书籍详情
![《深入解析Windows操作系统卷1》[50M]百度网盘|亲测有效|pdf下载](/uploads/s0309/9ebb50495d36a2a5.jpg)
深入解析Windows操作系统卷1
- 出版社:文轩网旗舰店
- 出版时间:2018-11
- 热度:6995
- 上架时间:2024-06-30 09:08:33
- 价格:0.0
书籍下载
书籍预览
免责声明
本站支持尊重有效期内的版权/著作权,所有的资源均来自于互联网网友分享或网盘资源,一旦发现资源涉及侵权,将立即删除。希望所有用户一同监督并反馈问题,如有侵权请联系站长或发送邮件到ebook666@outlook.com,本站将立马改正
内容介绍
![]()
![]()
![]()
![]()
![]()
![目录]()
![内容简介]()
![作者简介]()
![]()
作 者:(以)帕维尔·尤西夫维奇(Pavel Yosifovich) 等 著
定 价:128
出 版 社:人民邮电出版社
出版日期:2018年11月01日
页 数:784
装 帧:平装
ISBN:9787115491800
●Introduction/引言i
1 Concepts and tools/章 概念和工具1
1.1 Windows operating system versions/Windows操作系统版本1
1.1.1 Windows 10 and future Windows versions/
Windows 10和后续Windows版本3
1.1.2 Windows 10 and OneCore/Windows 10和Windows系统核心3
1.2 Foundation concepts and terms/基本概念和术语4
1.2.1 Windows API/Windows API4
1.2.2 Services, functions, and routines/服务、功能和例行程序7
1.2.3 Processes/进程8
1.2.4 Threads/线程18
1.2.5 Jobs/作业20
1.2.6 Virtual memory/虚拟内存21
1.2.7 Kernel mode vs. user mode/内核模式vs用户模式23
1.2.8 Hypervisor/虚拟机管理程序27
1.2.9 Firmware/固件版本29
1.3.0 Terminal Services and ltiple sessions/终端服务和多会话29
1.3.1 Objects and handles/对象和处理30
1.3.2 Security/安全31
1.3.3 Registry/注册表32
1.3.4 Unicode/Unicode编码33
1.3 Digging into Windows internals/深入挖掘Windows内部35
1.3.1 Performance Monitor and Resource Monitor/
性能监控和资源监控36
1.3.2 Kernel debugging/内核调试38
1.3.3 Windows Software Development Kit/Windows SDK43
1.3.4 Windows Driver Kit/Windows驱动套件43
1.3.5 Sysinternals tools/五大利器44
1.4 结论44
2 System architecture/第 2章 系统架构45
2.1 Requirements and design goals/需求和设计目标45
2.2 Operating system model/操作系统模型46
2.3 Architecture overview/架构概述47
2.3.1 Portability/可移植性50
2.3.2 Symmetric ltiprocessing/对称多处理51
2.3.3 Scalability/可扩展性53
2.3.4 Differences between client and server versions/
客户端和服务端版本的差异54
2.3.5 Checked build/已验证版本57
2.4 Virtualization-based security architecture overview/
基于虚拟化技术的安全架构概述59
2.5 Key system components/核心系统组件61
2.5.1 Environment subsystems and subsystem DLLs/
环境子系统和子系统DLL62
2.5.2 Other subsystems/其他子系统68
2.5.3 Executive/执行性72
2.5.4 Kernel/内核75
2.5.5 Hardware abstraction layer/硬件抽象层79
2.5.6 Device drivers/设备驱动82
2.5.7 System processes/系统进程88
2.6 Conclusion/结论99
3 Processes and jobs/第3章 进程和作业101
3.1 Creating a process/创建一个进程101
3.1.1 CreateProcess* functions arguments/CreateProcess*函数参数102
3.1.2 Creating Windows modern processes/创建Windows进程103
3.1.3 Creating other kinds of processes/创建其他类型线程104
3.2 Process internals/进程核心105
3.3 Protected processes/受保护的进程113
3.3.1 Protected Process Light (PPL)/PPL115
3.3.2 Third-party PPL support/第三方PPL支持119
3.4 Minimal and Pico processes/小进程和微进程120
3.4.1 Minimal processes/小进程120
3.4.2 Pico processes/微进程121
3.5 Trustlets (secure processes)/Trustlets(安全进程)123
3.5.1 Trustlet structure/Trustlet结构123
3.5.2 Trustlet policy metadata/Trustlet策略元数据124
3.5.3 Trustlet attributes/Trustlet属性125
3.5.4 System built-in Trustlets/系统内置Trustlets125
3.5.5 Trustlet identity/Trustlet标识126
3.5.6 Isolated user-mode services/隔离的用户模式服务127
3.5.7 Trustlet-accessible system calls/Trustlet可访问的系统调用128
3.6 Flow of CreateProcess/创建进程流程129
3.6.1 Stage 1: Converting and validating parameters andflags/
阶段1:转换并验证参数和标记131
3.6.2 Stage 2: Opening the image to be executed/
阶段2:打开要执行的镜像135
3.6.3 Stage 3: Creating the Windows executive process object/
阶段3:创建Windows可执行进程对象138
3. Stage 4: Creating the initial thread and its stack and context/
