Preparing For The Exam 70-660 Windows Internals

아티클
1/17/2024

Identifying Architectural Components

Identify memory types and mechanisms.

Nonpaged vs. Paged; Memory Descriptor Lists; Physical Memory vs. Logical Memory; Address translation; Heap memory.

Identify I/O mechanisms.

Plug and play; IRQL levels; I/O Request Packet IRP; I/O manager; device stacks; filter drivers; timers

Identify subsystems.

Object Manager; cache manager; process manager; memory manager; security reference monitor

Identify processor functions and architecture.

Interrupts; processor affinity; system service calls; 64-bit vs. 32-bit

Identify process and threads.

Process environment block (PEB), thread environment block (TEB); thread scheduling, states and priority

Designing Solutions

Optimize a system for its drivers.

Driver signing; identifying filter drivers; timers and deferred procedure calls (DPCs); system worker threads; Driver Verifier

Design applications.

Application Verifier; gflags; kernel mode vs. user mode threads; structured exception handling (SEH); memory mapped files; authentication mechanisms; synchronization primitives

Deploy compatible applications.

Application Verifier; Application Compatibility Toolkit (ACT); Global Flags Editor (GFlags)

Identify optimal I/O models for applications.

Synchronous vs. asynchronous I/O; I/O completion ports; multithreaded applications

Monitoring Windows

Monitor I/O latency.

Perfmon; disk I/O; application performance; device I/O

Monitor I/O throughput.

Filter drivers; cache manager; xperf; kernrate

Monitor memory usage.

Nonpaged vs paged pool; user memory vs. kernel memory; debugging memory leaks; memory corruption; heap corruption

Monitor CPU utilization.

Thread time; kernel vs. user time; thread states; Perfmon; WinDbg; Xperf; Kernrate

Monitor handled and unhandled exceptions.

Adplus; Dr Watson; Windows Error Reporting; default post-mortem debuggers; exception handling

Analyzing User Mode

Analyze heap leaks.

UMDH (User-mode dump heap); user mode stack tracing; WinDbg; Application Verifier; Gflags; Perfmon

Analyze heap corruption.

Page heap; WinDbg; Application Verifier; Gflags

Handle leaks.

Procmon (Process Monitor); Perfmon; WinDbg; htrace; Process Explorer; Handle.exe

Resolve image load issues.

Tlist; loader snaps; dll dependencies; application manifests; 64-bit applications vs. 32-bit applications; tasklist

Analyze services and host processes.

sc.exe; services; service dependencies; service isolation; services startup types; service registry entries

Analyze cross-process application calls.

RPC; LPC; shared memory; named pipes; process startup; winsock

Analyze the modification of executables at runtime.

WinDbg; Image corruption; Detours; hot patches

Analyze GUI performance issues.

Spy++; message queues; Application Verifier; TraceTools; ATL Trace; Task Manager

Analyzing Kernel Mode

Find and identify objects in object manager namespaces and identify the objects’ attributes.

Winobj.exe; symbolic links; object namespace; security descriptors; global namespace; device objects; file objects; object manager; semaphores

Analyze Plug and Play (PnP) device failure.

Removal failures; global device list; WinDbg; device adds and removes; power handling

Analyze pool corruption.

Driver Verifier; WinDbg; pool tags; Poolmon; guard pages

Analyze pool leaks.

WinDbg; poolmon; Driver Verifier; crash dump analysis; paged and nonpaged pool; cache trimming

Isolate the root cause of S state failure.

System power states and transitions; power IRP handling

Analyze kernel mode CPU utilization.

Kernrate.exe; WinDbg; deadlocks; Performance monitoring; event tracing

Debugging Windows

Debug memory.

Heap; pool; virtual memory vs. physical memory; stack; analyzing crash dumps and user dumps

Identify a pending I/O.

WinDbg; deadlocks; I/O manager; IRP processing

Identify a blocking thread.

Thread state; locks; synchronization objects

Identify a runaway thread.

Thread priorities; processor affinity; Perfmon; kernrate

Debug kernel crash dumps.

WinDbg; DPCs; Assembler; forcing kernel crash dumps; trap processing; register usage; call stack composition (prolog/epilog); processes vs. threads

Debug user crash dumps.

Dump types; forcing user crash dumps; gflags; system resource utilization (CPU, disk, network; memory)

Set up the debugger.

WinDbg; physical connection (USB, rs-232, 1394); boot.ini; bcdedit; remoting; NMI; debugging system processes

다음을 통해 공유

Preparing For The Exam 70-660 Windows Internals

Identifying Architectural Components

Identify memory types and mechanisms.

Identify I/O mechanisms.

Identify subsystems.

Identify processor functions and architecture.

Identify process and threads.

Designing Solutions

Optimize a system for its drivers.

Design applications.

Deploy compatible applications.

Identify optimal I/O models for applications.

Monitoring Windows

Monitor I/O latency.

Monitor I/O throughput.

Monitor memory usage.

Monitor CPU utilization.

Monitor handled and unhandled exceptions.

Analyzing User Mode

Analyze heap leaks.

Analyze heap corruption.

Handle leaks.

Resolve image load issues.

Analyze services and host processes.

Analyze cross-process application calls.

Analyze the modification of executables at runtime.

Analyze GUI performance issues.

Analyzing Kernel Mode

Find and identify objects in object manager namespaces and identify the objects’ attributes.

Analyze Plug and Play (PnP) device failure.

Analyze pool corruption.

Analyze pool leaks.

Isolate the root cause of S state failure.

Analyze kernel mode CPU utilization.

Debugging Windows

Debug memory.

Identify a pending I/O.

Identify a blocking thread.

Identify a runaway thread.

Debug kernel crash dumps.

Debug user crash dumps.

Set up the debugger.

추가 리소스