Recent versions of Windows 8.x and 10 have a number of enhancements and new features as they relate to threads and scheduling, memory management, and security. This course continues exploring recent Windows versions as it relates to these topics.
At the core of Windows system level development or research is a thorough knowledge of Windows Internals. In this course, Windows 10 Internals - Threads, Memory and Security, you’ll learn features and enhancements in recent versions of Windows. First, you’ll learn about threads and scheduling. Next, you’ll explore memory management. Finally, you’ll discover how security works in Windows. When you’re finished with this course, you’ll have a foundational knowledge of modern Windows 10 Internals that will help you as you delve into security research or system level development.
Course Overview Hi everyone. My name is Pavel Yosifovich, and welcome to my course, Windows 10 Internals - Threads, Memory, and Security. I'm a developer and trainer working quite a bit with the internals of Windows. In this course, we're going to learn about various internal features and enhancements in the recent versions of Windows. The major topics that we will cover are threads and scheduling, memory management, and security. By the end of this course, you'll gain a deeper understanding of internal mechanisms in recent versions of Windows, which you'll be able to use in development or research. Before beginning this course, you should be familiar with the basics of Windows internals such as processes, threads, DLLs, and virtual memory. I hope you'll join me on this journey to learn Windows internals with the Windows 10 Internals - Threads, Memory, and Security course, at Pluralsight.
Memory Management: Fundamentals Hi, and welcome to the second module, which is about memory management, the fundamentals. In this module, we'll take a look at the basics of memory management, which is mostly a review from previous Windows Internals courses. We'll start by looking at memory management as a whole and then look at how memory is laid out in processes in the system. We'll look at page states and see what kind of state a page can be in. Then we'll discuss some memory terminology and see those in various tools, and then we'll summarize what we've learned. So let's begin.
Memory Management: Advanced Features Hi, and welcome to the Memory Management: Advanced Features module. In this module, we're going to continue exploration of the memory manager. Specifically, we'll look at reserve memory, and more importantly, the cost of reserve memory. How much does it cost really to reserve a large chunk of reserve memory? Then we'll look at ASLR, which is a security feature that has some side benefits. Then we'll look at physical pages lists and see how they're managed. And this will lead us to memory compression. We'll see how memory compression works to allow us to save physical memory. And finally, we'll look at memory enclaves, which is a new feature allowing us to protect, processes, or process memory, from kernel-based attacks. And finally, we'll summarize what we've learned. Let's begin with reserved memory.
Security: Fundamentals Hi, and welcome to the Security: Fundamentals module. In this module, we'll take a look at the basic security features in Windows. We'll look at the various security components that comprise the system. We'll take a look at how the user logs in, what components are involved. Then we'll look at various terms that are related to security such as SIDs, access tokens, and privileges. And finally, we'll look at access checks and how they're being done by combining all the terms previously introduced. And so let's begin.
Security: Advanced Features Hi, and welcome to the Security: Advanced Features module on Pluralsight. And so in this module, We'll continue our exploration of security-related features on Windows. We'll start with Virtualization-based Security, which allows us to have a hypervisor controlling vital parts of the system. Then we'll look at User Access Control, which allows users some control over which processes run with elevated permissions. We'll look at Integrity Levels, which is another way of separating processes running under the same user account. We'll discuss AppContainers, which are the secure sandbox under which UWP processes are running. Control Flow Guard is a mechanism to make sure malicious code does not override indirect calls. And finally we'll look at Process Mitigations that allow some settings on the process by process basis related to security. So, let's begin.