阶段4:创建初始线程以及它的堆栈和上下文144
3.6.5 Stage 5: Performing Windows subsystem–specific initialization/
阶段5:执行Windows子系统的特殊初始化146
3.6.6 Stage 6: Starting execution of the initial thread/
阶段6:开始执行初始线程148
3.6.7 Stage 7: Performing process initialization in the context of the new process/
阶段7:在新进程中的上下文执行进程初始化148
3.7 Terminating a process/终止一个进程154
3.8 Image loader/镜像加载器155
3.8.1 Early process initialization/早期进程初始化157
3.8.2 DLL name resolution and redirection/DLL名称解析和重定向160
3.8.3 Loaded module database/已加载组件的数据库1
3.8.4 Import parsing/导入解析168
3.8.5 t-import process initialization/后导入进程初始化170
3.8.6 SwitchBack/SwitchBack171
3.8.7 API Sets/API集173
3.9 Jobs/作业176
3.9.1 Job limits/作业177
3.9.2 Working with a job/处理一个作业178
3.9.3 Nested jobs/嵌套作业179
3.9.4 Windows containers (server silos)/
Windows容器(服务器仓库)183
3.10 Conclusion/结论191
4 Threads/第4章 线程193
4.1 Creating threads/创建线程193
4.2 Thread internals/线程内部194
4.2.1 Data structures/数据结构194
4.2.2 Birth of a thread/线程的产生206
4.3 Examining thread activity/检查线程活性207
4.3.1 Limitations on protected process threads/
受保护进程中线程的212
4.4 Thread scheduling/线程调度214
4.4.1 Overview of Windows scheduling/Windows调度概述214
4.4.2 Priority levels/优先级等级215
4.4.3 Thread states/线程状态223
4.4.4 Dispatcher database/调度数据库228
4.4.5 Quantum/量子231
4.4.6 Priority boosts/提高优先级238
4.4.7 Context switching/上下文切换255
4.4.8 Scheduling scenarios/调度场景256
4.4.9 Idle threads/空闲线程260
4.4.10 Thread suspension/线程挂起2
4.4.11 (Deep) freeze/(深度)冻结2
4.4.12 Thread selection/线程选择266
4.4.13 ltiprocessor systems/多处理器系统268
4.4.14 Thread selection on ltiprocessor systems/
多处理器系统的线程选择283
4.4.15 Processor selection/处理器选择284
4.4.16 Heterogeneous scheduling (big.LITTLE)/
多重调度(big.LITTLE)286
4.5 Group-based scheduling/基于组的调度287
4.5.1 Dynamic fair share scheduling/动态公平共享调度289
4.5.2 CPU rate limits/CPU速率292
4.5.3 Dynamic processor addition and replacement/
动态处理器添加和替换295
4.6 Worker factories (thread pools)/工人工厂(线程池)297
4.6.1 Worker factory creation/创建工人工厂298
4.7 Conclusion/结论300
5 Memory management/第5章 内存管理301
5.1 Introduction to the memory manager/内存管理介绍301
5.1.1 Memory manager components/内存管理组件302
5.1.2 Large and small pages/大小页面303
5.1.3 Examining memory usage/检查内存使用305
5.1.4 Internal synchronization/内部同步308
5.2 Services provided by the memory manager/内存管理提供的服务309
5.2.1 Page states and memory allocations/页面状态和内存分配310
5.2.2 Commit charge and commit limit/提交调度和提交313
5.2.3 Locking memory/锁定内存314
5.2.4 Allocation granularity/分配粒度314
5.2.5 Shared memory and mapped files/共享内存和映射文件315
5.2.6 Protecting memory/内存保护317
5.2.7 Data Execution Prevention/数据执行保护319
5.2.8 Copy-on-write/写时复制321
5.2.9 Address Windowing Extensions/地址窗口化扩展232
5.3 Kernel-mode heaps (system memory pools)/内核模式堆(系统内存池)324
5.3.1 Pool sizes/池大小325
5.3.2 Monitoring pool usage/监控池的使用327
5.3.3 Look-aside lists/旁观列表331
5.4 Heap manager/堆管理332
5.4.1 Process heaps/堆进程333
5.4.2 Heap types/堆类型334
5.4.3 The NT heap/NT堆334
5.4.4 Heap synchronization/堆同步334
5.4.5 The low-fragmentation heap/低碎片堆335
5.4.6 The segment heap/分段堆336
5.4.7 Heap security features/堆安全功能341
5.4.8 Heap debugging features/堆调试功能342
5.4.9 Pageheap/页面堆343
5.4.10 Fault-tolerant heap/容错堆347
5.5 Virtual address space layouts/虚拟地址空间布局348
5.5.1 x86 address space layouts/X86地址空间布局349
5.5.2 x86 system address space layout/X86系统地址空间布局352
5.5.3 x86 session space/X86会话空间353
