深入解析Windows操作系统（卷2）

作者简介

《深入解析Windows操作系统(卷2)(英文版•第6版)》是操作系统内核专家Russinovich等人的Windows操作系统原理的最新版著作，针对Windows 7和Windows Server 2008 R2进行了全面的更新，主要讲述Windows的底层关键机制、Windows的核心组件（包括进程／线程／作业，安全性，I/O系统，存储管理、内存管理、缓存管理、文件系统和网络），并分析了启动进程、关机进程以及缓存转储。书中提供了许多实例，读者可以借此更好地理解Windows的内部行为。

书籍目录

Contents

Windows Internals, Sixth Edition, Part　　1

(See appendix for Part 1’s table of contents)

Chapter 8 I/O System　　1

I/O System Components　　1

The I/O Manager　　3

Typical I/O Processing　　4

Device Drivers　　5

Types of Device Drivers　　5

Structure of a Driver　　12

Driver Objects and Device Objects　　14

Opening Devices　　19

I/O Processing　　25

Types of I/O　　25

I/O Request to a Single-Layered Driver　　33

I/O Requests to Layered Drivers　　40

I/O Cancellation　　48

I/O Completion Ports　　53

I/O Prioritization　　58

Container Notifications　　65

Driver Verifier　　65

Kernel-Mode Driver Framework (KMDF)　　68

Structure and Operation of a KMDF Driver　　68

KMDF Data Model　　70

KMDF I/O Model　　74

User-Mode Driver Framework (UMDF)　　78

The Plug and Play (PnP) Manager　　81

Level of Plug and Play Support　　82

Driver Support for Plug and Play　　82

Driver Loading, Initialization, and Installation　　84

Driver Installation　　94

The Power Manager　　98

Power Manager Operation　　100

Driver Power Operation　　101

Driver and Application Control of Device Power　　105

Power Availability Requests　　105

Processor Power Management (PPM)　　108

Conclusion　　123

Chapter 9 Storage Management　　125

Storage Terminology　　125

Disk Devices　　126

Rotating Magnetic Disks　　126

Solid State Disks　　128

Disk Drivers　　131

Winload　　132

Disk Class, Port, and Miniport Drivers　　132

Disk Device Objects　　136

Partition Manager　　138

Volume Management　　138

Basic Disks　　139

Dynamic Disks　　141

Multipartition Volume Management　　147

The Volume Namespace　　153

Volume I/O Operations　　159

Virtual Disk Service　　160

Virtual Hard Disk Support　　162

Attaching VHDs　　163

Nested File Systems　　163

BitLocker Drive Encryption　　163

Encryption Keys　　165

Trusted Platform Module (TPM)　　168

BitLocker Boot Process　　170

BitLocker Key Recovery　　172

Full-Volume Encryption Driver　　173

BitLocker Management　　174

BitLocker To Go　　175

Volume Shadow Copy Service　　177

Shadow Copies　　177

VSS Architecture　　177

VSS Operation　　178

Uses in Windows　　181

Conclusion　　186

Chapter 10 Memory Management　　187

Introduction to the Memory Manager　　187

Memory Manager Components　　188

Internal Synchronization　　189

Examining Memory Usage　　190

Services Provided by the Memory Manager　　193

Large and Small Pages　　193

Reserving and Committing Pages　　195

Commit Limit　　199

Locking Memory　　199

Allocation Granularity　　199

Shared Memory and Mapped Files　　200

Protecting Memory　　203

No Execute Page Protection　　204

Copy-on-Write　　209

Address Windowing Extensions　　210

Kernel-Mode Heaps (System Memory Pools)　　212

Pool Sizes　　213

Monitoring Pool Usage　　215

Look-Aside Lists　　219

Heap Manager　　220

Types of Heaps　　221

Heap Manager Structure　　222

Heap Synchronization　　223

The Low Fragmentation Heap　　223

Heap Security Features　　224

Heap Debugging Features　　225

Pageheap　　226

Fault Tolerant Heap　　227

Virtual Address Space Layouts　　228

x86 Address Space Layouts　　229

x86 System Address Space Layout　　232

x86 Session Space　　233

System Page Table Entries　　235

64-Bit Address Space Layouts　　237

x64 Virtual Addressing Limitations　　240

Dynamic System Virtual Address Space Management　　242

System Virtual Address Space Quotas　　245

User Address Space Layout　　246

Address Translation　　251

x86 Virtual Address Translation　　252

Translation Look-Aside Buffer　　259

Physical Address Extension (PAE)　　260

x64 Virtual Address Translation　　265

IA64 Virtual Address Translation　　266

Page Fault Handling　　267

Invalid PTEs　　268

Prototype PTEs　　269

In-Paging I/O　　271

Collided Page Faults 　　272

Clustered Page Faults 　　272

Page Files　　273

