InternetDog 发表于 2020-9-6 15:03

Windows Internals Part 1 7th Edition with Sysinternals Suite and Extra Software

本帖最后由 Pythonic_vi 于 2020-9-7 13:11 编辑



The definitive guide–fully updated for Windows 10 and Windows Server 2016
Delve inside Windows architecture and internals, and see how core components work behind the scenes. Led by a team of internals experts, this classic guide has been fully updated for Windows 10 and Windows Server 2016.
Whether you are a developer or an IT professional, you’ll get critical, insider perspectives on how Windows operates. And through hands-on experiments, you’ll experience its internal behavior firsthand–knowledge you can apply to improve application design, debugging, system performance, and support.
This book will help you:
·      Understand the Window system architecture and its most important entities, such as processes and threads
·      Examine how processes manage resources and threads scheduled for execution inside processes
·      Observe how Windows manages virtual and physical memory
·      Dig into the Windows I/O system and see how device drivers work and integrate with the rest of the system
·      Go inside the Windows security model to see how it manages access, auditing, and authorization, and learn about the new mechanisms in Windows 10 and Server 2016
Table of Contents      

Chapter 1: Concepts and tools      
Windows operating system versions                              
Foundation concepts and terms   
Digging into Windows internals      
Conclusion
                           
Chapter 2:System architecture      
Requirements and design goals      
Operating system model                        
Architecture overview                                 
Virtualization-based security architecture overview                  
Key system components                           
Conclusion
                           
Chapter 3: Processes and jobs         
Creating a process         
Process internals         
Protected processes   
Minimal and Pico processes               
Trustlets (secure processes)               
Flow of CreateProcess                                    
Terminating a process                              
Image loader                        
Jobs                                                
Conclusion
                           
Chapter 4: Threads         
Creating threads            
Thread internals         
Examining thread activity                     
Thread scheduling      
Group-based scheduling                        
Worker factories (thread pools)         
Conclusion                           

Chapter 5: Memory management   
Introduction to the memory manager                        
Services provided by the memory manager            
Kernel-mode heaps (system memory pools)         
Heap manager                     
Virtual address space layouts            
Address translation   
Page fault handling      
Stacks      
Virtual address descriptors               
NUMA   
Section objects               
Working sets                        
Page frame number database            
Physical memory limits                           
Memory compression                                 
Memory partitions   
Memory combining   
Memory enclaves         
Proactive memory management (SuperFetch)
Conclusion
                           
Chapter 6: I/O system      
I/O system components                           
Interrupt Request Levels and Deferred Procedure Calls         
Device drivers                  
I/O processing                  
Driver Verifier                  
The Plug and Play manager                  
General driver loading and installation                     
The Windows Driver Foundation   
The power manager   
Conclusion
                           
Chapter 7: Security            
Security ratings            
Security system components            
Virtualization-based security         
Protecting objects      
The AuthZ API                  
Account rights and privileges            
Access tokens of processes and threads                     
Security auditing         
AppContainers               
Logon      
User Account Control and virtualization                  
Exploit mitigations   
Application Identification                     
AppLocker                              
Software Restriction Policies            
Kernel Patch Protection                           
PatchGuard                        
HyperGuard                        

Conclusion
Software for book
Sysinternals Suite:

https://docs.microsoft.com/zh-cn/sysinternals/downloads/sysinternals-suite/ or https://down.52pojie.cn/Tools/Anti_Rootkit/SysinternalsSuite.zip

Windows Internals Book 7th Edition Tools
The Windows Internals book, 7th edition Part 1, uses many tools to demonstrate various features of the Windows operating system. Most are from Sysinternals (http://www.sysinternals.com) and built-in tools. But some tools were written by Alex Ionescu and myself and used in the book; these are be published here with full source code.

Please note that these tools were NOT written by or endorsed by Microsoft. They are provided "as is" without any warranties or guarantees. For all I know, they might format your hard drive or even the entire World Wide Web. :) Use at your own risk!
MIT License

Copyright (c) 2019 Pavel Yosifovich & Alex Ionescu

Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.



DOWNLOAD ALL FILES HERE ==>>





qttx 发表于 2020-9-13 21:07

是win7系统吗

寒冰流火 发表于 2020-9-8 14:18

Pythonic_vi 发表于 2020-9-7 18:59
翻译过程不可避免会加上主观内容,技术类著作还是看原版的好,糟糕的翻译只会让人反感与费解.

一个糟糕 ...

楼主持中立的立场无个人主观看法保持原汁原味可贵   谢谢!

寒冰流火 发表于 2020-9-7 13:05

纯银文的 吃力还是谢谢楼主分享

rep_su 发表于 2020-9-7 22:16

感谢,英文版只能慢慢看了

pvoid 发表于 2020-9-7 23:23

啥东西啊   直接发不行吗?

xxjj999 发表于 2020-9-7 20:15

谢谢楼主分享

iokeyz 发表于 2020-9-7 12:55

Part 1 出来好几年了,Part 2 一拖再拖,到现在还没出版{:301_998:}

DA111 发表于 2020-9-7 19:43

我感觉我学了个假英文

InternetDog 发表于 2020-9-7 18:22

iokeyz 发表于 2020-9-7 12:55
Part 1 出来好几年了,Part 2 一拖再拖,到现在还没出版

年底前有望看到Part2出版吧
培生微软官方商店说是12月18出版,
Published 12/18/2020
7th Edition
亚马逊上说是9月10号出版
Publisher : Microsoft Press; 7th Edition (September 10, 2020)
:lol希望不要再拖了,和第六版比,更新了挺多东西.

Drill down into Windows architecture and internals, discover how core Windows components work behind the scenes, and master information you can continually apply to improve architecture, development, system administration, and support.
Led by three renowned Windows internals experts, this classic guide is now fully updated for Windows 10 and 8.x. As always, it combines unparalleled insider perspectives on how Windows behaves “under the hood” with hands-on experiments that let you experience these hidden behaviors firsthand.
Part 2 examines these and other key Windows 10 OS components and capabilities:

    Startup and shutdown
    The Windows Registry
    Windows management mechanisms
    WMI
    System mechanisms
    ALPC
    ETW
    Cache Manager
    Windows file systems
    The hypervisor and virtualization
    UWP Activation

Revised throughout, this edition also contains three entirely new chapters:

    Virtualization technologies
    Management diagnostics and tracing
    Caching and file system support

InternetDog 发表于 2020-9-7 18:59

寒冰流火 发表于 2020-9-7 13:05
纯银文的 吃力还是谢谢楼主分享

翻译过程不可避免会加上主观内容,技术类著作还是看原版的好,糟糕的翻译只会让人反感与费解.

一个糟糕的旧翻译,经常被用来举例:
Robustness-->鲁棒性 :lol

InternetDog 发表于 2020-9-7 19:14

Windows Internals 6th Edition也上传了,

放在附件地址里的history目录下

对于仍在坚守win7的朋友还是用得上的.:handshake
页: [1] 2 3
查看完整版本: Windows Internals Part 1 7th Edition with Sysinternals Suite and Extra Software