Appendix A. Contents of Windows Internals, Sixth Edition, Part 1


          Introduction
Chapter 1 Concepts and Tools
          Windows Operating System Versions
          Foundation Concepts and Terms
                  Windows API
                  Services, Functions, and Routines
                  Processes, Threads, and Jobs
                  Virtual Memory
                  Kernel Mode vs. User Mode
                  Terminal Services and Multiple Sessions
                  Objects and Handles
                  Security
                  Registry
                  Unicode
          Digging into Windows Internals
                  Performance Monitor
                  Kernel Debugging
                  Windows Software Development Kit
                  Windows Driver Kit
                  Sysinternals Tools
          Conclusion
Chapter 2 System Architecture
          Requirements and Design Goals
          Operating System Model
          Architecture Overview
                  Portability
                  Symmetric Multiprocessing
                  Scalability
                  Differences Between Client and Server Versions
                  Checked Build
          Key System Components
                  Environment Subsystems and Subsystem DLLs
                  Ntdll.dll
                  Executive
                  Kernel
                  Hardware Abstraction Layer
                  Device Drivers
                  System Processes
          Conclusion
Chapter 3 System Mechanisms
          Trap Dispatching
                  Interrupt Dispatching
                  Timer Processing
                  Exception Dispatching
                  System Service Dispatching
          Object Manager
                  Executive Objects
                  Object Structure
          Synchronization
                  High-IRQL Synchronization
                  Low-IRQL Synchronization
          System Worker Threads
          Windows Global Flags
          Advanced Local Procedure Call
                  Connection Model
                  Message Model
                  Asynchronous Operation
                  Views, Regions, and Sections
                  Attributes
                  Blobs, Handles, and Resources
                  Security
                  Performance
                  Debugging and Tracing
          Kernel Event Tracing
          Wow64
                  Wow64 Process Address Space Layout
                  System Calls
                  Exception Dispatching
                  User APC Dispatching
                  Console Support
                  User Callbacks
                  File System Redirection
                  Registry Redirection
                  I/O Control Requests
                  16-Bit Installer Applications
                  Printing
                  Restrictions
          User-Mode Debugging
                  Kernel Support
                  Native Support
                  Windows Subsystem Support
          Image Loader
                  Early Process Initialization
                  DLL Name Resolution and Redirection
                  Loaded Module Database
                  Import Parsing
                  Post-Import Process Initialization
                  SwitchBack
                  API Sets
          Hypervisor (Hyper-V)
                  Partitions
                  Parent Partition
                  Child Partitions
                  Hardware Emulation and Support
          Kernel Transaction Manager
          Hotpatch Support
          Kernel Patch Protection
          Code Integrity
          Conclusion
Chapter 4 Management Mechanisms
          The Registry
                  Viewing and Changing the Registry
                  Registry Usage
                  Registry Data Types
                  Registry Logical Structure
                  Transactional Registry (TxR)
                  Monitoring Registry Activity
                  Process Monitor Internals
                  Registry Internals
          Services
                  Service Applications
                  The Service Control Manager
                  Service Startup
                  Startup Errors
                  Accepting the Boot and Last Known Good
                  Service Failures
                  Service Shutdown
                  Shared Service Processes
                  Service Tags
          Unified Background Process Manager
                  Initialization
                  UBPM API
                  Provider Registration
                  Consumer Registration
                  Task Host
                  Service Control Programs
          Windows Management Instrumentation
                  Providers
                  The Common Information Model and the Managed Object
                  Format Language
                  Class Association
                  WMI Implementation
                  WMI Security
           Windows Diagnostic Infrastructure
                  WDI Instrumentation
                  Diagnostic Policy Service
                  Diagnostic Functionality
          Conclusion
Chapter 5 Processes, Threads, and Jobs
          Process Internals
                  Data Structures
          Protected Processes
          Flow of CreateProcess
                  Stage 1: Converting and Validating Parameters and Flags
                  Stage 2: Opening the Image to Be Executed
                  Stage 3: Creating the Windows Executive Process Object (PspAllocateProcess)
                  Stage 4: Creating the Initial Thread and Its Stack and Context
                  Stage 5: Performing Windows Subsystem–Specific Post-Initialization
                  Stage 6: Starting Execution of the Initial Thread
                  Stage 7: Performing Process Initialization in the Context of the New Process
          Thread Internals
                  Data Structures
                  Birth of a Thread
          Examining Thread Activity
                  Limitations on Protected Process Threads
          Worker Factories (Thread Pools)
          Thread Scheduling
                  Overview of Windows Scheduling
                  Priority Levels
                  Thread States
                  Dispatcher Database
                  Quantum
                  Priority Boosts
                  Context Switching
                  Scheduling Scenarios
                  Idle Threads
                  Thread Selection
                  Multiprocessor Systems
                  Thread Selection on Multiprocessor Systems
                  Processor Selection
          Processor Share-Based Scheduling
                  Distributed Fair Share Scheduling
                  CPU Rate Limits
          Dynamic Processor Addition and Replacement
          Job Objects
                  Job Limits
                  Job Sets
          Conclusion
Chapter 6 Security
          Security Ratings
                  Trusted Computer System Evaluation Criteria
                  The Common Criteria
          Security System Components
          Protecting Objects
                  Access Checks
                  Security Identifiers
                  Virtual Service Accounts
                  Security Descriptors and Access Control
          The AuthZ API
          Account Rights and Privileges
                  Account Rights
                  Privileges
                  Super Privileges
          Access Tokens of Processes and Threads
          Security Auditing
                  Object Access Auditing
                  Global Audit Policy
                  Advanced Audit Policy Settings
          Logon
                  Winlogon Initialization
                  User Logon Steps
                  Assured Authentication
                  Biometric Framework for User Authentication
          User Account Control and Virtualization
                  File System and Registry Virtualization
                  Elevation
          Application Identification (AppID)
          AppLocker
          Software Restriction Policies
          Conclusion
Chapter 7 Networking
          Windows Networking Architecture
                  The OSI Reference Model
                  Windows Networking Components
          Networking APIs
                  Windows Sockets
                  Winsock Kernel
                  Remote Procedure Call
                  Web Access APIs
                  Named Pipes and Mailslots
                  NetBIOS
                  Other Networking APIs
          Multiple Redirector Support
                  Multiple Provider Router
                  Multiple UNC Provider
                  Surrogate Providers
                  Redirector
                  Mini-Redirectors
                  Server Message Block and Sub-Redirectors
          Distributed File System Namespace
          Distributed File System Replication
          Offline Files
                  Caching Modes
                  Ghosts
                  Data Security
                  Cache Structure
          BranchCache
                  Caching Modes
                  BranchCache Optimized Application Retrieval: SMB Sequence
                  BranchCache Optimized Application Retrieval: HTTP Sequence
          Name Resolution
                  Domain Name System
                  Peer Name Resolution Protocol
          Location and Topology
                  Network Location Awareness
                  Network Connectivity Status Indicator
                  Link-Layer Topology Discovery
          Protocol Drivers
                  Windows Filtering Platform
          NDIS Drivers
                  Variations on the NDIS Miniport
                  Connection-Oriented NDIS
                  Remote NDIS
                  QoS
          Binding
          Layered Network Services
                  Remote Access
                  Active Directory
                  Network Load Balancing
                  Network Access Protection
                  Direct Access
          Conclusion
          Index