Shopping Cart :Check Out

Windows Internal Workshop(5 Days)

Course Introduction:

This class, aimed at IT/support professionals and system administrators, describes the internals of the Windows operating system kernel (updated for Windows 7,8) and related core components and mechanisms such as memory management, thread scheduling, interrupt processing, time accounting, security, and crash dump analysis.

It shows you how to dig into the system with advanced troubleshooting tools, such as the Kernel Debugger and key tools from system Internals such as Process Explorer and Process Monitor.

This will help you help you troubleshoot difficult problems as well as understand the true meaning behind key system performance counters.


Attendees should be familiar with basic operating system principles, such as virtual memory, multitasking, processes & threads, file systems, etc. Experience administering or developing on Windows systems is helpful, though not mandatory

Course Contents

Day 1 Day 2 Day 3
Introduction Services and Process Scheduling Memory & File System
1.Basic Concepts and Tools 1.Management Mechanisms 1.Memory Management
-Foundation Concepts and Terms -The Registry -Introduction to the Memory Manager
-Digging into Windows Internals -Services -Services the Memory Manager Provides
2.System Architecture 2.Processes,Threads, and Jobs -Kernel-Mode Heaps(System Memory Pools)
-Requirements and Design Goals -Windows Driver Kit (WDK) Installation -Handling I/O Requests
-Operating System Model -Process Internals -Heap Manager
-Architecture Overview -Protected Processes/td> -Virtual address Space layouts
-Key Systems components -Flow of CreateProcess -Address Translation
3.Systems Mechanisms -Thread Internals -Page Fault Handling
-Trap Dispatching -Examining Thread activity -Stacks
-Object Manager -Worker Factories(Thread Pools) -Physical Memory Limits
-Synchronization -Thread Scheduling 2.File Systems
-System Worker Threads -Job Objects -Windows File system Formats
-Windows Golbal Flags -File System Driver Architecture
-Kernel Event Tracing -Troubleshotting File System Problems
-User-Mode Debugging -Common Log File System
-NTFS Design Goals and Features
-NTFS File System Driver
-NTFS On-Disk Structure
-Encrypting File System Security
Day 4 Day 5
IO System Network &Crash Dump Analysis
1.I/O System 1.Networking
-I/O System Components -Windows Networking Architecture
-Device Drivers -Networking APIs
-I/o Processing -Name Resolution
-Introduction to the Windows Driver Model(WDM) -Location and Topology
-Kernel-Mode Driver Framework(KMDF) -Protocol Drivers
-User-Mode Driver Framework(UMDF) -NDIS Drivers
-The Plug and Play(PnP)Manager -Binding
-The Power Manager -Layered Network Services
-2.Startup and Shutdown
-Boot process
-Troubleshooting Boot and Startup Problems
3.Crash Dump Analysis
-Why Does Windows Crash?
-The Blue Screen
-Troubleshootng Crashes
-Crash Dump Files
-Windows Error Reporting
-Online Crash Analysis
-Basic Crash Dump Analysis
-Using Crash Troubleshooting Tools

Training Programs