Course Title

"Charting the Course ...

... to Your Success!"

Windows 2008 R2 Internals Part 2 (Custom for Wells Fargo)

Course Summary

Description

This class is a combination of lecture and hands-on exercises designed to increase the skills and understanding of experienced Windows 2008R2 Support and Admin specialists. It includes a variety of topics that should be selected by the client for maximum benefit.

Topics

 I/O System  File Systems  Memory Management  Crash Dump Analysis  Cache Manager

Audience

This course is intended for IT Professional technical specialists who work in the complex computing environment of a medium to large company and are responsible for the underlying Microsoft technologies that support a business application infrastructure in Windows Server 2008 and Windows Server 2008 R2.

Prerequisites

Up to one year of experience managing Windows Server 2008 and/or Windows Server 2008 R2 in a medium-to-large networking environment of multiple physical locations. At least two years of experience configuring and managing Windows Vista or Windows 7 clients Experience managing applications and network technologies in an enterprise environment, which may include network services and resources such as messaging, databases, file and print, a firewall, Internet access, an intranet, Public Key Infrastructure, remote access, remote desktop, virtualization, and client computer management.

Duration

20 – 40 hours depending upon client topic selections

Due to the nature of this material, this document refers to numerous hardware and software products by their trade names. References to other companies and their products are for informational purposes only, and all trademarks are the properties of their respective companies. It is not the intent of ProTech Professional Technical Services, Inc. to use any of these names generically

PT9207_WINDOWS2008R2INTERNALSPART2.DOC

"Charting the Course ...

... to Your Success!"

Windows 2008 R2 Internals Part 2 (Custom for Wells Fargo)

Course Outline

I. I/O System 3. Multipartition Volume Management A. I/O System Components 4. The volume Namespace 1. The I/O Manager 5. Volume I/O Operation 2. Typical I/O Processing 6. Virtual Disk Service B. Device Drivers E. Virtual hard Disk Support 1. Types of Device Drivers 1. Attaching VHDs 2. Structure of a Driver 2. Nested File Systems 3. Driver Objects and Device Objects F. BitLocker Drive Encryption 4. Opening Devices 1. Encryption keys C. I/O Processing 2. Trusted Platform Module (TPM) 1. Types of I/O 3. Bitlocker Boot Process 2. I/O Request to a Single-Layered Driver 4. Bitlocker Key Recovery 3. I/O Requests to Layered Drivers 5. Full-Volume Encryption Driver 4. I/O Cancellation 6. BitLocker Management 5. I/O Completion Ports 7. BitLocker to Go 6. I/O Prioritization G. Volume Shadow Copy Service 7. Container Notifications 1. Shadow Copies 8. Driver Verifier 2. VSS Architecture D. Kernel-Mode Driver Framework (KMDF) 3. VSS Operation 1. Structure and Operation of a KMDF Driver 4. Uses in Windows 2. KMDF Data Model H. Conclusion 3. KMDF I/O Model E. User-Mode Driver Framework (UMDF) III. Memory Management F. The Plug and Play (PnP) Manger A. Introduction to the Memory Manager 1. Level of Plug and Play Support 1. Memory Manager Components 2. Driver Support for Plug and Play 2. Internal Synchronization 3. Driver Loading, Initialization, and Installation 3. Examining Memory Usage 4. Driver Installation B. Services the memory Manager Provides G. The Power Manager 1. Large and Small Pages 1. Power manager Operation 2. Reserving and Committing Pages 2. Driver Power Operation 3. Commit Limit 3. Driver and Application Control of Device 4. Locking Memory Allocation Granularity Power 5. Shared Memory and Mapped Files 4. Power Availability Requests 6. Protecting memory 5. Processor Power Management (PPM) 7. No Execute Page Protection H. Conclusion 8. Copy on Write 9. Address Windowing Extensions II. Storage Management C. Kernel-Mode Heaps (System Memory Pools) A. Storage Terminology 1. Pool Sizes B. Disk Drivers 2. Monitoring Pool Usage 1. Rotating Magnetic Disks 3. Look Aside Lists 2. Solid State Disks D. Heap Manager C. Volume Management 1. Types of Heaps 1. Winload 2. Heap Manager Structure 2. Disk Class, Port, and Miniport Drivers 3. Heap Synchronization 3. Disk Device Objects 4. The Low Fragmentation heap 4. Partition Manager 5. Heap Security Features D. Volume Management 6. Heap Debugging Features 1. Basic disks 7. Pageheap 2. Dynamic Disks 8. Fault tolerant Heap

PT9207_WINDOWS2008R2INTERNALSPART2.DOC

"Charting the Course ...

... to Your Success!"