Commit Charge and the System Commit Limit　　275

Commit Charge and Page File Size　　278

Stacks　　279

User Stacks　　280

Kernel Stacks　　281

DPC Stack　　282

Virtual Address Descriptors　　282

Process VADs　　283

Rotate VADs　　284

NUMA　　285

Section Objects　　286

Driver Verifier　　292

Page Frame Number Database　　297

Page List Dynamics　　300

Page Priority　　310

Modified Page Writer　　314

PFN Data Structures　　315

Physical Memory Limits　　320

Windows Client Memory Limits　　321

Working Sets　　324

Demand Paging　　324

Logical Prefetcher　　324

Placement Policy　　328

Working Set Management　　329

Balance Set Manager and Swapper　　333

System Working Sets　　334

Memory Notification Events　　335

Proactive Memory Management (Superfetch)　　338

Components　　338

Tracing and Logging　　341

Scenarios　　342

Page Priority and Rebalancing　　342

Robust Performance　　344

ReadyBoost　　346

ReadyDrive　　348

Unified Caching　　348

Process Reflection　　351

Conclusion　　354

Chapter 11 Cache Manager　　355

Key Features of the Cache Manager　　355

Single, Centralized System Cache　　356

The Memory Manager　　356

Cache Coherency　　356

Virtual Block Caching　　358

Stream-Based Caching　　358

Recoverable File System Support　　359

Cache Virtual Memory Management　　360

Cache Size　　361

Cache Virtual Size　　361

Cache Working Set Size 　　361

Cache Physical Size　　363

Cache Data Structures　　364

Systemwide Cache Data Structures　　365

Per-File Cache Data Structures　　368

File System Interfaces　　373

Copying to and from the Cache　　374

Caching with the Mapping and Pinning Interfaces　　374

Caching with the Direct Memory Access Interfaces　　375

Fast I/O　　375

Read-Ahead and Write-Behind　　377

Intelligent Read-Ahead　　378

Write-Back Caching and Lazy Writing　　379

Write Throttling　　388

System Threads　　390

Conclusion　　390

Chapter 12 File Systems　　391

Windows File System Formats　　392

CDFS　　392

UDF　　393

FAT12, FAT16, and FAT32　　393

exFAT　　396

NTFS　　397

File System Driver Architecture　　398

Local FSDs　　398

Remote FSDs　　400

File System Operation　　407

File System Filter Drivers　　413

Troubleshooting File System Problems　　415

Process Monitor Basic vs　　Advanced Modes　　415

Process Monitor Troubleshooting Techniques　　416

Common Log File System　　416

NTFS Design Goals and Features　　424

High-End File System Requirements　　424

Advanced Features of NTFS　　426

NTFS File System Driver　　439

NTFS On-Disk Structure　　442

Volumes　　442

Clusters　　442

Master File Table 　　443

File Record Numbers　　447

File Records　　447

File Names　　449

Resident and Nonresident Attributes　　453

Data Compression and Sparse Files　　456

The Change Journal File　　461

Indexing　　464

Object IDs　　466

Quota Tracking　　466

Consolidated Security　　467

Reparse Points 　　469

Transaction Support 　　469

NTFS Recovery Support　　477

Design 　　478

Metadata Logging　　479

Recovery 　　483

NTFS Bad-Cluster Recovery　　487

Self-Healing　　490

Encrypting File System Security　　491

Encrypting a File for the First Time　　494

The Decryption Process　　496

Backing Up Encrypted Files　　497

Copying Encrypted Files　　497

Conclusion　　498

Chapter 13 Startup and Shutdown　　499

Boot Process　　499

BIOS Preboot　　499

The BIOS Boot Sector and Bootmgr　　502

The UEFI Boot Process　　512

Booting from iSCSI　　514

Initializing the Kernel and Executive Subsystems　　514

Smss, Csrss, and Wininit　　522

ReadyBoot　　527

Images That Start Automatically　　528

Troubleshooting Boot and Startup Problems　　529

Last Known Good　　530

Safe Mode　　530

Windows Recovery Environment (WinRE)　　534

Solving Common Boot Problems　　537

Shutdown　　542

Conclusion　　545

Chapter 14 Crash Dump Analysis　　547

Why Does Windows Crash?　　547

The Blue Screen　　548

Causes of Windows Crashes　　549

Troubleshooting Crashes　　551

Crash Dump Files　　553

Crash Dump Generation　　559

Windows Error Reporting　　561

Online Crash Analysis　　563

Basic Crash Dump Analysis　　564

Notmyfault　　564

