下载地址:
下载地址1资源简介:
中文名: [深入解析Windows操作系统.第5版]原名: Microsoft.Press.Windows.Internals.5th.Edition作者: David Solomon & Mark Russinovich资源格式: PDF版本: 5th出版社: Microsoft Press地区: 美国语言: 英文简介: 目录: Table of ContentsForeword..........................................................xixAcknowledgments ..................................................xxiIntroduction ......................................................xxiii1 Concepts and Tools.......................................1Windows Operating System Versions....................................1Foundation Concepts and Terms........................................2Windows API....................................................2Services, Functions, and Routines..................................4Processes, Threads, and Jobs......................................5Virtual Memory ................................................14Kernel Mode vs. User Mode......................................16Terminal Services and Multiple Sessions ...........................19Objects and Handles............................................21Security .......................................................22Registry .......................................................23Unicode.......................................................23Digging into Windows Internals .......................................24Reliability and Performance Monitor..............................25Kernel Debugging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26Windows Software Development Kit..............................31Windows Driver Kit .............................................31Sysinternals Tools...............................................32Conclusion..........................................................322 System Architecture.....................................33Requirements and Design Goals.......................................33Operating System Model .............................................34Architecture Overview................................................35Portability .....................................................38Symmetric Multiprocessing ......................................39Scalability .....................................................43Differences Between Client and Server Versions ....................43Checked Build..................................................47Key System Components .............................................49Environment Subsystems and Subsystem DLLs .....................50Ntdll.dll .......................................................57Executive......................................................58Kernel.........................................................61Hardware Abstraction Layer......................................65Device Drivers..................................................68System Processes...............................................74Conclusion..........................................................833 System Mechanisms.....................................85Trap Dispatching.....................................................85Interrupt Dispatching ...........................................87Exception Dispatching..........................................114System Service Dispatching . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125Object Manager....................................................133Executive Objects..............................................136Object Structure...............................................138Synchronization ....................................................170High-IRQL Synchronization .....................................172Low-IRQL Synchronization......................................177System Worker Threads..............................................198Windows Global Flags...............................................200Advanced Local Procedure Calls (ALPCs)...............................202Kernel Event Tracing ................................................207Wow64............................................................211Wow64 Process Address Space Layout ...........................211System Calls ..................................................212Exception Dispatching..........................................212User Callbacks.................................................212File System Redirection.........................................212Registry Redirection and Reflection..............................213I/O Control Requests...........................................21416-Bit Installer Applications.....................................215Printing ......................................................215Restrictions ...................................................215User-Mode Debugging..............................................216Kernel Support................................................216Native Support................................................217Windows Subsystem Support ...................................219Image Loader ......................................................220Early Process Initialization ......................................222Loaded Module Database ......................................223Import Parsing ................................................226Post Import Process Initialization ................................227Hypervisor (Hyper-V) ...............................................228Partitions.....................................................230Root Partition.................................................230Child Partitions................................................232Hardware Emulation and Support ...............................234Kernel Transaction Manager .........................................240Hotpatch Support ..................................................242Kernel Patch Protection..............................................244Code Integrity......................................................246Conclusion.........................................................2484 Management Mechanisms ..............................249The Registry .......................................................249Viewing and Changing the Registry..............................249Registry Usage ................................................250Registry Data Types............................................251Registry Logical Structure.......................................252Transactional Registry (TxR).....................................260Monitoring Registry Activity ....................................262Registry Internals..............................................266Services ...........................................................281Service Applications ...........................................282The Service Control Manager ...................................300Service Startup................................................303Startup Errors .................................................307Accepting the Boot and Last Known Good........................308Service Failures................................................310Service Shutdown .............................................311Shared Service Processes .......................................313Service Tags...................................................316Service Control Programs.......................................317Windows Management Instrumentation...............................318Providers .....................................................319The Common Information Model and the Managed ObjectFormat Language..............................................320Class Association ..............................................325WMI Implementation ..........................................327WMI Security .................................................329Windows Diagnostic Infrastructure....................................329WDI Instrumentation...........................................330Diagnostic Policy Service .......................................330Diagnostic Functionality ........................................332Conclusion.........................................................3335 Processes, Threads, and Jobs.............................335Process Internals....................................................335Data Structures................................................335Kernel Variables ...............................................342Performance Counters .........................................343Relevant Functions.............................................344Protected Processes.................................................346Flow of CreateProcess ...............................................348Stage 1: Converting and Validating Parameters and Flags...........350Stage 2: Opening the Image to Be Executed ......................351Stage 3: Creating the Windows Executive Process Object(PspAllocateProcess)............................................354Stage 4: Creating the Initial Thread and Its Stack and Context .......359Stage 5: Performing Windows Subsystem–SpecificPost-Initialization..............................................360Stage 6: Starting Execution of the Initial Thread ...................362Stage 7: Performing Process Initialization in the Context of theNew Process ..................................................363Thread Internals ....................................................370Data Structures................................................370Kernel Variables ...............................................379Performance Counters .........................................379Relevant Functions.............................................380Birth of a Thread ..............................................380Examining Thread Activity ...........................................381Limitations on Protected Process Threads.........................384Worker Factories (Thread Pools) ......................................386Thread Scheduling..................................................391Overview of Windows Scheduling ...............................391Priority Levels.................................................393Windows Scheduling APIs ......................................395Relevant Tools.................................................396Real-Time Priorities ............................................399Thread States .................................................400Dispatcher Database...........................................404Quantum.....................................................406Scheduling Scenarios...........................................413Context Switching .............................................418Idle Thread ...................................................418Priority Boosts ................................................419Multiprocessor Systems ........................................434Multiprocessor Thread-Scheduling Algorithms ....................442CPU Rate Limits ...............................................444Job Objects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 445Conclusion.........................................................4506 Security...............................................451Security Ratings ....................................................451Trusted Computer System Evaluation Criteria......................451The Common Criteria ..........................................453Security System Components ........................................454Protecting Objects..................................................458Access Checks.................................................459Security Descriptors and Access Control ..........................484Account Rights and Privileges ........................................501Account Rights................................................502Privileges.....................................................503Super Privileges ...............................................509Security Auditing ...................................................511Logon.............................................................513Winlogon Initialization .........................................515User Logon Steps..............................................516User Account Control ...............................................520Virtualization .................................................521Elevation .....................................................528Software Restriction Policies .........................................533Conclusion.........................................................5357 I/O System ............................................537I/O System Components.............................................537The I/O Manager ..............................................539Typical I/O Processing..........................................540Device Drivers......................................................541Types of Device Drivers.........................................541Structure of a Driver ...........................................547Driver Objects and Device Objects...............................550Opening Devices ..............................................555I/O Processing......................................................562Types of I/O...................................................563I/O Request to a Single-Layered Driver...........................572I/O Requests to Layered Drivers .................................578I/O Cancellation...............................................587I/O Completion Ports ..........................................592I/O Prioritization...............................................598Driver Verifier.................................................604Kernel-Mode Driver Framework (KMDF)...............................606Structure and Operation of a KMDF Driver........................607KMDF Data Model.............................................608KMDF I/O Model ..............................................612User-Mode Driver Framework (UMDF) ................................616The Plug and Play (PnP) Manager.....................................619Level of Plug and Play Support..................................620Driver Support for Plug and Play ................................621Driver Loading, Initialization, and Installation .....................623Driver Installation..............................................632The Power Manager.................................................636Power Manager Operation......................................638Driver Power Operation ........................................639Driver and Application Control of Device Power...................643Conclusion.........................................................6448 Storage Management...................................645Storage Terminology................................................645Disk Drivers........................................................646Winload......................................................646Disk Class, Port, and Miniport Drivers ............................647Disk Device Objects............................................650Partition Manager .............................................651Volume Management ...............................................652Basic Disks ....................................................653Dynamic Disks ................................................656Multipartition Volume Management.............................661The Volume Namespace........................................667Volume I/O Operations.........................................674Virtual Disk Service ............................................675BitLocker Drive Encryption...........................................677BitLocker Architecture..........................................677Encryption Keys ...............................................679Trusted Platform Module (TPM) .................................681BitLocker Boot Process .........................................683BitLocker Key Recovery.........................................684Full Volume Encryption Driver...................................686BitLocker