Author: Pavel Yosifovich
Publisher: Microsoft Press
Release Date: 2017-05-05
The definitive guide–fully updated for Windows 10 and Windows Server 2016 Delve inside Windows architecture and internals, and see how core components work behind the scenes. Led by a team of internals experts, this classic guide has been fully updated for Windows 10 and Windows Server 2016. Whether you are a developer or an IT professional, you’ll get critical, insider perspectives on how Windows operates. And through hands-on experiments, you’ll experience its internal behavior firsthand–knowledge you can apply to improve application design, debugging, system performance, and support. This book will help you: · Understand the Window system architecture and its most important entities, such as processes and threads · Examine how processes manage resources and threads scheduled for execution inside processes · Observe how Windows manages virtual and physical memory · Dig into the Windows I/O system and see how device drivers work and integrate with the rest of the system · Go inside the Windows security model to see how it manages access, auditing, and authorization, and learn about the new mechanisms in Windows 10 and Server 2016
Delve inside Windows architecture and internals - and see how core components work behind the scenes. This classic guide has been fully updated for Windows 8.1 and Windows Server 2012 R2, and now presents its coverage in three volumes: Book 1, User Mode; Book 2, Kernel Mode; Book 3, Device Driver Models. In Book 1, you'll plumb Windows fundamentals, independent of platform - server, desktop, tablet, phone, Xbox. Coverage focuses on high-level functional descriptions of the various Windows components and features that interact with, or are manipulated by, user mode programs, or applications. You'll also examine management mechanisms and operating system components that are implemented in user mode, such as service processes. As always, you get critical insider perspectives on how Windows operates. And through hands-on experiments, you'll experience its internal behavior firsthand - knowledge you can apply to improve application design, debugging, system performance, and support. Planned chapters: Concepts & Tools; System Architecture; Windows Application Support; Windows Store Apps; Graphics & the Desktop; Management Mechanisms; User Mode Memory Management; Security; Storage; Networking; Hyper-V.
Author: Mark E. Russinovich
Publisher: Pearson Education
Release Date: 2012-09-15
Delve inside Windows architecture and internals—and see how core components work behind the scenes. Led by three renowned internals experts, this classic guide is fully updated for Windows 7 and Windows Server 2008 R2—and now presents its coverage in two volumes. As always, you get critical insider perspectives on how Windows operates. And through hands-on experiments, you’ll experience its internal behavior firsthand—knowledge you can apply to improve application design, debugging, system performance, and support. In Part 2, you’ll examine: Core subsystems for I/O, storage, memory management, cache manager, and file systems Startup and shutdown processes Crash-dump analysis, including troubleshooting tools and techniques
Author: Mark E. Russinovich
Publisher: Microsoft Press
Release Date: 2016-10-10
Optimize Windows system reliability and performance with Sysinternals IT pros and power users consider the free Windows Sysinternals tools indispensable for diagnosing, troubleshooting, and deeply understanding the Windows platform. In this extensively updated guide, Sysinternals creator Mark Russinovich and Windows expert Aaron Margosis help you use these powerful tools to optimize any Windows system’s reliability, efficiency, performance, and security. The authors first explain Sysinternals’ capabilities and help you get started fast. Next, they offer in-depth coverage of each major tool, from Process Explorer and Process Monitor to Sysinternals’ security and file utilities. Then, building on this knowledge, they show the tools being used to solve real-world cases involving error messages, hangs, sluggishness, malware infections, and much more. Windows Sysinternals creator Mark Russinovich and Aaron Margosis show you how to: Use Process Explorer to display detailed process and system information Use Process Monitor to capture low-level system events, and quickly filter the output to narrow down root causes List, categorize, and manage software that starts when you start or sign in to your computer, or when you run Microsoft Office or Internet Explorer Verify digital signatures of files, of running programs, and of the modules loaded in those programs Use Autoruns, Process Explorer, Sigcheck, and Process Monitor features that can identify and clean malware infestations Inspect permissions on files, keys, services, shares, and other objects Use Sysmon to monitor security-relevant events across your network Generate memory dumps when a process meets specified criteria Execute processes remotely, and close files that were opened remotely Manage Active Directory objects and trace LDAP API calls Capture detailed data about processors, memory, and clocks Troubleshoot unbootable devices, file-in-use errors, unexplained communication, and many other problems Understand Windows core concepts that aren’t well-documented elsewhere
