Exam preparation information for Exam 71-660
Exam 71-660
TS: Windows Internals
Published: October 10, 2008 (in development)
Language(s): English
Audience(s): Developers, IT Professionals, Partners
Technology: Windows Vista
Type: Proctored Exam
About this Exam
This exam validates deep technical skills in the area of Windows Internals. Including troubleshooting operating systems that are not performing as expected or applications that are not working correctly, identifying code defects, and developing and debugging applications that run unmanaged code or that are tightly integrated with the operating system, such as Microsoft SQL Server, third party applications, antivirus software, and device drivers.
Audience Profile
Candidates for this exam are engineers, developers, or IT staff who work with Windows at a level that requires Windows Internals knowledge. Candidates for this exam are typically in the upper echelon of the technical staff at their companies. These individuals typically hold such positions as escalation engineer, technical lead, and software design engineer. Their level of knowledge spans products both inside and outside the Microsoft Corporation. These individuals are involved in resolving problems that require deep understanding of Windows Internals rather than problems about planning and infrastructure development or how to use or configure a product that runs on Windows.
Credit Toward Certification
When you pass Exam 71-660: TS: Windows Internals, you complete the requirements for the following certification(s):Microsoft Certified Technology Specialist (MCTS): Windows Internals
Exam 71-660: TS: Windows Internals: counts as credit toward the following certification(s):N/A
Note: This preparation guide is subject to change at any time without prior notice and at the sole discretion of Microsoft. Microsoft exams might include adaptive testing technology and simulation items. Microsoft does not identify the format in which exams are presented. Please use this preparation guide to prepare for the exam, regardless of its format.
Skills Being Measured
This exam measures your ability to accomplish the technical tasks listed below. The percentages indicate the relative weight of each major topic area on the exam.
Identifying Architectural Components (16%)
· Identify memory types and mechanisms.
o This objective may include but is not limited to: nonpaged vs. paged; memory descriptor lists; physical memory vs. logical memory; address translation; heap memory.
· Identify I/O mechanisms.
o This objective may include but is not limited to: Plug and play; IRQL levels; I/O request packets (IRPs); I/O manager; device stacks; filter drivers; timers
· Identify subsystems.
o This objective may include but is not limited to: Object manager; cache manager; process manager; memory manager; security reference monitor
· Identify processor functions and architecture.
o This objective may include but is not limited to: Interrupts; processor affinity; system service calls; 64-bit vs. 32-bit
· Identify process and threads.
o This objective may include but is not limited to: Process environment block (PEB), thread environment block (TEB); thread scheduling, states and priority
Designing Solutions (15%)
· Optimize a system for its drivers.
o This objective may include but is not limited to: driver signing; identifying filter drivers; timers and deferred procedure calls (DPCs); system worker threads; Driver Verifier
· Design applications.
o This objective may include but is not limited to: Application Verifier; gflags; kernel mode vs. user mode threads; structured exception handling (SEH); memory mapped files; authentication mechanisms; synchronization primitives
· Deploy compatible applications.
o This objective may include but is not limited to: Application Verifier; Application Compatibility Toolkit (ACT); gflags
· Identify optimal I/O models for applications.
o This objective may include but is not limited to: synchronous vs. asynchronous I/O; I/O completion ports; multithreaded applications
Monitoring Windows (14%)
· Monitor I/O latency.
o This objective may include but is not limited to: Perfmon; disk I/O; application performance; device I/O
· Monitor I/O throughput.
o This objective may include but is not limited to: filter drivers; cache manager; xperf; kernrate
· Monitor memory usage.
o This objective may include but is not limited to: nonpaged vs paged pool; user memory vs. kernel memory; debugging memory leaks; memory corruption; heap corruption
· Monitor CPU utilization.
o This objective may include but is not limited to: thread time; kernel vs. user time; thread states; Perfmon; WinDbg; Xperf; Kernrate
· Monitor handled and unhandled exceptions.
o This objective may include but is not limited to: Adplus; Dr Watson; Windows Error Reporting (WER); default post-mortem debuggers; exception handling
Analyzing User Mode (18%)
· Analyze heap leaks.
o This objective may include but is not limited to: UMDH (User-mode dump heap); user mode stack tracing; WinDbg; Application Verifier; Gflags; Perfmon
· Analyze heap corruption.
