Zoom Outline PDF View  or  Email Back to Schedule for New York


Windows Server 2008 Internals




SUMMARY:   This 5-day instructor-led class, aimed at IT Professionals, describes the internals of the Windows operating system kernel (both 32-bit and 64-bit and updated for Windows 7 and Windows Server 2008 R2) and related core components and mechanisms such as memory management, thread scheduling, interrupt processing, time accounting, security, and crash dump analysis. It shows you how to dig into the system with advanced troubleshooting tools, such as the Kernel Debugger and key tools from Sysinternals such as Process Explorer and Process Monitor.
If you're an IT professionals deploying and supporting Windows servers and workstations, this class will help you troubleshoot difficult problems as well as understand the true meaning behind key system performance counters. You will also benefit by being able to understand the platform more deeply, which enables understanding performance tradeoffs as well as being able to debug system level issues more effectively.

PREREQUISITES:   Attendees should be familiar with basic operating system principles, such as virtual memory, multitasking, processes & threads, file systems, etc. Experience administering or developing on Windows systems is also required.

DURATION:   5 days

APPROACH:   This 5 day hands-on version of the class in which labs that allow students to gain practical experience delving into Windows OS internals and troubleshooting system problems. The tools used include the Microsoft Kernel Debugger, tools from Sysinternals as well as other Microsoft support tool sets.
Unlike most hands-on classes there are no scheduled "lab periods" in this class. Instead, the experiments in this class are "continuous" throughout all 5 days – after the topics have been explained, the students will go use the appropriate tool to explore that area.

OBJECTIVES:   You will learn:
  • How to properly configure Windows
  • To optimize performance and troubleshoot Windows operating systems
  • Principles required for device driver design
  • How the operation and performance of each system mechanism is reflected
  • the various system monitoring tools
  • How to perform problem analysis without necessarily learning how to
    • troubleshoot or debug windows

COURSE CONTENT:  
  1. Concepts and tools
    • Windows O/S versions
    • Foundation concepts and terms
    • Digging into Windows Internals
  2. System Architecture
    • Requirements and design goals
    • O/S Model
    • Overview
    • Key system components
  3. System Mechanisms
    • Trap dispatching
    • Object manager
    • Synchronization
    • System worker threads
    • Windows Global flags
    • Kernel event log tracing
    • WOW64
    • User-mode debugging
    • Image loader
    • Hyper-V
    • Kernel transaction manager
    • Hotpatch support
  4. Management mechanisms
    • The registry
    • Services
    • WMI
    • Windows Diagnostic Infrastructure
  5. Processes, threads, and jobs
    • Process internals
    • Protected Processes
    • Flow of CreateProcess
    • Thread internals
    • Worker factories
    • Thread scheduling
    • Job objects
  6. Security
    • Ratings
    • System Components
    • Protecting objects
    • Account rights and privileges
    • Auditing
    • Logon
    • UAC
    • Software restriction policies
  7. I/O System
    • Components
    • Device drivers
    • Processing
    • Kernel-Mode Driver Framework (KMDF)
    • User-mode driver framework (UMDF)
    • PnP manager
    • Power Manager
  8. Storage Management
    • Terminology
    • Disk drivers
    • Volume management
    • Drive encryption
    • Volume Shadow Copy Service
  9. Memory Management
    • Introduction
    • Services
    • Kernel-mode heaps (System Memory pools)
    • Heap manager
    • Virtual Address Space layouts
    • Address translation
    • Page fault handling
    • Stacks
    • Virtual Address descriptors
    • Driver verifier
    • Page frame number database
    • Physical memory limits
    • Working sets
    • Proactive memory management (superfetch)
  10. Cache Manager
    • Features
    • VMM
    • Size
    • Data structures
    • File system interfaces
    • Fast I/O
    • Read ahead and write behind
  11. File systems
    • Formats
    • Architecture
    • Troubleshooting
    • Common log file system
    • NTFS design goals
    • NTFS file system driver
    • NTFS on-disk structure
    • NTFS recovery support
    • Encrypting file system security
  12. Networking
    • Architecture
    • Network functions
    • Multiple redirector support
    • Name resolution
    • Location and topology
    • Protocol drivers
    • NDIS drivers
    • Binding
    • Layered network services
  13. Startup and shutdown
    • Boot process
    • Troubleshooting startup and shutdown
    • Shutdown
  14. Crash dump analysis
    • Why?
    • BSOD
    • Troubleshooting crashes
    • Error reporting
    • Online error analysis
    • Basic crash dump analysis
    • Crash troubleshooting tools
    • Advanced crash dump analysis

RW/09

© 2007 Verhoef Training, Inc.
Schedule Dates

Course offered as
Inhouse or Public

Date Location State

Copyright © 2007 - Verhoef Group of Companies - All Rights Reserved