Windows Internals Part 1 7th Edition with Sysinternals Suite and Extra Software
本帖最后由 Pythonic_vi 于 2020-9-7 13:11 编辑The definitive guide–fully updated for Windows 10 and Windows Server 2016
Delve inside Windows architecture and internals, and see how core components work behind the scenes. Led by a team of internals experts, this classic guide has been fully updated for Windows 10 and Windows Server 2016.
Whether you are a developer or an IT professional, you’ll get critical, insider perspectives on how Windows operates. And through hands-on experiments, you’ll experience its internal behavior firsthand–knowledge you can apply to improve application design, debugging, system performance, and support.
This book will help you:
· Understand the Window system architecture and its most important entities, such as processes and threads
· Examine how processes manage resources and threads scheduled for execution inside processes
· Observe how Windows manages virtual and physical memory
· Dig into the Windows I/O system and see how device drivers work and integrate with the rest of the system
· Go inside the Windows security model to see how it manages access, auditing, and authorization, and learn about the new mechanisms in Windows 10 and Server 2016
Table of Contents
Chapter 1: Concepts and tools
Windows operating system versions
Foundation concepts and terms
Digging into Windows internals
Conclusion
Chapter 2:System architecture
Requirements and design goals
Operating system model
Architecture overview
Virtualization-based security architecture overview
Key system components
Conclusion
Chapter 3: Processes and jobs
Creating a process
Process internals
Protected processes
Minimal and Pico processes
Trustlets (secure processes)
Flow of CreateProcess
Terminating a process
Image loader
Jobs
Conclusion
Chapter 4: Threads
Creating threads
Thread internals
Examining thread activity
Thread scheduling
Group-based scheduling
Worker factories (thread pools)
Conclusion
Chapter 5: Memory management
Introduction to the memory manager
Services provided by the memory manager
Kernel-mode heaps (system memory pools)
Heap manager
Virtual address space layouts
Address translation
Page fault handling
Stacks
Virtual address descriptors
NUMA
Section objects
Working sets
Page frame number database
Physical memory limits
Memory compression
Memory partitions
Memory combining
Memory enclaves
Proactive memory management (SuperFetch)
Conclusion
Chapter 6: I/O system
I/O system components
Interrupt Request Levels and Deferred Procedure Calls
Device drivers
I/O processing
Driver Verifier
The Plug and Play manager
General driver loading and installation
The Windows Driver Foundation
The power manager
Conclusion
Chapter 7: Security
Security ratings
Security system components
Virtualization-based security
Protecting objects
The AuthZ API
Account rights and privileges
Access tokens of processes and threads
Security auditing
AppContainers
Logon
User Account Control and virtualization
Exploit mitigations
Application Identification
AppLocker
Software Restriction Policies
Kernel Patch Protection
PatchGuard
HyperGuard
Conclusion
Software for book
Sysinternals Suite:
https://docs.microsoft.com/zh-cn/sysinternals/downloads/sysinternals-suite/ or https://down.52pojie.cn/Tools/Anti_Rootkit/SysinternalsSuite.zip
Windows Internals Book 7th Edition Tools
The Windows Internals book, 7th edition Part 1, uses many tools to demonstrate various features of the Windows operating system. Most are from Sysinternals (http://www.sysinternals.com) and built-in tools. But some tools were written by Alex Ionescu and myself and used in the book; these are be published here with full source code.
Please note that these tools were NOT written by or endorsed by Microsoft. They are provided "as is" without any warranties or guarantees. For all I know, they might format your hard drive or even the entire World Wide Web. :) Use at your own risk!
MIT License
Copyright (c) 2019 Pavel Yosifovich & Alex Ionescu
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.
DOWNLOAD ALL FILES HERE ==>>
是win7系统吗
Pythonic_vi 发表于 2020-9-7 18:59
翻译过程不可避免会加上主观内容,技术类著作还是看原版的好,糟糕的翻译只会让人反感与费解.
一个糟糕 ...
楼主持中立的立场无个人主观看法保持原汁原味可贵 谢谢! 纯银文的 吃力还是谢谢楼主分享 感谢,英文版只能慢慢看了 啥东西啊 直接发不行吗? 谢谢楼主分享 Part 1 出来好几年了,Part 2 一拖再拖,到现在还没出版{:301_998:} 我感觉我学了个假英文 iokeyz 发表于 2020-9-7 12:55
Part 1 出来好几年了,Part 2 一拖再拖,到现在还没出版
年底前有望看到Part2出版吧
培生微软官方商店说是12月18出版,
Published 12/18/2020
7th Edition
亚马逊上说是9月10号出版
Publisher : Microsoft Press; 7th Edition (September 10, 2020)
:lol希望不要再拖了,和第六版比,更新了挺多东西.
Drill down into Windows architecture and internals, discover how core Windows components work behind the scenes, and master information you can continually apply to improve architecture, development, system administration, and support.
Led by three renowned Windows internals experts, this classic guide is now fully updated for Windows 10 and 8.x. As always, it combines unparalleled insider perspectives on how Windows behaves “under the hood” with hands-on experiments that let you experience these hidden behaviors firsthand.
Part 2 examines these and other key Windows 10 OS components and capabilities:
Startup and shutdown
The Windows Registry
Windows management mechanisms
WMI
System mechanisms
ALPC
ETW
Cache Manager
Windows file systems
The hypervisor and virtualization
UWP Activation
Revised throughout, this edition also contains three entirely new chapters:
Virtualization technologies
Management diagnostics and tracing
Caching and file system support
寒冰流火 发表于 2020-9-7 13:05
纯银文的 吃力还是谢谢楼主分享
翻译过程不可避免会加上主观内容,技术类著作还是看原版的好,糟糕的翻译只会让人反感与费解.
一个糟糕的旧翻译,经常被用来举例:
Robustness-->鲁棒性 :lol
Windows Internals 6th Edition也上传了,
放在附件地址里的history目录下
对于仍在坚守win7的朋友还是用得上的.:handshake