A Guide to Kernel Exploitation: Attacking the Core discusses the theoretical techniques and approaches needed to develop reliable and effective kernel-level exploits, and applies them to different operating systems, namely, UNIX derivatives, Mac OS X, and Windows. Concepts and tactics are presented categorically so that even when a specifically detailed vulnerability has been patched, the foundational information provided will help hackers in writing a newer, better attack; or help pen testers, auditors, and the like develop a more concrete design and defensive structure. The book is organized into four parts. Part I introduces the kernel and sets out the theoretical basis on which to build the rest of the book. Part II focuses on different operating systems and describes exploits for them that target various bug classes. Part III on remote kernel exploitation analyzes the effects of the remote scenario and presents new techniques to target remote issues. It includes a step-by-step analysis of the development of a reliable, one-shot, remote exploit for a real vulnerabilitya bug affecting the SCTP subsystem found in the Linux kernel. Finally, Part IV wraps up the analysis on kernel exploitation and looks at what the future may hold. Covers a range of operating system families — UNIX derivatives, Mac OS X, Windows Details common scenarios such as generic memory corruption (stack overflow, heap overflow, etc.) issues, logical bugs and race conditions Delivers the reader from user-land exploitation to the world of kernel-land (OS) exploits/attacks, with a particular focus on the steps that lead to the creation of successful techniques, in order to give to the reader something more than just a set of tricks
Discover a clear, straightforward explanation of both current operating system theory and today’s practices within UNDERSTANDING OPERATING SYSTEMS, 8E. This leading book's proven approach begins with a valuable discussion of fundamentals before introducing specific operating systems. Fully updated, timely content offers an expanded analysis of how modern innovations, such as multi-core processing and wireless technologies, have impacted today’s operating systems. Revised Research Topics within this edition’s practical exercises encourage readers to research emerging and influential topics independently. In addition, updates throughout the final four chapters now highlight information on the most current versions of UNIX (including the latest Macintosh OS), Linux, Windows, and Android to equip users with the contemporary knowledge and skills needed to working most effectively with today’s systems. Important Notice: Media content referenced within the product description or the product text may not be available in the ebook version.
Author: Eldad Eilam
Publisher: John Wiley & Sons
Release Date: 2011-12-12
Beginning with a basic primer on reverse engineering-including computer internals, operating systems, and assembly language-and then discussing the various applications of reverse engineering, this book provides readers with practical, in-depth techniques for software reverse engineering. The book is broken into two parts, the first deals with security-related reverse engineering and the second explores the more practical aspects of reverse engineering. In addition, the author explains how to reverse engineer a third-party software library to improve interfacing and how to reverse engineer a competitor's software to build a better product. * The first popular book to show how software reverse engineering can help defend against security threats, speed up development, and unlock the secrets of competitive products * Helps developers plug security holes by demonstrating how hackers exploit reverse engineering techniques to crack copy-protection schemes and identify software targets for viruses and other malware * Offers a primer on advanced reverse-engineering, delving into "disassembly"-code-level reverse engineering-and explaining how to decipher assembly language
Author: Johnson M. Hart
Publisher: Pearson Education
Release Date: 2010-02-16
The Definitive Guide to Windows API Programming, Fully Updated for Windows 7, Windows Server 2008, and Windows Vista Windows System Programming, Fourth Edition, now contains extensive new coverage of 64-bit programming, parallelism, multicore systems, and many other crucial topics. Johnson Hart’s robust code examples have been updated and streamlined throughout. They have been debugged and tested in both 32-bit and 64-bit versions, on single and multiprocessor systems, and under Windows 7, Vista, Server 2008, and Windows XP. To clarify program operation, sample programs are now illustrated with dozens of screenshots. Hart systematically covers Windows externals at the API level, presenting practical coverage of all the services Windows programmers need, and emphasizing how Windows functions actually behave and interact in real-world applications. Hart begins with features used in single-process applications and gradually progresses to more sophisticated functions and multithreaded environments. Topics covered include file systems, memory management, exceptions, processes, threads, synchronization, interprocess communication, Windows services, and security. New coverage in this edition includes Leveraging parallelism and maximizing performance in multicore systems Promoting source code portability and application interoperability across Windows, Linux, and UNIX Using 64-bit address spaces and ensuring 64-bit/32-bit portability Improving performance and scalability using threads, thread pools, and completion ports Techniques to improve program reliability and performance in all systems Windows performance-enhancing API features available starting with Windows Vista, such as slim reader/writer locks and condition variables A companion Web site, jmhartsoftware.com, contains all sample code, Visual Studio projects, additional examples, errata, reader comments, and Windows commentary and discussion.
