How does Windows Subsystem for Linux (Version 1) actually work?
Pavel Yosifovich
Windows Subsystem for Linux (WSL) first appeared in Windows 10 (Anniversary Update, 1607). It enables
Pavel is a software developer, trainer, consultant, author and speaker with over 25 years of experience in the industry. He is the co-author of the “Windows Internals 7th Part 1” book, and the author of “Windows Kernel Programming”, “Windows 10 System Programming”, and “Windows Native API Programming”. Pavel also teaches system and kernel programming through his courses on TrainSec academy.
Where can you find me?
As one of the world’s foremost experts on Windows Internals and low-level system architecture, Pavel is known for his ability to break down complex technical topics and make them practical and accessible. His books, talks and training programs are trusted by engineers, developers, and teams worldwide.
At TrainSec, Pavel delivers exclusive live training on Windows Internals, debugging, and kernel programming, designed for professionals seeking to master the Windows operating system from the inside out.
If you want to understand Windows, you must understand the internals. Everything else builds on that.
There is nothing like the power of the kernel in Windows – but how do you write kernel drivers to take advantage of that power? This book will show you how.The book describes software kernel drivers programming for Windows. These drivers don’t deal with hardware, but rather the system itself: processes, threads, modules, Registry and more. Kernel code can monitor important events, preventing some from occurring if needed. Various filters can be written that can intercept calls that a driver may be interested in.
The second edition expands on existing topics, and adds chapters on advanced programming techniques, and the Windows Filtering Platform.
Second Edition
Delve into programming the Windows operating system through the Windows API in with C++. Use the power of the Windows API to working with processes, threads, jobs, memory, I/O and more. The book covers current Windows 10 versions, allowing you to get the most of what Windows has to offer to developers in terms of productivity, performance and scalability.
There is nothing like the power of the kernel in Windows – but how do you write kernel drivers to take advantage of that power? This book will show you how.
The book describes software kernel drivers programming for Windows. These drivers don’t deal with hardware, but rather with the system itself: processes, threads, modules, registry and more. Kernel code can be used for monitoring important events, preventing some from occurring if needed. Various filters can be written that can intercept calls that a driver may be interested in.
Part 1
Delve into programming the Windows operating system through the Windows API in with C++.
Use the power of the Windows API to working with processes, threads, jobs, memory, I/O and more. The book covers current Windows 10 versions, allowing you to get the most of what Windows has to offer to developers in terms of productivity, performance and scalability.
At TrainSec, we’re proud to offer exclusive, in-depth training courses taught by Pavel Yosifovich. These courses focus on advanced topics in Windows Internals, kernel development, debugging, and system programming – all designed for engineers and developers whi want to work at the deepest levels of the Windows operating system.
All courses are delivered by Pavel himself, combining deep technical knowledge with practical experience. Browse the available courses below to learn directly from one of the world’s leading Windows experts.
The following articles were written by Pavel as part of the TrainSec free knowledge library.
Windows Subsystem for Linux (WSL) first appeared in Windows 10 (Anniversary Update, 1607). It enables
Learn what kernel allocation tags are, how they help track Windows kernel memory, detect driver
We’ve all used the Recycle Bin. You delete a file, and it shows up there,
Starting with Windows Vista, Microsoft introduced protected processes—special executables the kernel shields from injection, memory
Debugging Windows at kernel level lets you watch every CPU instruction, intercept system calls, and
In just 25 minutes the walk-through shows you how Windows Management Instrumentation (WMI) reveals almost
In this video, Pavel walks through how to implement a basic keylogger in Windows using
In this hands-on session, Pavel Yosifovich demonstrates how to launch a process under the SYSTEM
Note: This blog post is designed to complement the accompanying video embedded at the top
In this video, we dive deep into User Account Control (UAC) Virtualization—a feature introduced in
Dive into Pavel’s latest post exploring the Windows Blue Screen of Death—what triggers it, why
Unlock the power of RunDLL32! Learn how to execute DLL functions, invoke control panel dialogs,
Shell extensions are a powerful feature of the Windows shell that allow developers to extend
In this video, we dive into two powerful Windows API functions—CreateProcessAsUser and CreateProcessWithTokenW—that allow you
Remote Procedure Calls (RPC) are a fundamental mechanism in distributed computing, allowing functions to execute
Note: This blog post is designed to complement the accompanying video embedded at the top
Introduction: Writing a Windows Service Hi, and welcome to this video on writing a Windows
Welcome to this video about Windows Services. In this video, we’ll cover the basics of
Hi, and welcome to this video about an introduction to the Windows Performance Analyzer. We’re
Some Windows kernel object types can have string-based names, which is one way such objects
Keyboard hooking using Image File Execution Options and pretending to be a debugger.
Ever wondered how many handles you can create in a process? Each process has its
Millions of machines around the world crashed a few days ago, showing the dreaded “Blue
In Windows, every process is associated with a parent process, usually the one created it.
There are many processes running on a typical Windows system – here are some of
A well-known features of Windows is the Image File Execution Options registry key located in