o This objective may include but is not limited to: Page heap; WinDbg; Application Verifier; Gflags
· Handle leaks.
o This objective may include but is not limited to: Procmon (Process Monitor); Perfmon; WinDbg; htrace; Process Explorer; Handle.exe
· Resolve image load issues.
o This objective may include but is not limited to: Tlist; loader snaps; dll dependencies; application manifests; 64-bit applications vs. 32-bit applications; tasklist
· Analyze services and host processes.
o This objective may include but is not limited to: sc.exe; services; service dependencies; service isolation; services startup types; service registry entries
· Analyze cross-process application calls.
o This objective may include but is not limited to: RPC; LPC; shared memory; named pipes; process startup; winsock
· Analyze the modification of executables at runtime.
o This objective may include but is not limited to: WinDbg; image corruption; detours; hot patches
· Analyze GUI performance issues.
o This objective may include but is not limited to: spy++; message queues; Application Verifier; TraceTools; ATL Trace; Task Manager
Analyzing Kernel Mode (19%)
· Find and identify objects in object manager namespaces and identify the objects’ attributes.
o This objective may include but is not limited to: Winobj.exe; symbolic links; object namespace; security descriptors; global namespace; device objects; file objects; object manager; semaphores
· Analyze Plug and Play (PnP) device failure.
o This objective may include but is not limited to: removal failures; global device list; WinDbg; device adds and removes; power handling
· Analyze pool corruption.
o This objective may include but is not limited to: Driver Verifier; WinDbg; pool tags; Poolmon; guard pages
· Analyze pool leaks.
o This objective may include but is not limited to: WinDbg; poolmon; Driver Verifier; crash dump analysis; paged and nonpaged pool; cache trimming
· Isolate the root cause of S state failure.
o This objective may include but is not limited to: System power states and transitions; power IRP handling
· Analyze kernel mode CPU utilization.
o This objective may include but is not limited to: kernrate.exe; WinDbg; deadlocks; Performance monitoring; event tracing
Debugging Windows (18%)
· Debug memory.
o This objective may include but is not limited to: Heap; pool; virtual memory vs. physical memory; stack; analyzing crash dumps and user dumps
· Identify a pending I/O.
o This objective may include but is not limited to: WinDbg; deadlocks; I/O manager; IRP processing
· Identify a blocking thread.
o This objective may include but is not limited to: thread state; locks; synchronization objects
· Identify a runaway thread.
o This objective may include but is not limited to: thread priorities; processor affinity; Perfmon; kernrate
· Debug kernel crash dumps.
o This objective may include but is not limited to: WinDbg; DPCs; Assembler; forcing kernel crash dumps; trap processing; register usage; call stack composition (prolog/epilog); processes vs. threads
· Debug user crash dumps.
o This objective may include but is not limited to: dump types; forcing user crash dumps; gflags; system resource utilization (CPU, disk, network; memory)
· Set up the debugger.
o This objective may include but is not limited to: WinDbg; physical connection (USB, rs-232, 1394); boot.ini; bcdedit; remoting; NMI; debugging system processes
Preparation Tools and Resources To help you prepare for this exam, Microsoft Learning recommends that you have hands-on experience with the product and that you use the following training resources. These training resources do not necessarily cover all of the topics listed in the "Skills Measured" tab. |
· Classroom Training: There is no classroom training currently available. |
· Microsoft E-Learning: There is no Microsoft E-Learning training currently available. |
· Microsoft Press Books: There are no Microsoft Press books currently available. |
· Practice Tests: There are no practice tests currently available. |
Microsoft Online Resources
· Microsoft Learning Community: Join newsgroups and visit community forums to connect with your peers for suggestions on training resources and advice on your certification path and studies. · TechNet: Designed for IT professionals, this site includes how-to instructions, best practices, downloads, technical resources, newsgroups, and chats. · MSDN: Designed for developers, the Microsoft Developer Network (MSDN) features code samples, technical articles, downloads, newsgroups, and chats. |
Have Questions? For advice about training and certification, connect with peers: · Visit the training and certification forum For questions about a specific certification, chat with a Microsoft Certified Professional (MCP): To find out about recommended blogs, Web sites, and upcoming Live Meetings on popular topics, visit our community site: |