5.5.4 System page table entries/系统页面表条目355
5.5.5 ARM address space layout/ARM地址空间布局356
5.5.6 -bit address space layout/bit地址空间布局357
5.5.7 x virtual addressing limitations/虚拟地址359
5.5.8 Dynamic system virtual address space management/
动态系统虚拟地址空间管理359
5.5.9 System virtual address space quotas/系统虚拟地址空间配额3
5.5.10 User address space layout/用户地址空间布局365
5.6 Address translation/地址转化371
5.6.1 x86 virtual address translation/X86虚拟地址转化371
5.6.2 Translation look-aside buffer/旁观缓冲转化377
5.6.3 x virtual address translation/X虚拟地址转化380
5. ARM virtual address translation/ARM虚拟地址转化381
5.7 Page fault handling/页面错误处理383
5.7.1 Invalid PTEs/非法PTE384
5.7.2 Prototype PTEs/原型PTE385
5.7.3 In-paging I/O/页面内I/O386
5.7.4 Collided page faults/页面错误冲突387
5.7.5 Clustered page faults/页面错误聚集387
5.7.6 Page files/页面文件389
5.7.7 Commit charge and the system commit limit/
提交调度和系统提交394
5.7.8 Commit charge and page file size/提交调度和页面文件大小397
5.8 Stacks/栈398
5.8.1 User stacks/用户栈399
5.8.2 Kernel stacks/内核栈400
5.8.3 DPC stack/DPC栈401
5.9 Virtual address descriptors/虚拟地址描述符401
5.9.1 Process VADs/VAD进程402
5.9.2 Rotate VADs/VAD轮询403
5.10 NUMA/NUMA404
5.11 Section objects/段对象405
5.12 Working sets/工作集412
5.12.1 Demand paging/分页需求413
5.12.2 Logical prefetcher and ReadyBoot/逻辑预取和启动准备413
5.12.3 Placement policy/安置策略416
5.12.4 Working set management/工作集管理417
5.12.5 Balance set manager and swapper/平衡集合管理器和置换器421
5.12.6 System working sets/系统工作集422
5.12.7 Memory notification events/内存提醒事件423
5.13 Page frame number database/页面框架序号数据库425
5.13.1 Page list dynamics/页面动态列表428
5.13.2 Page priority/页面优先级436
5.13.3 Modified page writer and mapped page writer/
修改和映射页面写入438
5.13.4 PFN data structures/PFN数据结构440
5.13.5 Page file reservation/页面文件预定443
5.14 Physical memory limits/物理内存446
5.14.1 Windows client memory limits/Windows客户端内存447
5.15 Memory compression/内存压缩449
5.15.1 Compression illustration/压缩图表450
5.15.2 Compression architecture/压缩架构453
5.16 Memory partitions/内存分割456
5.17 Memory combining/内存联合459
5.17.1 The search phase/寻找阶段460
5.17.2 The classifi cation phase/分类阶段461
5.17.3 The page combining phase/页面联合阶段462
5.17.4 From private to shared PTE/从私有PTE到共享PTE462
5.17.5 Combined pages release/联合页面释放4
5.18 Memory enclaves/内存区467
5.18.1 Programmatic interface/编程接口468
5.18.2 Memory enclave initializations/内存区初始化469
5.18.3 Enclave construction/区结构469
5.18.4 Loading data into an enclave/将数据加载到区471
5.18.5 Initializing an enclave/初始化一个区472
5.19 Proactive memory management (SuperFetch)/
主动内存管理(SuperFetch)472
5.19.1 Components/组件473
5.19.2 Tracing and logging/跟踪和记录474
5.19.3 Scenarios/场景475
5.19.4 Page priority and rebalancing/页面优先级和平衡调整476
5.19.5 Robust performance/鲁棒性能478
5.19.6 ReadyBoost/启动准备479
5.19.7 ReadyDrive/驱动准备480
5.19.8 Process refl ection/进程反射480
5.20 Conclusion/结论482
6 I/O system/第6章 I/O系统483
6.1 I/O system components/I/O系统组件483
6.1.1 The I/O manager/I/O管理器485
6.1.2 Typical I/O processing/典型I/O过程486
6.2 Interrupt Request Levels and Deferred Procedure Calls/
中断请求级别和延迟过程唤醒488
6.2.1 Interrupt Request Levels/中断请求级别488
6.2.2 Deferred Procedure Calls/延迟过程唤醒490
6.3 Device drivers/设备驱动492
6.3.1 Types of device drivers/设备驱动类型492
6.3.2 Structure of a driver/驱动结构498
6.3.3 Driver objects and device objects/驱动对象和设备对象500
6.3.4 Opening devices/设备打开507
I/O processing/I/O过程510
.1 Types of I/O/I/O的种类511
.2 I/O request packets/I/O请求包513