Management.........................................687Volume Shadow Copy Service........................................688Shadow Copies................................................688VSS Architecture...............................................688VSS Operation ................................................689Uses in Windows ..............................................692Conclusion.........................................................6989 Memory Management..................................699Introduction to the Memory Manager.................................699Memory Manager Components .................................700Internal Synchronization........................................701Examining Memory Usage......................................701Services the Memory Manager Provides...............................704Large and Small Pages .........................................705Reserving and Committing Pages................................706Locking Memory ..............................................707Allocation Granularity..........................................708Shared Memory and Mapped Files...............................709Protecting Memory............................................711No Execute Page Protection ....................................713Copy-on-Write................................................718Address Windowing Extensions .................................719Kernel-Mode Heaps (System Memory Pools) . . . . . . . . . . . . . . . . . . . . . . . . . . . 721Pool Sizes.....................................................722Monitoring Pool Usage.........................................724Look-Aside Lists...............................................728Heap Manager .....................................................729Types of Heaps................................................730Heap Manager Structure .......................................731Heap Synchronization..........................................732The Low Fragmentation Heap...................................732Heap Security Features.........................................733Heap Debugging Features......................................734Pageheap.....................................................735Virtual Address Space Layouts........................................736x86 Address Space Layouts .....................................737x86 System Address Space Layout ...............................740x86 Session Space .............................................740System Page Table Entries ......................................74464-Bit Address Space Layouts...................................74564-Bit Virtual Addressing Limitations.............................749Dynamic System Virtual Address Space Management ..............751System Virtual Address Space Quotas ............................756User Address Space Layout .....................................757Address Translation .................................................761x86 Virtual Address Translation..................................762Translation Look-Aside Buffer ...................................768Physical Address Extension (PAE) ................................769IA64 Virtual Address Translation.................................772x64 Virtual Address Translation..................................773Page Fault Handling.................................................774Invalid PTEs...................................................775Prototype PTEs................................................776In-Paging I/O .................................................778Collided Page Faults ...........................................779Clustered Page Faults ..........................................779Page Files.....................................................780Stacks.............................................................784User Stacks ...................................................785Kernel Stacks..................................................786DPC Stack ....................................................787Virtual Address Descriptors ..........................................787Process VADs .................................................788Rotate VADs ..................................................790NUMA ............................................................791Section Objects.....................................................792Driver Verifier ......................................................799Page Frame Number Database .......................................803Page List Dynamics ............................................807Page Priority..................................................809Modified Page Writer ..........................................812PFN Data Structures ...........................................814Physical Memory Limits..............................................818Windows Client Memory Limits .................................819Working Sets.......................................................822Demand Paging...............................................823Logical Prefetcher .............................................823Placement Policy ..............................................827Working Set Management......................................828Balance Set Manager and Swapper ..............................831System Working Set............................................832Memory Notification Events ....................................833Proactive Memory Management (SuperFetch)..........................836Components..................................................836Tracing and Logging...........................................838Scenarios.....................................................840Page Priority and Rebalancing ..................................840Robust Performance ...........................................843ReadyBoost...................................................844ReadyDrive ...................................................845Conclusion.........................................................84710 Cache Manager........................................849Key Features of the Cache Manager...................................849Single, Centralized System Cache................................850The Memory Manager .........................................850Cache Coherency ..............................................850Virtual Block Caching ..........................................852Stream-Based Caching .........................................852Recoverable File System Support ................................853Cache Virtual Memory Management..................................854Cache Size .........................................................855Cache Virtual Size .............................................855Cache Working Set Size ........................................856Cache Physical Size ............................................858Cache Data Structures...............................................859Systemwide Cache Data Structures...............................860Per-File Cache Data Structures ..................................862File System Interfaces ...............................................868Copying to and from the Cache .................................869Caching with the Mapping and Pinning Interfaces .................870Caching with the Direct Memory Access Interfaces ................872Fast I/O............................................................873Read Ahead and Write Behind........................................875Intelligent Read-Ahead.........................................875Write-Back Caching and Lazy Writing............................877Write Throttling ...............................................885System Threads................................................886Conclusion.........................................................88711 File Systems ...........................................889Windows File System Formats . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 890CDFS.........................................................890UDF..........................................................891FAT12, FAT16, and FAT32 .......................................891exFAT ........................................................894NTFS.........................................................895File System Driver Architecture .......................................895Local FSDs....................................................896Remote FSDs..................................................897File System Operation..........................................901File System Filter Drivers........................................907Troubleshooting File System Problems.................................908Process Monitor Basic vs. Advanced Modes.......................908Process Monitor Troubleshooting Techniques .....................909Common Log File System............................................910NTFS Design Goals and Features......................................918High-End File System Requirements..............................918Advanced Features of NTFS.....................................920NTFS File System Driver..............................................934NTFS On-Disk Structure .............................................937Volumes......................................................937Clusters ......................................................937Master File Table ..............................................938File Reference Numbers ........................................942File Records...................................................942File Names....................................................945Resident and Nonresident Attributes.............................948Data Compression and Sparse Files ..............................951The Change Journal File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 956Indexing......................................................960Object IDs ....................................................961Quota Tracking................................................962Consolidated Security..........................................963Reparse Points ................................................965Transaction Support ...........................................965NTFS Recovery Support .............................................974Design .......................................................975Metadata Logging.............................................976Recovery .....................................................981NTFS Bad-Cluster Recovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 985Self-Healing...................................................989Encrypting File System Security.......................................990Encrypting a File for the First Time...............................993The Decryption Process ........................................998Backing Up Encrypted Files .....................................999Conclusion........................................................100012 Networking ..........................................1001Windows Networking Architecture...................................1001The OSI Reference Model ......................................1001Windows Networking Components.............................1003Networking APIs...................................................1006Windows Sockets.............................................1006Winsock Kernel (WSK).........................................1012Remote Procedure Call........................................1014Web Access APIs..............................................1018Named Pipes and Mailslots ....................................1021NetBIOS.....................................................1027Other Networking APIs........................................1030Multiple Redirector Support.........................................1033Multiple Provider Router ......................................1034Multiple UNC Provider ........................................1037Name Resolution ..................................................1039Domain Name System.........................................1039Windows Internet Name Service................................1039Peer Name Resolution Protocol ................................1039Location and Topology.............................................1042Network Location Awareness (NLA) .............................1042Link-Layer Topology Discovery (LLTD)...........................1043Protocol Drivers ...................................................1044Windows Filtering Platform (WFP) ..............................1047NDIS Drivers ......................................................1053Variations on the NDIS Miniport ................................1057Connection-Oriented NDIS ....................................1057Remote NDIS ................................................1060QoS.........................................................1062Binding...........................................................1064Layered Network Services ..........................................1066Remote Access ...............................................1066Active Directory..............................................1066Network Load Balancing ......................................1068Distributed File System and DFS Replication......................1069Conclusion........................................................107113 Startup and Shutdown.................................1073Boot Process ......................................................1073BIOS Preboot ................................................1073The BIOS Boot Sector and Bootmgr.............................1077The EFI Boot Process..........................................1086Initializing the Kernel and Executive Subsystems..................1088Smss, Csrss, and Wininit .......................................1094ReadyBoot...................................................1099Images That Start Automatically ................................1100Troubleshooting Boot and Startup Problems ..........................1101Last Known Good.............................................1101Safe Mode...................................................1101Windows Recovery Environment (WinRE)........................1106Solving Common Boot Problems ...............................1109Shutdown.........................................................1115Conclusion........................................................111814 Crash Dump Analysis ..................................1119Why Does Windows Crash? .........................................1119The Blue Screen ...................................................1120Troubleshooting Crashes............................................1124Crash Dump Files ..................................................1125Crash Dump Generation.......................................1130Windows Error Reporting...........................................1131Online Crash Analysis ..............................................1133Basic Crash Dump Analysis ..........................................1134Notmyfault ..................................................1134Basic Crash Dump Analysis.....................................1135Verbose Analysis .............................................1137Using Crash Troubleshooting Tools...................................1139Buffer Overrun, Memory Corruptions, and Special Pool ...........1140Code Overwrite and System Code Write Protection...............1143Advanced Crash Dump Analysis .....................................1144Stack Trashes.................................................1145Hung or Unresponsive Systems.................................1147When There Is No Crash Dump.................................1150Conclusion........................................................1152Glossary .........................................................1153Index ...........................................................1185
飞网下载站,免费下载共享资料,内容涉及教育资源、专业资料、IT资源、娱乐生活、经济管理、办公文书、游戏资料等。
