深入解析Windows操作系统

章节摘录

版权页：   插图：   This logical behavior (which helps ensure that administrators will always have full control of the running code on the system) clashes with the system behavior for digital rights management require-ments imposed by the media industry on computer operating systems that need to support playback of advanced, high-quality digital content such as Blu-ray and HD-DVD media. To support reliable and protected playback of such content, Windows uses protected processes. These processes exist along-side normal Windows processes, but they add significant constraints to the access rights that other processes on the system (even when running with administrative privileges) can request. Protected processes can be created by any application; however, the operating system will allow a process to be protected only if the image file has been digitally signed with a special Windows Media Certificate. The Protected Media Path (PMP) in Windows makes use of protected processes to provide protection for high-value media, and developers of applications such as DVD players can make use of protected processes by using the Media Foundation API. The Audio Device Graph process (Audiodg.exe) is a protected process because protected music content can be decoded through it. Similarly, the Windows Error Reporting (or WER, discussed in Chapter 3) client process (Werfault.exe) can also run protected because it needs to have access to protected processes in case one of them crashes. Finally, the System process itself is protected because some of the decryption information is generated by the Ksecdd.sys driver and stored in its user-mode memory. The System process is also protected to protect the integrity of all kernel handles (because the System process' handle table contains all the kernel handles on the system).

名人推荐

“在微软。我们一直用本书培训新员工……本书是深入理解Windows的绝佳入门书。” ——Windows之父 Jim AIlchin “每一位操作系统开发人员都应该拥有本书。” ——微软技术院士、Windows NT首席设计师 David Cutler “我想不出还有哪一本书比本书更具权威性。” ——微软公司副总裁 Ben Fathi