.3 I/O request to a single-layered hardware-based driver/
基于单层硬件驱动的I/O请求525
.4 I/O requests to layered drivers/分层驱动I/O请求533
.5 Thread-agnostic I/O/未知线程I/O536
.6 I/O cancellation/取消I/O537
.7 I/O completion ports/I/O完成端口541
.8 I/O prioritization/I/O优先级546
.9 Container notifications/容器提醒552
6.5 Driver Verifier/驱动验证552
6.5.1 I/O-related verification options/I/O相关验证选项554
6.5.2 Memory-related verification options/内存相关验证选项555
6.6 The Plug and Play manager/即插即用管理器559
6.6.1 Level of Plug and Play support/即插即用支持级别560
6.6.2 Device enumeration/设备枚举561
6.6.3 Device stacks/设备栈563
6. Driver support for Plug and Play/支持即插即用的设备569
6.65 Plug-and-play driver installation/即插即用驱动安装571
6.7 General driver loading and installation/一般驱动的加载和安装575
6.7.1 Driver loading/驱动加载575
6.7.2 Driver installation/驱动安装577
6.8 The Windows Driver Foundation/Windows驱动基础578
6.8.1 Kernel-Mode Driver Framework/内核模式驱动框架579
6.8.2 User-Mode Driver Framework/用户模式驱动框架587
6.9 The power manager/电源管理590
6.9.1 Connected Standby and Modern Standby/连接待机和新版待机594
6.9.2 Power manager operation/电源管理操作595
6.9.3 Driver power operation/驱动电源操作596
6.9.4 Driver and application control of device power/
驱动和设备电源的应用程序控制599
6.9.5 Power management framework/电源管理框架600
6.9.6 Power availability requests/电源可用性请求602
6.10 Conclusion/结论603
7 Security/第7章 安全605
7.1 Security ratings/安全评级605
7.1.1 Trusted Computer System Evaluation Criteria/
可信计算基系统评估标准605
7.1.2 The Common Criteria/普遍标准607
7.2 Security system components/安全系统组件608
7.3 Virtualization-based security/基于虚拟化的安全611
7.3.1 Credential Guard/证书防护612
7.3.2 Device Guard/设备防护617
7.4 Protecting objects/保护对象619
7.4.1 Access checks/访问验证621
7.4.2 Security identifiers/安全标识625
7.4.3 Virtual service accounts/虚拟服务账户6
7.4.4 Security descriptors and access control/安全描述符和访问控制650
7.4.5 Dynamic Access Control/动态访问控制666
7.5 The AuthZ API/AuthZ API666
7.5.1 Conditional ACEs/条件响应ACE667
7.6 Account rights and privileges/账户权限和特权668
7.6.1 Account rights/账户权限669
7.6.2 Privileges/特权670
7.6.3 Super privileges/特权675
7.7 Access tokens of processes and threads/进程和线程的账户口令677
7.8 Security auditing/安全审计677
7.8.1 Object access auditing/对象访问审计679
7.8.2 Global audit policy/全局审计策略682
7.8.3 Advanced Audit Policy settings/不错审计策略设置683
7.9 AppContainers/应用容器684
7.9.1 Overview of UWP apps/UWP应用概述685
7.9.2 The AppContainer/应用容器687
7.10 Logon/登录710
7.10.1 Winlogon initialization/Winlogon初始化711
7.10.2 User logon steps/用户登录步骤713
7.10.3 Assured authentication/确信的认证718
7.10.4 Windows Biometric Framework/Windows生物识别验证719
7.10.5 Windows Hello/Windows你好721
7.11 User Account Control and virtualization/用户账户控制和虚拟化722
7.11.1 File system and registry virtualization/
文件系统和注册表虚拟化722
7.11.2 Elevation/提升729
7.12 Exploit mitigations/攻击缓解735
7.12.1 Process-mitigation policies/进程缓解策略735
7.12.2 Control Flow Integrity/控制流完整性740
7.12.3 Security assertions/安全断言752
7.13 Application Identifi cation/应用程序标识756
7.14 AppLocker/应用锁757
7.15 Software Restriction Policies/软件策略762
7.16 Kernel Patch Protection/内核补丁保护7
7.17 PatchGuard/补丁防护765
7.18 HyperGuard/高度防护768
7.19 Conclusion/结论770
Index/索引771
1 Concepts and tools/章 概念和工具1
1.1 Windows operating system versions/Windows操作系统版本1
1.1.1 Windows 10 and future Windows versions/
Windows 10和后续Windows版本3
1.1.2 Windows 10 and OneCore/Windows 10和Windows系统核心3
1.2 Foundation concepts and terms/基本概念和术语4
1.2.1 Windows API/Windows API4
