Windows Operating System Internals for Developers

Instructors: David Solomon or Alex Ionescu
Duration: 5 days with hands-on experiments or 3 days lecture only 

Description

This class, aimed at developers, describes the internals of the Windows operating system kernel (both 32-bit and 64-bit and updated for Windows 7 and Windows Server 2008 R2) and related core components and mechanisms such as memory management, thread scheduling, interrupt processing, time accounting, security, and crash dump analysis. It shows you how to dig into the system with advanced troubleshooting tools, such as the Kernel Debugger and key tools from Sysinternals such as Process Explorer and Process Monitor. Having this knowledge helps developers design for performance and debug more effectively.

NOTE: This class does not cover networking internals, Windows API programming, or device driver details. In addition, this class is not a feature overview of Windows.

Hands on Experiments

Enjoy rolling up your sleeves and getting your hands dirty? Then choose the 5 day hands-on version of the class, which incorporates experiments that allow students to gain practical experience delving into Windows OS internals and troubleshooting system problems. The tools used include the Microsoft Kernel Debugger and key tools from Sysinternals..

Unlike most hands-on classes there are no scheduled "lab periods". Instead, the experiments in this class are "continuous" throughout all 5 days--after the instructor explains a topic, the students will go use the appropriate tool to explore that area.

For public classes, each student must bring their own laptop (see setup instructions). For private onsite classes, a computer training room can be used, but the class can also be done in a regular conference room with tables if attendees bring their own laptops.

Course Objectives

• Understand core system mechanisms work
• Explore internal system data structures using kernel debugger
• Understand process, thread, and interrupt activity
• Grasp scheduling algorithms
• Understand the boot/startup process
• Describe the role of each key system process
• Understand how Windows manages virtual and physical memory
• Navigate key I/O system structures
• Describe the Windows security authorization and authentication mechanisms
• Use Process Monitor to troubleshoot application and system errors
• Analyze kernel crashes and system hangs

Prerequisites

Attendees should be familiar with basic operating system principles, such as virtual memory, multitasking, processes & threads, file systems, etc. Experience administering or developing on Windows systems is helpful, though not mandatory.

Quotes

Acclaimed author and Windows Server expert Mark Minasi said after attending: "Administrators have to constantly answer questions like 'what IS that program in Task Manager, where did it come from and can I get rid of it safely?' or 'why is my computer so slow?' or an old favorite, 'how large should my pagefile be?' I got the answers to those questions and am putting what I've learned to work immediately. My head was stuffed by the time that I left, chock-full of useful things. Rarely does a minute go by that you don't either get a better understanding of some part of Windows, or pick up a tip about how to make some part of the system better. In my experience, the best seminars all leave you delighted and wishing for more, and yours did... "

Edwin van Mierlo, Senior Engineer at a Fortune 500 company, said this after the September 2005 seminar in San Francisco: "I must say that from all courses/seminars I have been to in my professional career, this is now the absolute number one, in regards to content, format, pace, and technology depth. I for sure will be applying these techniques to my daily routine and it already changed the way I troubleshoot some of the problems which I am facing daily."

One Microsoft employee said: "I didn't know it was possible for any one person to know this much about NT. This was the best training course I've ever taken. It really opened my eyes to what NT actually does. This is a must for any serious NT engineer."

Here's a sampling of other positive comments provided by students that attended past seminars:

• "I wish I had taken this years ago"
• "The information given in this class should be required for all Windows engineers/administrators."
• "The seminar was more worthwhile overall than all other seminars I've taken to date."
• "Every Microsoft consultant should take this course." (by a Microsoft employee)
• "This course holds the key to understanding Windows."
• "After my MCSE studies I thought I knew Windows. The tools and insights I have gained will save me countless hours running my network and troubleshooting. I can't wait to get back and tackle some of those annoying 'why did it do that?' problems."
• "Should be required training for anyone responsible for Windows software development, administration, or design."

Topic Outline