内容概要

作者:(美)Mark Russinovich，(美)David Solomon，(加)Alex Ionescu

书籍目录

Chapter 1 Concepts and Tools1

Windows Operating System Versions1

Foundation Concepts and Terms2

Windows API2

Services, Functions, and Routines4

Processes, Threads, and Jobs5

Virtual Memory15

Kernel Mode vs. User Mode17

Terminal Services and Multiple Sessions20

Objects and Handles21

Security22

Registry23

Unicode24

Digging into Windows Internals24

Performance Monitor25

Kernel Debugging26

Windows Software Development Kit31

Windows Driver Kit31

Sysinternals Tools32

Conclusion32

Chapter 2 System Architecture33

Requirements and Design Goals33

Operating System Model34

Architecture Overview35

Portability37

Symmetric Multiprocessing38

Scalability40

Differences Between Client and Server Versions41

Checked Build45

Key System Components46

Environment Subsystems and Subsystem DLLs48

Ntdll.dll53

Executive54

Kernel57

Hardware Abstraction Layer60

Device Drivers63

System Processes68

Conclusion78

Chapter 3 System Mechanisms79

Trap Dispatching79

Interrupt Dispatching81

Timer Processing112

Exception Dispatching123

System Service Dispatching132

Object Manager140

Executive Objects143

Object Structure145

Synchronization176

High-IRQL Synchronization178

Low-IRQL Synchronization183

System Worker Threads205

Windows Global Flags207

Advanced Local Procedure Call209

Connection Model210

Message Model211

Asynchronous Operation213

Views, Regions, and Sections214

Attributes215

Blobs, Handles, and Resources215

Security216

Performance217

Debugging and Tracing218

Kernel Event Tracing220

Wow64224

Wow64 Process Address Space Layout224

System Calls225

Exception Dispatching225

User APC Dispatching225

Console Support225

User Callbacks226

File System Redirection226

Registry Redirection227

I/O Control Requests227

16-Bit Installer Applications228

Printing228

Restrictions228

User-Mode Debugging229

Kernel Support229

Native Support230

Windows Subsystem Support232

Image Loader232

Early Process Initialization234

DLL Name Resolution and Redirection235

Loaded Module Database238

Import Parsing242

Post-Import Process Initialization243

SwitchBack244

API Sets245

Hypervisor (Hyper-V)248

Partitions249

Parent Partition249

Child Partitions251

Hardware Emulation and Support254

Kernel Transaction Manager268

Hotpatch Support270

Kernel Patch Protection272

Code Integrity274

Conclusion276

Chapter 4Management Mechanisms277

The Registry277

Viewing and Changing the Registry277

Registry Usage278

Registry Data Types279

Registry Logical Structure280

Transactional Registry (TxR)287

Monitoring Registry Activity289

Process Monitor Internals289

Registry Internals293

Services305

Service Applications305

The Service Control Manager321

Service Startup323

Startup Errors327

Accepting the Boot and Last Known Good328

Service Failures330

Service Shutdown331

Shared Service Processes332

Service Tags335

Unified Background Process Manager336

Initialization337

UBPM API338

Provider Registration338

Consumer Registration339

Task Host341

Service Control Programs341

Windows Management Instrumentation342

Providers344

The Common Information Model and the Managed Object Format Language345

Class Association349

WMI Implementation351

WMI Security353

Windows Diagnostic Infrastructure354

WDI Instrumentation354

Diagnostic Policy Service354

Diagnostic Functionality356

Conclusion357

Chapter 5Processes, Threads, and Jobs359

Process Internals359

Data Structures359

Protected Processes368

Flow of CreateProcess369

Stage 1: Converting and Validating Parameters and Flags371

Stage 2: Opening the Image to Be Executed373

Stage 3: Creating the Windows Executive Process Object (PspAllocateProcess)376

Stage 4: Creating the Initial Thread and Its Stack and Context381

Stage 5: Performing Windows Subsystem–Specific Post-Initialization383

Stage 6: Starting Execution of the Initial Thread385

Stage 7: Performing Process Initialization in the Context of the New Process386

Thread Internals391

Data Structures391

Birth of a Thread398

Examining Thread Activity398

Limitations on Protected Process Threads401

Worker Factories (Thread Pools)403

Thread Scheduling408

Overview of Windows Scheduling408

Priority Levels410

Thread States416

Dispatcher Database421

Quantum422

Priority Boosts430

Context Switching448

Scheduling Scenarios449

Idle Threads453

Thread Selection456

Multiprocessor Systems458

Thread Selection on Multiprocessor Systems467

Processor Selection468

Processor Share-Based Scheduling470

Distributed Fair Share Scheduling471

CPU Rate Limits478

Dynamic Processor Addition and Replacement479

Job Objects480

Job Limits481

Job Sets482

Conclusion485

Chapter 6Security487

Security Ratings487

Trusted Computer System Evaluation Criteria487

The Common Criteria489

Security System Components490

Protecting Objects494

Access Checks495

Security Identifiers497

Virtual Service Accounts518

Security Descriptors and Access Control522

The AuthZ API536

Account Rights and Privileges538

Account Rights540

Privileges540

Super Privileges546

Access Tokens of Processes and Threads547

Security Auditing548

Object Access Auditing549

Global Audit Policy552

Advanced Audit Policy Settings554

Logon555

Winlogon Initialization556

User Logon Steps558

Assured Authentication562

Biometric Framework for User Authentication563

User Account Control and Virtualization566

File System and Registry Virtualization566

Elevation573

Application Identi cation (AppID)581

AppLocker583

Software Restriction Policies589

Conclusion590

Chapter 7Networking591

Windows Networking Architecture591

The OSI Reference Model592

Windows Networking Components594

Networking APIs597

Windows Sockets597

Winsock Kernel603

Remote Procedure Call605

Web Access APIs610

Named Pipes and Mailslots612

NetBIOS618

Other Networking APIs620

Multiple Redirector Support627

Multiple Provider Router627

Multiple UNC Provider630

Surrogate Providers632

Redirector633

Mini-Redirectors634

Server Message Block and Sub-Redirectors635

Distributed File System Namespace637

Distributed File System Replication638

Offline Files639

Caching Modes641

Ghosts643

Data Security643

Cache Structure643

BranchCache645

Caching Modes647

BranchCache Optimized Application Retrieval:SMB Sequence651

BranchCache Optimized Application Retrieval:HTTP Sequence653

Name Resolution655

Domain Name System655

Peer Name Resolution Protocol656

Location and Topology658

Network Location Awareness658

Network Connectivity Status Indicator659

Link-Layer Topology Discovery662

Protocol Drivers663

Windows Filtering Platform666

NDIS Drivers672

Variations on the NDIS Miniport677

Connection-Oriented NDIS677

Remote NDIS680

QoS682

Binding684

Layered Network Services685

Remote Access685

Active Directory686

Network Load Balancing688

Network Access Protection689

Direct Access695

Conclusion696

Index697

编辑推荐

《深入解析Windows操作系统(卷1)(英文版•第6版)》内容丰富，信息全面，适合众多Windows平台开发人员、系统管理员阅读。

作者简介

《深入解析Windows操作系统(卷1)(英文版•第6版)》是操作系统内核专家Russinovich等人的Windows操作系统原理的最新版著作，针对Windows7和Windows Server2008 R2进行了全面的更新，主要讲述Windows的底层关键机制、Windows的核心组件（包括进程／线程／作业、安全性、I／O系统、存储管理、内存管理、缓存管理、文件系统和网络），并分析了启动进程、关机进程以及缓存转储。书中提供了许多实例，读者可以借此更好地理解Windows的内部行为。

图书封面

---

 深入解析Windows操作系统下载 精选章节试读

---