1.2.2 Services, functions, and routines/服务、功能和例行程序7
1.2.3 Processes/进程8
1.2.4 Threads/线程18
1.2.5 Jobs/作业20
1.2.6 Virtual memory/虚拟内存21
1.2.7 Kernel mode vs. user mode/内核模式vs用户模式23
1.2.8 Hypervisor/虚拟机管理程序27
1.2.9 Firmware/固件版本29
1.3.0 Terminal Services and ltiple sessions/终端服务和多会话29
1.3.1 Objects and handles/对象和处理30
1.3.2 Security/安全31
1.3.3 Registry/注册表32
1.3.4 Unicode/Unicode编码33
1.3 Digging into Windows internals/深入挖掘Windows内部35
1.3.1 Performance Monitor and Resource Monitor/
性能监控和资源监控36
1.3.2 Kernel debugging/内核调试38
1.3.3 Windows Software Development Kit/Windows SDK43
1.3.4 Windows Driver Kit/Windows驱动套件43
1.3.5 Sysinternals tools/五大利器44
1.4 结论44
2 System architecture/第 2章 系统架构45
2.1 Requirements and design goals/需求和设计目标45
2.2 Operating system model/操作系统模型46
2.3 Architecture overview/架构概述47
2.3.1 Portability/可移植性50
2.3.2 Symmetric ltiprocessing/对称多处理51
2.3.3 Scalability/可扩展性53
2.3.4 Differences between client and server versions/
客户端和服务端版本的差异54
2.3.5 Checked build/已验证版本57
2.4 Virtualization-based security architecture overview/
基于虚拟化技术的安全架构概述59
2.5 Key system components/核心系统组件61
2.5.1 Environment subsystems and subsystem DLLs/
环境子系统和子系统DLL62
2.5.2 Other subsystems/其他子系统68
2.5.3 Executive/执行性72
2.5.4 Kernel/内核75
2.5.5 Hardware abstraction layer/硬件抽象层79
2.5.6 Device drivers/设备驱动82
2.5.7 System processes/系统进程88
2.6 Conclusion/结论99
3 Processes and jobs/第3章 进程和作业101
3.1 Creating a process/创建一个进程101
3.1.1 CreateProcess* functions arguments/CreateProcess*函数参数102
3.1.2 Creating Windows modern processes/创建Windows进程103
3.1.3 Creating other kinds of processes/创建其他类型线程104
3.2 Process internals/进程核心105
3.3 Protected processes/受保护的进程113
3.3.1 Protected Process Light (PPL)/PPL115
3.3.2 Third-party PPL support/第三方PPL支持119
3.4 Minimal and Pico processes/小进程和微进程120
3.4.1 Minimal processes/小进程120
3.4.2 Pico processes/微进程121
3.5 Trustlets (secure processes)/Trustlets(安全进程)123
3.5.1 Trustlet structure/Trustlet结构123
3.5.2 Trustlet policy metadata/Trustlet策略元数据124
3.5.3 Trustlet attributes/Trustlet属性125
3.5.4 System built-in Trustlets/系统内置Trustlets125
3.5.5 Trustlet identity/Trustlet标识126
3.5.6 Isolated user-mode services/隔离的用户模式服务127
3.5.7 Trustlet-accessible system calls/Trustlet可访问的系统调用128
3.6 Flow of CreateProcess/创建进程流程129
3.6.1 Stage 1: Converting and validating parameters andflags/
阶段1:转换并验证参数和标记131
3.6.2 Stage 2: Opening the image to be executed/
阶段2:打开要执行的镜像135
3.6.3 Stage 3: Creating the Windows executive process object/
阶段3:创建Windows可执行进程对象138
3. Stage 4: Creating the initial thread and its stack and context/
阶段4:创建初始线程以及它的堆栈和上下文144
3.6.5 Stage 5: Performing Windows subsystem–specific initialization/
阶段5:执行Windows子系统的特殊初始化146
3.6.6 Stage 6: Starting execution of the initial thread/
阶段6:开始执行初始线程148
3.6.7 Stage 7: Performing process initialization in the context of the new process/
阶段7:在新进程中的上下文执行进程初始化148
3.7 Terminating a process/终止一个进程154
3.8 Image loader/镜像加载器155
3.8.1 Early process initialization/早期进程初始化157
3.8.2 DLL name resolution and redirection/DLL名称解析和重定向160
3.8.3 Loaded module database/已加载组件的数据库1
3.8.4 Import parsing/导入解析168
3.8.5 t-import process initialization/后导入进程初始化170
3.8.6 SwitchBack/SwitchBack171
3.8.7 API Sets/API集173
3.9 Jobs/作业176
3.9.1 Job limits/作业177
3.9.2 Working with a job/处理一个作业178
3.9.3 Nested jobs/嵌套作业179
3.9.4 Windows containers (server silos)/
Windows容器(服务器仓库)183
