Windows Operating System Internals for Developers
Instructors: David Solomon or
Alex Ionescu
Duration: 5 days with hands-on experiments or 3 days lecture
only
Description
This class, aimed at developers, describes the internals of the
Windows operating system kernel (both 32-bit and 64-bit and updated for
Windows 7 and Windows Server 2008 R2) and related core components and
mechanisms such as memory management, thread scheduling, interrupt
processing, time accounting, security, and crash dump analysis. It shows
you how to dig into the system with advanced troubleshooting tools, such
as the Kernel Debugger and key tools from
Sysinternals
such as Process Explorer and Process Monitor. Having this knowledge helps developers design for
performance and debug more effectively.
NOTE: This class does not cover networking internals,
Windows API programming, or device driver details. In addition, this
class is not a feature overview of Windows.
Hands on Experiments
Enjoy rolling up your sleeves and getting your hands dirty? Then
choose the 5 day hands-on version of the class, which incorporates
experiments that allow students to gain practical experience delving
into Windows OS internals and troubleshooting system problems. The tools
used include the
Microsoft Kernel Debugger and key tools from
Sysinternals..
Unlike most hands-on classes there are no scheduled "lab periods".
Instead, the experiments in this class are "continuous" throughout all 5
days--after the instructor explains a topic, the students will go use
the appropriate tool to explore that area.
For public classes, each student must bring their own laptop (see
setup instructions). For private onsite classes, a computer training
room can be used, but the class can also be done in a regular conference
room with tables if attendees bring their own laptops.
Course Objectives
• Understand core system mechanisms work •
Explore internal system data structures using kernel debugger •
Understand process, thread, and interrupt activity • Grasp scheduling
algorithms • Understand the boot/startup process • Describe the
role of each key system process • Understand how Windows manages
virtual and physical memory • Navigate key I/O system structures •
Describe the Windows security authorization and authentication
mechanisms • Use Process Monitor to troubleshoot application and
system errors • Analyze kernel crashes and system hangs
Prerequisites
Attendees should be familiar with basic operating system
principles, such as virtual memory, multitasking, processes & threads,
file systems, etc. Experience administering or developing on Windows
systems is helpful, though not mandatory.
Quotes
Acclaimed author and Windows Server expert Mark Minasi said after
attending: "Administrators have to constantly answer questions like
'what IS that program in Task Manager, where did it come from and can I
get rid of it safely?' or 'why is my computer so slow?' or an old
favorite, 'how large should my pagefile be?' I got the answers to those
questions and am putting what I've learned to work immediately. My head was stuffed by the time that I left, chock-full of useful things. Rarely does a minute go by that you don't either get a better understanding of some part of
Windows, or pick up a tip about how to make some part of the system better.
In my experience, the best seminars all leave you delighted and wishing
for more, and yours did... "
Edwin van Mierlo, Senior Engineer at a Fortune 500 company, said this
after the September 2005 seminar in San Francisco: "I must say that
from all courses/seminars I have been to in my professional career, this
is now the absolute number one, in regards to content, format, pace, and
technology depth. I for sure will be applying these techniques to my
daily routine and it already changed the way I troubleshoot some of the
problems which I am facing daily."
One Microsoft employee said: "I didn't know it was possible for
any one person to know this much about NT. This was the best training
course I've ever taken. It really opened my eyes to what NT actually
does. This is a must for any serious NT engineer."
Here's a sampling of other positive comments provided by students
that attended past seminars:
- "I wish I had taken this years ago"
- "The information given in this class should be required for
all Windows engineers/administrators."
- "The seminar was more worthwhile overall than all other
seminars I've taken to date."
- "Every Microsoft consultant should take this course." (by a
Microsoft employee)
- "This course holds the key to understanding Windows."
- "After my MCSE studies I thought I knew Windows. The
tools and insights I have gained will save me countless hours
running my network and troubleshooting. I can't wait to get back and
tackle some of those annoying 'why did it do that?' problems."
- "Should be required training for anyone responsible for
Windows software development, administration, or design."
Topic Outline
|