Delve inside Windows architecture and internals—and see how core components work behind the scenes. Led by three renowned internals experts, this classic guide is fully updated for Windows 7 and Windows Server 2008 R2—and now presents its coverage in two volumes.
As always, you get critical insider perspectives on how Windows operates. And through hands-on experiments, you’ll experience its internal behavior firsthand—knowledge you can apply to improve application design, debugging, system performance, and support.
In Part 2, you’ll examine:
Core subsystems for I/O, storage, memory management, cache manager, and file systems
Startup and shutdown processes
Crash-dump analysis, including troubleshooting tools and techniques
Chapter 8 I/O System
I/O System Components
Kernel-Mode Driver Framework (KMDF)
User-Mode Driver Framework (UMDF)
The Plug and Play (PnP) Manager
The Power Manager
Chapter 9 Storage Management
Virtual Hard Disk Support
BitLocker Drive Encryption
Volume Shadow Copy Service
Chapter 10 Memory Management
Introduction to the Memory Manager
Services Provided by the Memory Manager
Kernel-Mode Heaps (System Memory Pools)
Virtual Address Space Layouts
Page Fault Handling
Virtual Address Descriptors
Page Frame Number Database
Physical Memory Limits
Proactive Memory Management (Superfetch)
Chapter 11 Cache Manager
Key Features of the Cache Manager
Cache Virtual Memory Management
Cache Data Structures
File System Interfaces
Read-Ahead and Write-Behind
Chapter 12 File Systems
Windows File System Formats
File System Driver Architecture
Troubleshooting File System Problems
Common Log File System
NTFS Design Goals and Features
NTFS File System Driver
NTFS On-Disk Structure
NTFS Recovery Support
Encrypting File System Security
Chapter 13 Startup and Shutdown
Troubleshooting Boot and Startup Problems
Chapter 14 Crash Dump Analysis
Why Does Windows Crash?
The Blue Screen
Crash Dump Files
Windows Error Reporting
Online Crash Analysis
Basic Crash Dump Analysis
Using Crash Troubleshooting Tools
Advanced Crash Dump Analysis
Analysis of Common Stop Codes
Appendix Contents of Windows Internals, Sixth Edition, Part 1
Mark Russinovich is a Technical Fellow in the Windows Azure™ group at Microsoft. He is coauthor of Windows SysInternals Administrator’s Reference, co-creator of the Sysinternals tools available from Microsoft TechNet, and coauthor of the Windows Internals book series.
David A. Solomon is coauthor of the Windows Internals book series and has taught his Windows internals class to thousands of developers and IT professionals worldwide, including Microsoft staff. He is a regular speaker at Microsoft conferences, including TechNet and PDC.
Alex Ionescu is a chief software architect and consultant expert in low-level system software, kernel development, security training, and reverse engineering. He teaches Windows internals course with David Solomon, and is active in the security research community.
Comments about oreilly Windows® Internals, Part 2, 6th Edition:
The Windows Internals books have always been the most in-depth look into how the Windows Operating System works and provide valuable information for anyone developing and debugging Windows applications. I have used these books as a reference since the third edition and they have continuously gotten more comprehensive in size. The sixth edition is now split into two parts, the second part being reviewed here.
The last edition covered both Windows Server 2008 and Windows Vista while this edition focuses on their successors Windows Server 2008 R2 and Windows 7. The main topics stayed the same albeit networking moved up further in the chapters than compared to the previous edition. As the changes between the underlying kernels (fifth edition: Kernel 6.0, sixth edition: Kernel 6.1) have been negligible, the individual chapters are pretty much the same. Most of the things described in the fifth edition are still applicable in the latest Kernel.
The first part of the book, which was released in March 2012, provided a general overview over the basic layout and concepts of the Windows Operating System before going into further details of dedicated mechanism and subsystems such as processes, threads, security, networking and so on.
The second part focuses on the remaining mechanism and subsystems such as the I/O system, storage and memory, file system, startup and shutdown as well as crash dump analysis. Compared to the last edition, most of the chapters are fairly similar in size as only marginal changes were made in the Kernel in these areas.
As before, this book contains an abundance of low-level technical information and thus requires a fairly solid background with native tools such as the WinDbg application. Given the technical nature, the book certainly can be a bit 'dry' to read at times but books like this rather serve as a reference than being read cover-to-cover and thus this shouldn't be much of a concern.
The split into two separate parts is a logical decision based on the sheer amount of pages but it is the books only drawback at the same time. The first part was released about 6 months ago, which makes for a pretty long time between the two parts; especially since Windows 7/Windows Server 2008 R2 have been out in the field for quite some time and are imminent to be replaced by their successors. Future editions surely would benefit from a more closely release date for the individual parts.
Overall, the sixth edition continues to be the reference for any professional developer writing and debug applications in the Windows ecosystem. Mark, David and Alex continue to provide an excellent job in presenting the information in a logical and elaborate way including hands-on experiments.
Bottom Line Yes, I would recommend this to a friend