3.10 Conclusion/结论191
4 Threads/第4章 线程193
4.1 Creating threads/创建线程193
4.2 Thread internals/线程内部194
4.2.1 Data structures/数据结构194
4.2.2 Birth of a thread/线程的产生206
4.3 Examining thread activity/检查线程活性207
4.3.1 Limitations on protected process threads/
受保护进程中线程的212
4.4 Thread scheduling/线程调度214
4.4.1 Overview of Windows scheduling/Windows调度概述214
4.4.2 Priority levels/优先级等级215
4.4.3 Thread states/线程状态223
4.4.4 Dispatcher database/调度数据库228
4.4.5 Quantum/量子231
4.4.6 Priority boosts/提高优先级238
4.4.7 Context switching/上下文切换255
4.4.8 Scheduling scenarios/调度场景256
4.4.9 Idle threads/空闲线程260
4.4.10 Thread suspension/线程挂起2
4.4.11 (Deep) freeze/(深度)冻结2
4.4.12 Thread selection/线程选择266
4.4.13 ltiprocessor systems/多处理器系统268
4.4.14 Thread selection on ltiprocessor systems/
多处理器系统的线程选择283
4.4.15 Processor selection/处理器选择284
4.4.16 Heterogeneous scheduling (big.LITTLE)/
多重调度(big.LITTLE)286
4.5 Group-based scheduling/基于组的调度287
4.5.1 Dynamic fair share scheduling/动态公平共享调度289
4.5.2 CPU rate limits/CPU速率292
4.5.3 Dynamic processor addition and replacement/
动态处理器添加和替换295
4.6 Worker factories (thread pools)/工人工厂(线程池)297
4.6.1 Worker factory creation/创建工人工厂298
4.7 Conclusion/结论300
5 Memory management/第5章 内存管理301
5.1 Introduction to the memory manager/内存管理介绍301
5.1.1 Memory manager components/内存管理组件302
5.1.2 Large and small pages/大小页面303
5.1.3 Examining memory usage/检查内存使用305
5.1.4 Internal synchronization/内部同步308
5.2 Services provided by the memory manager/内存管理提供的服务309
5.2.1 Page states and memory allocations/页面状态和内存分配310
5.2.2 Commit charge and commit limit/提交调度和提交313
5.2.3 Locking memory/锁定内存314
5.2.4 Allocation granularity/分配粒度314
5.2.5 Shared memory and mapped files/共享内存和映射文件315
5.2.6 Protecting memory/内存保护317
5.2.7 Data Execution Prevention/数据执行保护319
5.2.8 Copy-on-write/写时复制321
5.2.9 Address Windowing Extensions/地址窗口化扩展232
5.3 Kernel-mode heaps (system memory pools)/内核模式堆(系统内存池)324
5.3.1 Pool sizes/池大小325
5.3.2 Monitoring pool usage/监控池的使用327
5.3.3 Look-aside lists/旁观列表331
5.4 Heap manager/堆管理332
5.4.1 Process heaps/堆进程333
5.4.2 Heap types/堆类型334
5.4.3 The NT heap/NT堆334
5.4.4 Heap synchronization/堆同步334
5.4.5 The low-fragmentation heap/低碎片堆335
5.4.6 The segment heap/分段堆336
5.4.7 Heap security features/堆安全功能341
5.4.8 Heap debugging features/堆调试功能342
5.4.9 Pageheap/页面堆343
5.4.10 Fault-tolerant heap/容错堆347
5.5 Virtual address space layouts/虚拟地址空间布局348
5.5.1 x86 address space layouts/X86地址空间布局349
5.5.2 x86 system address space layout/X86系统地址空间布局352
5.5.3 x86 session space/X86会话空间353
5.5.4 System page table entries/系统页面表条目355
5.5.5 ARM address space layout/ARM地址空间布局356
5.5.6 -bit address space layout/bit地址空间布局357
5.5.7 x virtual addressing limitations/虚拟地址359
5.5.8 Dynamic system virtual address space management/
动态系统虚拟地址空间管理359
5.5.9 System virtual address space quotas/系统虚拟地址空间配额3
5.5.10 User address space layout/用户地址空间布局365
5.6 Address translation/地址转化371
5.6.1 x86 virtual address translation/X86虚拟地址转化371
5.6.2 Translation look-aside buffer/旁观缓冲转化377
5.6.3 x virtual address translation/X虚拟地址转化380
5. ARM virtual address translation/ARM虚拟地址转化381
5.7 Page fault handling/页面错误处理383
5.7.1 Invalid PTEs/非法PTE384
5.7.2 Prototype PTEs/原型PTE385
5.7.3 In-paging I/O/页面内I/O386
5.7.4 Collided page faults/页面错误冲突387
5.7.5 Clustered page faults/页面错误聚集387
5.7.6 Page files/页面文件389
5.7.7 Commit charge and the system commit limit/