Basic Crash Dump Analysis　　565

Verbose Analysis　　567

Using Crash Troubleshooting Tools　　569

Buffer Overruns, Memory Corruption, and Special Pool　　569

Code Overwrite and System Code Write Protection　　573

Advanced Crash Dump Analysis　　574

Stack Trashes　　575

Hung or Unresponsive Systems　　577

When There Is No Crash Dump　　581

Analysis of Common Stop Codes　　585

0xD1 - DRIVER_IRQL_NOT_LESS_OR_EQUAL　　585

0x8E - KERNEL_MODE_EXCEPTION_NOT_HANDLED　　586

0x7F - UNEXPECTED_KERNEL_MODE_TRAP　　588

0xC5 - DRIVER_CORRUPTED_EXPOOL　　590

Hardware Malfunctions　　593

Conclusion　　594

Appendix: Contents of Windows Internals, Sixth Edition, Part 1　　595

Index　　599

编辑推荐

微软官方Windows权威著作最新版，深入剖析Windows技术内幕，大幅更新，涵盖Windows内核最新特性，带你身入Windows技术核心，了解Windows内部是如何工作的。全书内容丰富、信息全面，主要包括的Windows操作系统深度知识有：理解Windows的关键机制，包括系统服务分发和调度机制、启动和停机，以及注册表；挖掘Windows的安全模型，包括访问控制、特权和审计；利用内核调试器和其他的工具来检查内部系统结构；检查与进程、线程和作业相关的数据结构和算法；观察Windows如何管理虚拟内存和物理内存；理解NTFS的操作和格式，诊断文件系统访问问题；从上往下查看Windows的网络栈，包括映射、API、名称解析和协议驱动程序；诊断引导问题，执行崩溃分析。

内容概要

作者：（美国）拉希诺维奇（Mark Russinovich） （美国）所罗门（David Solomon） （加拿大）艾欧内斯库（Alex Ionescu）

媒体关注与评论

"在微软，我们一直用本书培训新员工……本书是深入理解Windows的绝佳入门书。"   --Windows之父Jim Allchin"每一位操作系统开发人员都应该拥有本书。" --微软技术院士、Windows NT首席设计师David Cutler"我想不出还有哪一本书比本书更具权威性。" --微软公司副总裁Ben Fathi

名人推荐

“在微软，我们一直用本书培训新员工……本书是深入理解Windows的绝佳入门书” ——Windows之父jim Allchin “每一位操作系统开发人员都应该拥有本书” ——微软技术院士、Windows NT首席设计师David Cutler "我想不还有哪一本书比本书更具权威性。” ——微软公司副总裁Ben Fathi

章节摘录

版权页：   插图：   Early in the boot process, the memory manager reads the Driver Verifier registry values to determine which drivers to verify and which Driver Verifier options you enabled. （Note that if you boot in safe mode, any Driver Verifier settings are ignored.） Subsequently, if you've selected at least one driver for verification, the kernel checks the name of every device driver it loads into memory against the list of drivers you've selected for verification, For every device driver that appears in both places,the kernel invokes the VfLoadDriver function, which calls other internal Vf* functions to replace the driver's references to a number of kernel functions with references to Driver Verifier-equivalent versions of those functions. For example, ExA//ocatePoo/is replaced with a call to VerifierAl/ocatePoo/. The windowing system driver （Win32k.sys） also makes similar changes to use Driver Verifier-equivalent functions. Now that we've reviewed how Driver Verifier is set up, we'II examine the six memory-related verification options that can be applied to device drivers: Special Pool, Pool Tracking, Force IRQL Checking,Low Resources Simulation, Miscellaneous Checks, and Automatic Checks Special Pool The Special Pool option causes the pool allocation routines to bracket pool allocations with an invalid page so that references before or after the allocation will result in a kernel-mode access violation, thus crashing the system with the finger pointed at the buggy driver. Special pool also causes some additional validation checks to be performed when a driver allocates or frees memory. When special pool is enabled, the pool allocation routines allocate a region of kernel memory for Driver Verifier to use. Driver Verifier redirects memory allocation requests that drivers under verification make to the special pool area rather than to the standard kernel-mode memory pools. When a device driver allocates memory from speaal pool, Driver Verifier rounds up the allocation to an evenpage boundary. Because Driver Verifier brackets the allocated page with invalid pages, if a device driver attempts to read or write past the end of the buffer, the driver will access an invalid page, and the memory manager will raise a kernel-mode access violation. Figure 10-36 shows an example of the special pool buffer that Driver Verifier allocates to a device driver when Driver Verifier checks for overrun errors.

---

 深入解析Windows操作系统（卷2）下载

---