Chapter 1: Concepts and tools Windows operating system versions Foundation concepts and terms Digging into Windows internals Conclusion Chapter 2: System architecture Requirements and design goals Operating system model Architecture overview Virtualization-based security architecture overview Key system components Conclusion Chapter 3: Processes and jobs Creating a process Process internals Protected processes Minimal and Pico processes Trustlets (secure processes) Flow of CreateProcess Terminating a process Image loader Jobs Conclusion Chapter 4: Threads Creating threads Thread internals Examining thread activity Thread scheduling Group-based scheduling Worker factories (thread pools) Conclusion Chapter 5: Memory management Introduction to the memory manager Services provided by the memory manager Kernel-mode heaps (system memory pools) Heap manager Virtual address space layouts Address translation Page fault handling Stacks Virtual address descriptors NUMA Section objects Working sets Page frame number database Physical memory limits Memory compression Memory partitions Memory combining Memory enclaves Proactive memory management (SuperFetch) Conclusion Chapter 6: I/O system I/O system components Interrupt Request Levels and Deferred Procedure Calls Device drivers I/O processing Driver Verifier The Plug and Play manager General driver loading and installation The Windows Driver Foundation The power manager Conclusion Chapter 7: Security Security ratings Security system components Virtualization-based security Protecting objects The AuthZ API Account rights and privileges Access tokens of processes and threads Security auditing AppContainers Logon User Account Control and virtualization Exploit mitigations Application Identification AppLocker Software Restriction Policies Kernel Patch Protection PatchGuard HyperGuard Conclusion.