提交调度和系统提交394
5.7.8 Commit charge and page file size/提交调度和页面文件大小397
5.8 Stacks/栈398
5.8.1 User stacks/用户栈399
5.8.2 Kernel stacks/内核栈400
5.8.3 DPC stack/DPC栈401
5.9 Virtual address descriptors/虚拟地址描述符401
5.9.1 Process VADs/VAD进程402
5.9.2 Rotate VADs/VAD轮询403
5.10 NUMA/NUMA404
5.11 Section objects/段对象405
5.12 Working sets/工作集412
5.12.1 Demand paging/分页需求413
5.12.2 Logical prefetcher and ReadyBoot/逻辑预取和启动准备413
5.12.3 Placement policy/安置策略416
5.12.4 Working set management/工作集管理417
5.12.5 Balance set manager and swapper/平衡集合管理器和置换器421
5.12.6 System working sets/系统工作集422
5.12.7 Memory notification events/内存提醒事件423
5.13 Page frame number database/页面框架序号数据库425
5.13.1 Page list dynamics/页面动态列表428
5.13.2 Page priority/页面优先级436
5.13.3 Modified page writer and mapped page writer/
修改和映射页面写入438
5.13.4 PFN data structures/PFN数据结构440
5.13.5 Page file reservation/页面文件预定443
5.14 Physical memory limits/物理内存446
5.14.1 Windows client memory limits/Windows客户端内存447
5.15 Memory compression/内存压缩449
5.15.1 Compression illustration/压缩图表450
5.15.2 Compression architecture/压缩架构453
5.16 Memory partitions/内存分割456
5.17 Memory combining/内存联合459
5.17.1 The search phase/寻找阶段460
5.17.2 The classifi cation phase/分类阶段461
5.17.3 The page combining phase/页面联合阶段462
5.17.4 From private to shared PTE/从私有PTE到共享PTE462
5.17.5 Combined pages release/联合页面释放4
5.18 Memory enclaves/内存区467
5.18.1 Programmatic interface/编程接口468
5.18.2 Memory enclave initializations/内存区初始化469
5.18.3 Enclave construction/区结构469
5.18.4 Loading data into an enclave/将数据加载到区471
5.18.5 Initializing an enclave/初始化一个区472
5.19 Proactive memory management (SuperFetch)/
主动内存管理(SuperFetch)472
5.19.1 Components/组件473
5.19.2 Tracing and logging/跟踪和记录474
5.19.3 Scenarios/场景475
5.19.4 Page priority and rebalancing/页面优先级和平衡调整476
5.19.5 Robust performance/鲁棒性能478
5.19.6 ReadyBoost/启动准备479
5.19.7 ReadyDrive/驱动准备480
5.19.8 Process refl ection/进程反射480
5.20 Conclusion/结论482
6 I/O system/第6章 I/O系统483
6.1 I/O system components/I/O系统组件483
6.1.1 The I/O manager/I/O管理器485
6.1.2 Typical I/O processing/典型I/O过程486
6.2 Interrupt Request Levels and Deferred Procedure Calls/
中断请求级别和延迟过程唤醒488
6.2.1 Interrupt Request Levels/中断请求级别488
6.2.2 Deferred Procedure Calls/延迟过程唤醒490
6.3 Device drivers/设备驱动492
6.3.1 Types of device drivers/设备驱动类型492
6.3.2 Structure of a driver/驱动结构498
6.3.3 Driver objects and device objects/驱动对象和设备对象500
6.3.4 Opening devices/设备打开507
I/O processing/I/O过程510
.1 Types of I/O/I/O的种类511
.2 I/O request packets/I/O请求包513
.3 I/O request to a single-layered hardware-based driver/
基于单层硬件驱动的I/O请求525
.4 I/O requests to layered drivers/分层驱动I/O请求533
.5 Thread-agnostic I/O/未知线程I/O536
.6 I/O cancellation/取消I/O537
.7 I/O completion ports/I/O完成端口541
.8 I/O prioritization/I/O优先级546
.9 Container notifications/容器提醒552
6.5 Driver Verifier/驱动验证552
6.5.1 I/O-related verification options/I/O相关验证选项554
6.5.2 Memory-related verification options/内存相关验证选项555
6.6 The Plug and Play manager/即插即用管理器559
6.6.1 Level of Plug and Play support/即插即用支持级别560
6.6.2 Device enumeration/设备枚举561
6.6.3 Device stacks/设备栈563
6. Driver support for Plug and Play/支持即插即用的设备569
6.65 Plug-and-play driver installation/即插即用驱动安装571
6.7 General driver loading and installation/一般驱动的加载和安装575
6.7.1 Driver loading/驱动加载575
6.7.2 Driver installation/驱动安装577
6.8 The Windows Driver Foundation/Windows驱动基础578
