Windows Internal Architecture

Duration 5 days lecture + hands-on lab
Audience Product support engineers, hardware and software QA engineers, field application engineers, application developers and device driver developers
Pre-requisites Understanding of operating system concepts is required.
Description This hands-on course covers the architecture and internals of various Windows user and kernel mode components which applications, device drivers and file system drivers interface with. Hands on labs throughout the course re-enforces the theory and demonstrates the use of various tools to dig into the internals of the operating system.
Upon completion of this intermediate level course, attendees will develop a good understanding of 'behind the scenes' working of the Windows operating system, be able to apply this knowledge to make better design decisions, develop code to take full advantage of OS features, diagnose problems more effectively, become aware of the merits and pitfalls of various kernel APIs and be able to use the kernel debugger to investigate the state of device drivers and the kernel.
System Architecture
  • Product Packaging
  • Architectural Overview
  • System Components
  • System Service Dispatching
  • Symmetric Multiprocessing
  • Environment Subsystems
Process Manager
  • Portable Executable Files
  • Processes
  • Threads
  • Priorities
  • Scheduling
  • Quantum
  • Jobs
  • Fibers
  • Sessions
  • Synchronization
Memory Manager
  • Virtual Memory
  • Address Translation
  • PFN Database
  • Memory Allocation
  • Page Faults
  • VADs
  • AWE, PAE & NUMA
Object Manager
  • Objects & Handles
  • Object Namespace
  • Symbolic Links
  • Object Structure
Inter-Process Communication
  • Kernel Objects
  • Shared Memory
  • Local Procedure Calls (LPC)
  • Named Pipes
  • Mailslots
  • Sockets
  • RPC
  • DCOM
  • Window Messages
Security
  • Security Components
  • Security Terminology
  • Security Mechanisms
  • Login Process
  • User Account Control (UAC)
Registry
  • Registry Concepts
  • Registry Organization
  • Registry Storage
  • Registry Redirection
  • Registry Virtualization
Services
  • Services Architecture
  • Service Control Manager
  • Services Host
  • Security Contexts
  • Service Hardening
Kernel Mode Concepts
  • Interrupts
  • Exceptions
  • IRQLs
  • Spin Locks
  • DPCs
  • APCs
  • Pools
  • Lookaside Lists
  • Page Locking
Device Drivers
  • Device Drivers
  • Driver Models
  • Driver Types
  • Driver Architecture
  • I/O Requests
  • I/O Completion
  • I/O Cancellation
  • Driver Layering
  • Driver Verifier
Plug and Play
  • Hardware Devices and Busses
  • PnP Driver Types
  • Device Enumeration
  • Device Object Types
  • Coinstallers, Class Installers, SetupDI APIs
  • Driver Signing
Power Management
  • Power Plane
  • System Power States
  • Device Power States
  • Remote Wakeup
Cache Manger
  • Cache Manager Architecture
  • Cache Manager Data Structures
  • File Caching Types
  • Cache Manager Interfaces
  • Cache Manager Operation
File System Drivers (FSDs)
  • FSD Architecture
  • Storage Stack
  • Data Structures
  • FSD Entry Points
  • FSD Requests
  • Reparse Points
  • File System Filter Drivers
  • Filter Manager

Copyright (c)1999-2007 CodeMachine Incorporated. All Rights Reserved. Last Updated Mar 7th, 2007.