Windows 2008 R2 Internals Part 2 (Custom for Wells Fargo)

Course Outline (cont’d)

6. System Working Sets E. Virtual Address Space Layouts 7. Memory Notification Events 1. x86 Address Space Layouts P. Proactive memory Management (SuperFetch) 2. x86 System Address Space Layout 1. Components 3. x86 Session Space 2. Tracing and Logging 4. System Page Table Entries 3. Scenarios 5. 64-Bit Address Space layouts 4. Page Priority and Rebalancing 6. x64 Virtual Addressing Limitations 5. Robust Performance 7. Dynamic System Virtual Address Space 6. ReadyBoost Management 7. ReadyDrive 8. System Virtual Address Space Quotas 8. Unified Caching 9. User Address Space Layout 9. Process Reflection F. Address Translation Q. Conclusion 1. X86 Virtual Address Translation 2. Translation Look-Aside Buffer IV. Cache Manager 3. Physical Address Extension (PAE) A. Key Features of the Cache Manager 4. X64 Virtual Address Translation 1. Single, Centralized System Cache 5. IA64 Virtual Address Translation 2. The Memory Manager G. Page Fault Handling 3. Cache Coherency 1. Invalid PTEs 4. Virtual Block Caching 2. Prototype PTEs 5. Steam-Based Caching 3. In-paging I/O 6. Recoverable File System Support 4. Collided page Faults B. Cache Virtual Memory Management 5. Clustered Page Faults C. Cache Size 6. Page Files 1. Cache Virtual Size 7. Commit charge and the System Commit 2. Cache Working Set Size Limit 3. Cache Physical Size 8. Commie charge and Page File Size D. Cache Data Structures H. Stacks 1. Systemwide Cache Data Structures 1. User Stacks 2. Pre-File Cache Data Structures 2. Kernel Stacks E. File System Interfaces 3. DPC Stack 1. Copying to and from the Cache I. Virtual Address Descriptors 2. Caching with the mapping and Pinning 1. Process VADs Interfaces 2. Rotate VAADs 3. Caching with the Direct memory Access J. NUMA Interfaces K. Section Objects F. Fast I/O L. Driver Verifier G. Read Ahead and Write Behind M. Page Frame Number Database 1. Intelligent Read-Ahead 1. Page List Dynamics 2. Write-Back Caching andLazy Writing 2. Page Priority 3. Write Throttling 3. Modified Page Writer 4. System Threads 4. PFN Data Structures H. Conclusion N. Physical Memory Limits 1. Windows Client Memory Limits V. File Systems O. Working Sets A. Windows File System Formats 1. Demand Paging 1. CDFS 2. Logical Prefetcher 2. UDF 3. Placement policy 3. FAT12, FAT16, and FAT32 4. Working Set Management 4. ExFAT 5. Balance Set manager and Swapper 5. NTFS

PT9207_WINDOWS2008R2INTERNALSPART2.DOC

"Charting the Course ...

... to Your Success!"

Windows 2008 R2 Internals Part 2 (Custom for Wells Fargo)

Course Outline (cont’d)

B. File System Driver Architecture 4. Booting from iSCSI 1. Local FSDs 5. Initializing the Kernel and Executive 2. Remote FSDs Subsystems 3. File System Operation 6. Smss, Csrss, and Wininit 4. File System Filter Drivers 7. ReadyBoot C. Troubleshooting File System Problems 8. Images That Start Automatically 1. Process Monitor Basic vs. Advanced Modes B. Troubleshooting boot and Startup Problems 2. Process Monitor Troubleshooting 1. Last Known Good Techniques 2. Safe Mode D. Common Log File Systems 3. Windows Recovery Environment (WinRE) E. NTFS Design Goals and Features 4. Solving Common Boot Problems 1. High-end file System Requirements C. Shutdown 2. Advanced Features of NTFS D. Conclusion F. NTFS File System Driver G. NTFS On-Disk Structure VII. Crash Dump Analysis 1. Volumes A. Why Does Windows Crash? 2. Clusters B. The Blue Screen 3. Master File Table 1. Causes of Windows Crashes 4. File Record Nmbers C. Troubleshooting Crashes 5. File Records D. Crash Dump Files 6. File Names 1. Crash Dump Generation H. Resident and Nonresident Attributes E. Windows Error Reporting I. Data Compression and Sparse Files F. Online Crash Analysis J. The Change Journal File G. Basic Crash Dump Analysis 1. Indexing 1. Notmyfault 2. Object Ids 2. Basic Crash Dump Analysis 3. Quota Tracking 3. Verbose Analysis 4. Consolitated Security H. Using Crash Troubleshooting Tools 5. Reparse Points 1. Buffer Overruns, Memory Corruption, and 6. Transaction Support Special Pool K. NTFS Recovery Support 2. Code Overwrite and System Code Write 1. Design Protection 2. Metadata Logging I. Advanced Crash Dump Analysis 3. Recovery 1. Stack Trashes 4. NTFS Bad-cluster Recovery 2. Hung or Unresponsive Systems 5. Self-Healing 3. When There is No Crash Dump L. Encrypting File System Security J. Analysis of Common Stop Codes 1. Encrypting a File for the First Time 1. 0xD1- 2. The Decryption Process DRIVER_IRQL_NOT_LESS_OR_EQUAL 3. Backing Up Encrypted Files 2. OX8E_- 4. Copying encrypted Files KERNEL_MODE_EXCEPTION_NOT_HAND M. Conclusion LED 3. OX7F- VI. Startup and Shutdown UNEXPECTED_KERNEL_MODE_TRAP A. Boot Process 4. OXC5- DRIVER_CORRUPTED_EXPOOL 1. BIOS Preboot 5. Hardware Malfunctions 2. The BIOS Boot Sector and Bootmgr K. Conclusion 3. The UEFI Boot Process

PT9207_WINDOWS2008R2INTERNALSPART2.DOC