6.8.1 Kernel-Mode Driver Framework/内核模式驱动框架579
6.8.2 User-Mode Driver Framework/用户模式驱动框架587
6.9 The power manager/电源管理590
6.9.1 Connected Standby and Modern Standby/连接待机和新版待机594
6.9.2 Power manager operation/电源管理操作595
6.9.3 Driver power operation/驱动电源操作596
6.9.4 Driver and application control of device power/
驱动和设备电源的应用程序控制599
6.9.5 Power management framework/电源管理框架600
6.9.6 Power availability requests/电源可用性请求602
6.10 Conclusion/结论603
7 Security/第7章 安全605
7.1 Security ratings/安全评级605
7.1.1 Trusted Computer System Evaluation Criteria/
可信计算基系统评估标准605
7.1.2 The Common Criteria/普遍标准607
7.2 Security system components/安全系统组件608
7.3 Virtualization-based security/基于虚拟化的安全611
7.3.1 Credential Guard/证书防护612
7.3.2 Device Guard/设备防护617
7.4 Protecting objects/保护对象619
7.4.1 Access checks/访问验证621
7.4.2 Security identifiers/安全标识625
7.4.3 Virtual service accounts/虚拟服务账户6
7.4.4 Security descriptors and access control/安全描述符和访问控制650
7.4.5 Dynamic Access Control/动态访问控制666
7.5 The AuthZ API/AuthZ API666
7.5.1 Conditional ACEs/条件响应ACE667
7.6 Account rights and privileges/账户权限和特权668
7.6.1 Account rights/账户权限669
7.6.2 Privileges/特权670
7.6.3 Super privileges/特权675
7.7 Access tokens of processes and threads/进程和线程的账户口令677
7.8 Security auditing/安全审计677
7.8.1 Object access auditing/对象访问审计679
7.8.2 Global audit policy/全局审计策略682
7.8.3 Advanced Audit Policy settings/不错审计策略设置683
7.9 AppContainers/应用容器684
7.9.1 Overview of UWP apps/UWP应用概述685
7.9.2 The AppContainer/应用容器687
7.10 Logon/登录710
7.10.1 Winlogon initialization/Winlogon初始化711
7.10.2 User logon steps/用户登录步骤713
7.10.3 Assured authentication/确信的认证718
7.10.4 Windows Biometric Framework/Windows生物识别验证719
7.10.5 Windows Hello/Windows你好721
7.11 User Account Control and virtualization/用户账户控制和虚拟化722
7.11.1 File system and registry virtualization/
文件系统和注册表虚拟化722
7.11.2 Elevation/提升729
7.12 Exploit mitigations/攻击缓解735
7.12.1 Process-mitigation policies/进程缓解策略735
7.12.2 Control Flow Integrity/控制流完整性740
7.12.3 Security assertions/安全断言752
7.13 Application Identifi cation/应用程序标识756
7.14 AppLocker/应用锁757
7.15 Software Restriction Policies/软件策略762
7.16 Kernel Patch Protection/内核补丁保护7
7.17 PatchGuard/补丁防护765
7.18 HyperGuard/高度防护768
7.19 Conclusion/结论770
Index/索引771
从Windows 8开始,微软开始了一个将操作系统融合的过程。而在Windows 10中,这个融合已经趋于,它运行在台式计算机/笔记本电脑、服务器、XBOX One、手机(Windows Mobile 10)、HoloLens和各种物联网设备上。本书作为深度解析Windows操作系统这一系列的第7版(部分即卷1),其内容则涵盖了Windows从Windows 8到Windows 10演变过程中的各个方面。
本书介绍了Windows 10和Windows Sever 2016的架构与核心内部结构。通过本书,读者可以了解Windows系统架构及其一般组件,掌握如何使用诸如内核调试器之类的工具来探索内部数据结构,也可以了解Windows如何使用流程进行管理和隔离,理解和查看线程调度以及如何管理CPU资源,还可以深入理解Windows安全模型,包括在安全措施方面的新进展,并了解Wind等
本书介绍了Windows 10和Windows Sever 2016的架构与核心内部结构。通过本书,读者可以了解Windows系统架构及其一般组件,掌握如何使用诸如内核调试器之类的工具来探索内部数据结构,也可以了解Windows如何使用流程进行管理和隔离,理解和查看线程调度以及如何管理CPU资源,还可以深入理解Windows安全模型,包括在安全措施方面的新进展,并了解Wind等
(以)帕维尔·尤西夫维奇(Pavel Yosifovich) 等 著
帕维尔·尤西夫维奇(Pavel Yosifovich)是一位专注于Microsoft技术和工具的开发人员、培训师和作者。他是Microsoft的MVP和Pluralsight的作者。
亚历克斯·约内斯库(Alex Ionescu)是CrowdStrike公司EDR战略副总裁,同时也是认可的低级别系统软件、操作系统研究和内核开发、安全培训和逆向工程方面的专家。
马克·拉希诺维奇(Mark Russinovich)是微软企业级云平台Azure的首席技术官,也是分布式系统和操作系统领域认可的专家。他是Winternal软件公司的联合创始人,也是Sysinternals工具和网等
亚历克斯·约内斯库(Alex Ionescu)是CrowdStrike公司EDR战略副总裁,同时也是认可的低级别系统软件、操作系统研究和内核开发、安全培训和逆向工程方面的专家。
马克·拉希诺维奇(Mark Russinovich)是微软企业级云平台Azure的首席技术官,也是分布式系统和操作系统领域认可的专家。他是Winternal软件公司的联合创始人,也是Sysinternals工具和网等
