Windows Internels 4th Edition --Just a collection

最新推荐文章于 2021-06-16 22:36:08 发布
最新推荐文章于 2021-06-16 22:36:08 发布
阅读量573 收藏
点赞数
文章标签: windows application system manager service security

1. System component

Component

Processor Execution

Responsibilities

Master Boot Record (MBR) code

16-bit real mode

Reads and loads partition boot sectors.

Boot sector

16-bit real mode

Reads the root directory to load Ntldr.

Ntldr

16-bit real mode and 32-bit or 64-bit protected mode; turns on paging

Reads Boot.ini, presents boot menu, and loads Ntoskrnl.exe, Bootvid.dll, Hal.dll, and boot-start device drivers. If a 32-bit installation is booted, switches to 32-bit protected mode; if a 64-bit installation is booted, switches to 64-bit long mode.

Ntdetect.com

16-bit real mode

Performs hardware detection for Ntldr.

Ntbootdd.sys

Protected mode

Device driver used for disk I/O on SCSI and Advanced Technology Attachment (ATA) systems where the BIOS is not used.

Ntoskrnl.exe

Protected mode with paging

Initializes executive subsystems and boot and system-start device drivers, prepares the system for running native applications, and runs Smss.exe.

Hal.dll

Protected mode with paging

Kernel-mode DLL that interfaces Ntoksnrl and drivers to the hardware.

Smss

Native application

Loads Windows subsystem, including Win32k.sys and Csrss.exe, and starts Winlogon process.

Winlogon

Native application

Starts the service control manager (SCM), starts the Local Security Subsystem (LSASS), and presents interactive logon dialog box.

Service control manager (SCM)

Native application

Loads and initializes auto-start device drivers and Windows services

 

2. Paged Pool & Nonpaged Pool

  • Nonpaged pool Consists of ranges of system virtual addresses that are guaranteed to reside in physical memory at all times and thus can be accessed at any time (from any IRQL level and from any process context) without incurring a page fault. One of the reasons nonpaged pool is required is because of the rule described in Chapter 2: page faults can't be satisfied at DPC/dispatch level or above.

  • Paged pool A region of virtual memory in system space that can be paged in and out of the system. Device drivers that don't need to access the memory from DPC/dispatch level or above can use paged pool. It is accessible from any process context.
v1v2com
关注
  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
windows internals(深入解析windows操作系统)笔记
a3125504x的博客
09-26 8843
1.R0运行内核态R3运行用户态,R1.R2闲置 2.侵入式调试和非侵入式调试   侵入式:可以检查和改变进程的内存,设置断点,执行其他的调试信息   非侵入式:并不作为一个调试器负载到目标进程。可以检查和改变进程中的内存,不能设置断点。 1.Windows是一个对称多处理器操作系统(SMP)。没有主处理器,操作系统和线程可以被调度到任何处理器上运行,所有处理器共享一个内存处理
Digital Signal Processing 4th Edition -- 1
03-30
Digital Signal Processing 4th Edition 作者: John G. Proakis / Dimitris K. Manolakis 扫描版,1/3
Windows Internels 5th Edition
07-22
原版PDF,非常不错,多看几遍,收获很大
Windows Internals, Part 1 7th 2017第7版 pdf(conv) 0分
05-12
Title: Windows Internals, Part 1: System architecture, processes, threads, memory management, and more, 7th Edition pdf转化版 Author: Alex Ionescu, David A. Solomon, Pavel Yosifovich Length: 800 pages Edition: 7 Language: English Publisher: Microsoft Press Publication Date: 2017-05-05 ISBN-10: B0711FDMRR
mvc4.0 html.actionlink comfired,Professional JavaScript for Web Developers, 4th Edition 18-28
weixin_34293588的博客
06-16 780
19Scripting FormsWHAT’S IN THIS CHAPTER?➤➤ Understanding form basics➤➤ Text box validation and interaction➤➤ Working with other form controlsWROX.COM DOWNLOADS FOR THIS CHAPTERPlease note that all the...
Microsoft Windows Internals 4th -- Chapter1 Concepts and Tools
badbad_boy的专栏
06-04 1263
Windows Operating System VersionsTable 1-1 Windows Operating System Releases Windows NT vs. Windows 95From the initial announcement of Windows NT, Microsoft made it clear that it w
This Week in Spring (Spring 4 Edition!) - December 17th, 2013
BLOG域名:programb.blog.csdn.net
05-17 160
Engineering Josh Long December 17, 2013 Welcome to another installment of This Week in Spring! This week, well, I’m taking some vacation ???? That, of course, means that this week’s roundup was even more fun for me - I got to play with the just-released Sp
O'Reilly - .NET Framework Essentials, 2nd Edition--第二章
aoding8407的博客
09-26 209
CLR: manage and execute code written in .NET languages and is the basis of the .NET architecture. 2.1 CLR Environment How does the CLR work? CLR is the runtime engine that loads r...
Digital Signal Processing 4th Edition -- 3
03-30
Digital Signal Processing 4th Edition 作者: John G. Proakis / Dimitris K. Manolakis 扫描版,3/3
Digital Signal Processing 4th Edition -- 2
03-30
Digital Signal Processing 4th Edition 作者: John G. Proakis / Dimitris K. Manolakis 扫描版,2/3
C# in Depth 4th Edition-2019 深入理解C#英文版
最新发布
11-25
《C# in Depth 4th Edition》是Jon Skeet撰写的一本深入解析C#编程语言的书籍,由著名程序员Eric Lippert作序。这本书针对的是C#的第四版,被广大开发者誉为深入理解C#的必备读物。书中详细介绍了C#的关键特性和最新...
How a garbage collector works----From Thinking in Java the 4th edition
邹创
07-16 877
If you come from a programming language whereallocating objects on the heap is expensive, you may naturally assume thatJava’s scheme of allo
O'Reilly - .NET Framework Essentials, 2nd Edition
aoding8407的博客
09-26 445
如果你想了解.NET Framework 的基础那么这本书值得 一看!我觉得只看前三章就可以了,后面的可以选着看前面三章看完了,你对.NET Framework 就有个大致的了解了。这样对于开发asp.net的我已经足够了!下面是我自己的读书笔记: 开始读这本书,刚看完了第一章,觉得写的还不错,至少前言部分就已经吸引我了 早就开始知道一点.NET FrameWork,但是也只是知...
Core Java Volume I - Fundamentals (10th) 1-8章 阅读笔记
wangrl的博客
11-03 1187
001. reasure [v] say or do something to remove the doubts and fears of someone. 002. website     http://horstmann.com/corejava 003. deploy [v] move (troops) into position for military action.
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值