Windows Source Code Workshop for Code Center Premium Licensees

Revision: TE4401_20070913

Course Length:

5 Days

Course Description:

This seminar provides a comprehensive guided tour through and analysis of the internal design, implementation, and operation of the major components of the Windows operating system, with a corresponding tour of the Windows source code.

Who Should Attend:

Microsoft Code Center Premium licensees for Microsoft Windows source code for Windows Vista, Windows Server 2003, Windows XP, or Windows 2000 will benefit from this course. Windows XP or Windows Server 2003 source code will be used for the examples during the seminar.

Benefits of Attendance:

Upon completion of this course, students will be able to:

• internal design, implementation, and operation of the major components of the Windows operating system

Prerequisites:

This Workshop is restricted to authorized source code licensees, as determined by Microsoft. Students should have experience with Windows at the "power user," developer, or system administrator level. They should also have familiarity with basic operating system concepts and access to Windows source code via Code Center Premium. Some reading familiarity with the C programming language is also recommended.

Course Outline:

• Code Center Premium
  1. General description
  2. Installing and connecting (demonstration)
  3. Troubleshooting connection issues
  4. First look at directory tree structures
  5. Search tools and strategies
• Windows general architecture, components, and source tree structure
  1. General principles
  2. 32- and 64-bit address spaces
  3. Execution context: Processes, threads, and “others”
  4. Windows services (background processes)
  5. Finding source code for Windows processes
  6. Kernel mode components
  7. Tools for investigating and monitoring
  8. Introduction to the Windows debugger
• User mode architecture and components
  1. Processes and address space
  2. Executable file format
  3. User mode memory management
  4. Threads
  5. Process and thread components and data structures
  6. Program execution environment
  7. User to kernel mode calls
  8. Process and thread creation and deletion
  9. Explorer and Internet Explorer
  10. .NET
• Security architecture and components
  1. Security concepts
  2. Windows security model and certifications
  3. Windows security features
  4. Windows security components and implementation
• Kernel mode architecture and components
  1. User to kernel mode calls, part 2 (system service dispatcher)
  2. Objects and handles, object manager, and security
  3. The registry
  4. Kernel mode execution environment
  5. Interrupt-driven contexts
  6. Deferred procedure calls (DPCs)
  7. Kernel mode synchronization mechanisms (IRQLs, spinlocks, resources)
  8. Kernel memory allocation
  9. Thread scheduler
  10. Virtual memory manager
  11. I/O subsystem, device drivers, and file cache
• Memory dump analysis and live debugging
  1. Debugging with source code access
  2. Compiler optimizations
  3. Relating assembly language to source code
  4. Debugging with incomplete or older sources