Use Windows debuggers throughout the development cycle—and build better software Rethink your use of Windows debugging and tracing tools—and learn how to make them a key part of test-driven software development. Led by a member of the Windows Fundamentals Team at Microsoft, you’ll apply expert debugging and tracing techniques—and sharpen your C++ and C# code analysis skills—through practical examples and common scenarios. Learn why experienced developers use debuggers in every step of the development process, and not just when bugs appear. Discover how to: Go behind the scenes to examine how powerful Windows debuggers work Catch bugs early in the development cycle with static and runtime analysis tools Gain practical strategies to tackle the most common code defects Apply expert tricks to handle user-mode and kernel-mode debugging tasks Implement postmortem techniques such as JIT and dump debugging Debug the concurrency and security aspects of your software Use debuggers to analyze interactions between your code and the operating system Analyze software behavior with Xperf and the Event Tracing for Windows (ETW) framework
This scenario-focused title provides concise technical guidance and insights for troubleshooting and optimizing storage with Hyper-V. Written by experienced virtualization professionals, this little book packs a lot of value into a few pages, offering a lean read with lots of real-world insights and best practices for Hyper-V storage optimization. Focused guide extends your knowledge and capabilities with Hyper-V storage in Windows Server 2012 Shares hands-on insights from a team of Microsoft virtualization experts Provides pragmatic troubleshooting and optimization guidance from the field
Author: Ed Wilson
Publisher: Pearson Education
Release Date: 2014-01-15
Expert recommendations, pragmatically applied. Automate system administration using Windows PowerShell best practices—and optimize your operational efficiency. With this practical guide, Windows PowerShell expert and instructor Ed Wilson delivers field-tested tips, real-world examples, and candid advice culled from administrators across a range of business and technical scenarios. If you’re an IT professional with Windows PowerShell experience, this book is ideal. Discover how to: Use Windows PowerShell to automate Active Directory tasks Explore available WMI classes and methods with CIM cmdlets Identify and track scripting opportunities to avoid duplication Use functions to encapsulate business logic and reuse code Design your script’s best input method and output destination Test scripts by checking their syntax and performance Choose the most suitable method for running remote commands Manage software services with Desired State Configuration
This is a book for curious people. It attempts to answer the basic question “how does it work?” As such, it does not explain how to call documented APIs and DDIs to accomplish some specific goal. There is plenty of information available on these subjects, including the MSDN Library, the WDK documentation and several excellent books. Rather, its purpose is to analyze how the Virtual Memory Manager works, simply because it is something worth knowing. With a certain mindset, it might even be something fun to know.Even though this book gives a fairly detailed description of the Virtual Memory Manager, it is not reserved for experienced kernel level programmers. Parts I and II provide information on the x64 processor and enough details on kernel mode code execution to help readers approaching these subjects for the first time.This book describes the Windows 7 x64 implementation of the Virtual Memory Manager. All of the analysis and experiments have been performed on this particular version only.
Microsoft Windows 8.1 and Windows Server 2012 R2 are designed to be the best performing operating systems to date, but even the best systems can be overwhelmed with load and/or plagued with poorly performing code. Windows Performance Analysis Field Guide gives you a practical field guide approach to performance monitoring and analysis from experts who do this work every day. Think of this book as your own guide to "What would Microsoft support do?" when you have a Windows performance issue. Author Clint Huffman, a Microsoft veteran of over fifteen years, shows you how to identify and alleviate problems with the computer resources of disk, memory, processor, and network. You will learn to use performance counters as the initial indicators, then use various tools to "dig in" to the problem, as well as how to capture and analyze boot performance problems. This field guide gives you the tools and answers you need to improve Microsoft Windows performance, including: Save money on optimizing Windows performance with deep technical troubleshooting that tells you "What would Microsoft do to solve this?" Includes performance counter templates so you can collect the right data the first time. Learn how to solve performance problems using free tools from Microsoft such as the Windows Sysinternals tools and more. In a rush? Chapter 1 Start Here gets you on the quick path to solving the problem. Also covers earlier versions such as Windows 7 and Windows Server 2008 R2.