Register Contexts
Hang vs. Crash Dumps
Analyzing Process State
Analyzing System State
Identifying Faulting Modules