Home | FAQ | Contact

Private Seminars
Public Seminars
Course Descriptions
Instructors
Resources

APP210
CMB221
DBG211
DBG214
DBG311
DRV101
DRV150
DRV201
DRV202
DRV203
DRV204
DRV205
DRV211
DRV221
DRV222
DRV231
DRV232
DRV233
DRV251
DRV264
DRV274
DRV301
DRV350
DRV360
INT150
INT151
INT201
INT205
INT250
INT410
OFF201
SEC230
SEC240
WSC150
WSC250

INT201: Windows Internals

This seminar presents the internal design and implementation of current Windows operating systems.

Level

Intermediate

Audience

Applications developers; systems software developers; device driver developers; system administrators; system integrators; hardware OEMs; I.T. support personnel

Description

In this seminar you will learn the “internals” of the most important areas of the Windows operating system.

All modern operating systems perform variations of the same core functions. In this seminar we examine how those functions are implemented on Windows; how the Windows implementation is similar in some ways, but different in others, to those of other operating systems; and, most important, the implications of these details on the system’s behavior, on the behavior of applications, and on the design of applications and device drivers.

We examine several key parts of the system, including thread scheduling, memory management, kernel object protection, and security access controls, in thorough detail. We will introduce the kernel debugger and use it to examine the system, along with several more traditional monitoring tools.

This information is vital for application developers, who need to know the impact on the system of various design approaches and of specific APIs; for system administrators, who need to be able to properly configure Windows systems and to see and understand the effects of their decisions; for anyone attempting support, performance optimization, or troubleshooting on Windows operating systems; for device driver writers; and for those evaluating or administering Windows security.  

You will also learn how the operation and performance of each system mechanism we describe is reflected in the various system monitoring tools. And while this is not specifically a debugging or troubleshooting seminar, the information here is essential for any type of problem analysis.

Topics

  • Tools and terminology

  • System architecture overview

    • User mode components

    • Kernel mode components

  • Program execution environment

    • Process and threads

    • Address spaces

    • Services and other "background" mechanisms

  • Environment subsystems

  • User-to-kernel call implementation

    • Executive objects and handles

    • Security access controls

  • Operating system execution contexts and environment

    • Kernel mode stacks

    • Kernel mode memory heaps (pools)

    • Interrupt request levels (IRQLs)

    • System threads

    • Review of execution contexts

  • Scheduling and waiting

    • Thread priorities

    • Scheduling scenarios

    • Multiprocessor issues: Hard and soft affinity

    • Wait and unwait

    • Other optimizations

  • Memory management

    • Address spaces

    • Virtual address translation

    • Paging

    • Memory management data structures

    • Physical memory management

  • I/O subsystem

    • I/O requests

    • Device driver architecture

    • File systems

    • File system cache

    • Networking

Prerequisites

Experience using, administering, or developing for Windows operating systems; familiarity with basic operating system concepts

Windows versions

This seminar primarily addresses Windows 7, Windows Server 2008, and Windows Vista. Most of the material is applicable to earlier versions of Windows. Windows 2000, Windows XP, and/or Windows Server 2003 can be specifically addressed upon request. 

Duration and formats

3 days with labs

Labs

Lab exercises for this seminar are designed to induce the various system behaviors described, and then to show the results via the various system monitoring tools that are presented.

In the “lecture only” version, equivalent demonstrations are performed on the instructor’s machine. Sufficient information is included in the handout to permit the attendees to reproduce the same demonstrations later, on their own systems. 

Short formats

This seminar is available in two-day, lecture-only versions tailored to specific needs. Please see:

INT150, Windows Internals Essentials for System Administrators
INT151, Windows Internals Essentials for Application Developers
DRV150, Windows Internals Essentials for Device Driver Developers

 

Too much information?
Many have told us that they'd love to take this seminar but just can't afford this much time "off the line." If that's your situation, please see the short formats section below. 
 
Copyright © 2012 by Azius LLC