|INT201: Windows Internals|
This seminar presents the internal design and implementation of current Windows operating systems.
Applications developers; systems software developers; device driver developers; system administrators; system integrators; hardware OEMs; I.T. support personnel
In this seminar you will learn the “internals” of the most important areas of the Windows operating system.
All modern operating systems perform variations of the same core functions. In this seminar we examine how those functions are implemented on Windows; how the Windows implementation is similar in some ways, but different in others, to those of other operating systems; and, most important, the implications of these details on the system’s behavior, on the behavior of applications, and on the design of applications and device drivers.
We examine several key parts of the system, including thread scheduling, memory management, kernel object protection, and security access controls, in thorough detail. We will introduce the kernel debugger and use it to examine the system, along with several more traditional monitoring tools.
This information is vital for application developers, who need to know the impact on the system of various design approaches and of specific APIs; for system administrators, who need to be able to properly configure Windows systems and to see and understand the effects of their decisions; for anyone attempting support, performance optimization, or troubleshooting on Windows operating systems; for device driver writers; and for those evaluating or administering Windows security.
You will also learn how the operation and performance of each system mechanism we describe is reflected in the various system monitoring tools. And while this is not specifically a debugging or troubleshooting seminar, the information here is essential for any type of problem analysis.
Tools and terminology
System architecture overview
User mode components
Kernel mode components
Program execution environment
User-to-kernel call implementation
Operating system execution contexts and environment
Kernel mode stacks
Kernel mode memory heaps (pools)
Interrupt request levels (IRQLs)
Review of execution contexts
Scheduling and waiting
Virtual address translation
Memory management data structures
Physical memory management
Experience using, administering, or developing for Windows operating systems; familiarity with basic operating system concepts
This seminar primarily addresses Windows 7, Windows Server 2008, and Windows Vista. Most of the material is applicable to earlier versions of Windows. Windows 2000, Windows XP, and/or Windows Server 2003 can be specifically addressed upon request.
Duration and formats
3 days with labs
Lab exercises for this seminar are designed to induce the various system behaviors described, and then to show the results via the various system monitoring tools that are presented.
In the “lecture only” version, equivalent demonstrations are performed on the instructor’s machine. Sufficient information is included in the handout to permit the attendees to reproduce the same demonstrations later, on their own systems.
This seminar is available in two-day, lecture-only versions tailored to specific needs. Please see:
INT150, Windows Internals Essentials for System Administrators
INT151, Windows Internals Essentials for Application Developers
DRV150, Windows Internals Essentials for Device Driver Developers