Synopses & Reviews
Delve inside Windows architecture and internals—and see how core components work behind the scenes. Led by three renowned internals experts, this classic guide is fully updated for Windows 7 and Windows Server 2008 R2—and now presents its coverage in two volumes.
As always, you get critical insider perspectives on how Windows operates. And through hands-on experiments, you’ll experience its internal behavior firsthand—knowledge you can apply to improve application design, debugging, system performance, and support.
In Part 1, you will:
- Understand how core system and management mechanisms work—including the object manager, synchronization, Wow64, Hyper-V, and the registry
- Examine the data structures and activities behind processes, threads, and jobs
- Go inside the Windows security model to see how it manages access, auditing, and authorization
- Explore the Windows networking stack from top to bottom—including APIs, BranchCache, protocol and NDIS drivers, and layered services
- Dig into internals hands-on using the kernel debugger, performance monitor, and other tools
Synopsis
Delve inside Windows architecture and internals—guided by a team of internationally renowned internals experts. Fully updated for Windows 7 and Windows Server 2008 R2, this classic guide delivers key architectural insights on system design, debugging, performance, and support—along with hands-on experiments to experience Windows internal behavior firsthand.
See how Windows components work behind the scenes:
- Understand how the core system and management mechanisms work
- Explore internal system data structures using tools like the kernel debugger
- Go inside the Windows security model to see how it authorizes access to data
- Understand how Windows manages physical and virtual memory
- Tour the Windows networking stack from top to bottom
- Troubleshoot file-system access problems and system boot problems
- Learn how to analyze crashes
About the Author
Mark E. Russinovich is a Technical Fellow in the Windows Azure™ group at Microsoft. He is coauthor of the Windows Internals book series, lead author for Windows Sysinternals Administrators Reference, cofounder of the Sysinternals web site, and a highly regarded expert on Windows internals and computer security.
David A. Solomon is coauthor of the WINDOWS INTERNALS book series and teaches classes on Windows internals to corporations worldwide, including Microsoft. He is a regular speaker at Microsoft technical conferences and previously was a lead developer for the VMS operating system.
Alex Ionescu is a software engineer and consultant specializing in low-level system software and operating system design. He teaches Windows internals courses with David Solomon and is active in the security research community.
Table of Contents
; Introduction; Structure of the Book; History of the Book; Sixth Edition Changes; Hands-on Experiments; Topics Not Covered; A Warning and a Caveat; Acknowledgments; Errata & Book Support; We Want to Hear from You; Stay in Touch; Chapter 1: Concepts and Tools; 1.1 Windows Operating System Versions; 1.2 Foundation Concepts and Terms; 1.3 Digging into Windows Internals; 1.4 Conclusion; Chapter 2: System Architecture; 2.1 Requirements and Design Goals; 2.2 Operating System Model; 2.3 Architecture Overview; 2.4 Key System Components; 2.5 Conclusion; Chapter 3: System Mechanisms; 3.1 Trap Dispatching; 3.2 Object Manager; 3.3 Synchronization; 3.4 System Worker Threads; 3.5 Windows Global Flags; 3.6 Advanced Local Procedure Call; 3.7 Kernel Event Tracing; 3.8 Wow64; 3.9 User-Mode Debugging; 3.10 Image Loader; 3.11 Hypervisor (Hyper-V); 3.12 Kernel Transaction Manager; 3.13 Hotpatch Support; 3.14 Kernel Patch Protection; 3.15 Code Integrity; 3.16 Conclusion; Chapter 4: Management Mechanisms; 4.1 The Registry; 4.2 Services; 4.3 Unified Background Process Manager; 4.4 Windows Management Instrumentation; 4.5 Windows Diagnostic Infrastructure; 4.6 Conclusion; Chapter 5: Processes, Threads, and Jobs; 5.1 Process Internals; 5.2 Protected Processes; 5.3 Flow of CreateProcess; 5.4 Thread Internals; 5.5 Examining Thread Activity; 5.6 Worker Factories (Thread Pools); 5.7 Thread Scheduling; 5.8 Processor Share-Based Scheduling; 5.9 Dynamic Processor Addition and Replacement; 5.10 Job Objects; 5.11 Conclusion; Chapter 6: Security; 6.1 Security Ratings; 6.2 Security System Components; 6.3 Protecting Objects; 6.4 The AuthZ API; 6.5 Account Rights and Privileges; 6.6 Access Tokens of Processes and Threads; 6.7 Security Auditing; 6.8 Logon; 6.9 User Account Control and Virtualization; 6.10 Application Identification (AppID); 6.11 AppLocker; 6.12 Software Restriction Policies; 6.13 Conclusion; Chapter 7: Networking; 7.1 Windows Networking Architecture; 7.2 Networking APIs; 7.3 Multiple Redirector Support; 7.4 Distributed File System Namespace; 7.5 Distributed File System Replication; 7.6 Offline Files; 7.7 BranchCache; 7.8 Name Resolution; 7.9 Location and Topology; 7.10 Protocol Drivers; 7.11 NDIS Drivers; 7.12 Binding; 7.13 Layered Network Services; 7.14 Conclusion; About the Authors; More Resources for Developers; Microsoft Press® books; Find the Right Resource for You;