Windows Server 2008 Internals
Course: WINTL
Duration: 5 Days
Level: III
On our website at:
http://www.verhoef-training.com/courses/WINTL.html
Course Summary
This 5-day instructor-led class, aimed at IT Professionals,
describes the internals of the Windows operating system
kernel (both 32-bit and 64-bit and updated for Windows
7 and Windows Server 2008 R2) and related core components
and mechanisms such as memory management, thread scheduling,
interrupt processing, time accounting, security, and crash
dump analysis. It shows you how to dig into the system
with advanced troubleshooting tools, such as the Kernel
Debugger and key tools from Sysinternals such as Process
Explorer and Process Monitor.
If you're an IT professionals deploying and supporting Windows
servers and workstations, this class will help you troubleshoot
difficult problems as well as understand the true meaning
behind key system performance counters. You will also
benefit by being able to understand the platform more
deeply, which enables understanding performance tradeoffs
as well as being able to debug system level issues more
effectively.
Topics Covered In This Course
Concepts and tools
- Windows O/S versions
- Foundation concepts and terms
- Digging into Windows Internals
System Architecture
- Requirements and design goals
- O/S Model
- Overview
- Key system components
System Mechanisms
- Trap dispatching
- Object manager
- Synchronization
- System worker threads
- Windows Global flags
- Kernel event log tracing
- WOW64
- User-mode debugging
- Image loader
- Hyper-V
- Kernel transaction manager
- Hotpatch support
Management mechanisms
- The registry
- Services
- WMI
- Windows Diagnostic Infrastructure
Processes, threads, and jobs
- Process internals
- Protected Processes
- Flow of CreateProcess
- Thread internals
- Worker factories
- Thread scheduling
- Job objects
Security
- Ratings
- System Components
- Protecting objects
- Account rights and privileges
- Auditing
- Logon
- UAC
- Software restriction policies
I/O System
- Components
- Device drivers
- Processing
- Kernel-Mode Driver Framework (KMDF)
- User-mode driver framework (UMDF)
- PnP manager
- Power Manager
Storage Management
- Terminology
- Disk drivers
- Volume management
- Drive encryption
- Volume Shadow Copy Service
Memory Management
- Introduction
- Services
- Kernel-mode heaps (System Memory pools)
- Heap manager
- Virtual Address Space layouts
- Address translation
- Page fault handling
- Stacks
- Virtual Address descriptors
- Driver verifier
- Page frame number database
- Physical memory limits
- Working sets
- Proactive memory management (superfetch)
Cache Manager
- Features
- VMM
- Size
- Data structures
- File system interfaces
- Fast I/O
- Read ahead and write behind
File systems
- Formats
- Architecture
- Troubleshooting
- Common log file system
- NTFS design goals
- NTFS file system driver
- NTFS on-disk structure
- NTFS recovery support
- Encrypting file system security
Networking
- Architecture
- Network functions
- Multiple redirector support
- Name resolution
- Location and topology
- Protocol drivers
- NDIS drivers
- Binding
- Layered network services
Startup and shutdown
- Boot process
- Troubleshooting startup and shutdown
- Shutdown
Crash dump analysis
- Why?
- BSOD
- Troubleshooting crashes
- Error reporting
- Online error analysis
- Basic crash dump analysis
- Crash troubleshooting tools
- Advanced crash dump analysis
What You Can Expect
You will learn:
- How to properly configure Windows
- To optimize performance and troubleshoot Windows operating
systems
- Principles required for device driver design
- How the operation and performance of each system mechanism
is reflected
- the various system monitoring tools
- How to perform problem analysis without necessarily learning
how to
- troubleshoot or debug windows
Recommended Prerequisites
Attendees should be familiar with basic operating system
principles, such as virtual memory, multitasking, processes
& threads, file systems, etc. Experience administering
or developing on Windows systems is also required.
Training Style
This 5 day hands-on version of the class in which labs that
allow students to gain practical experience delving into
Windows OS internals and troubleshooting system problems.
The tools used include the Microsoft Kernel Debugger,
tools from Sysinternals as well as other Microsoft support
tool sets.
Unlike most hands-on classes there are no scheduled "lab
periods" in this class. Instead, the experiments in this
class are "continuous" throughout all 5 days – after
the topics have been explained, the students will go use
the appropriate tool to explore that area.
Every student attending a Verhoef Training class will receive
a certificate good for $100 toward their next public class taken
within a year.
You can also buy "Verhoef Vouchers" to get a discounted rate for a
single student in any of our public or web-based classes.
Contact your account manager or our sales office for details.
