Windows Internals: Covering Windows Server 2008 R2 and Windows 7, 6th Edition

Windows Internals, 6th edition covers the internals of the core kernel components of the Windows 7 and Windows Server 2008 R2 operating systems. This classic book will help you:

1. Understand how the core system and management mechanisms work—from the object manager to services to the registry
2. Explore internal system data structures using tools like the kernel debugger
3. Grasp the scheduler’s priority and CPU placement algorithms
4. Go inside the Windows security model to see how it authorizes access to data
5. Understand how Windows manages physical and virtual memory
6. Tour the Windows networking stack from top to bottom—including APIs, protocol drivers, and network adapter drivers
7. Troubleshoot file-system access problems and system boot problems
8. Learn how to analyze crashes

Sixth in the series, this edition was again written by Mark Russinovich, a Technical Fellow in Microsoft’s Azure Group, David Solomon, an operating systems expert and Windows internals teacher, and Alex Ionescu, Chief Architect at CrowdStrike and specializing in OS internals and security. Besides updates for changes in Windows, there are many new experiments and examples that highlight the use of both existing and new Sysinternals tools.

The sixth edition is being released in two parts: Part 1 is available now and Part 2 will be available in September. The reason for the split was to get the content into readers’ hands as soon as possible.

Sample Chapter

To see the detailed Table of Contents and read Chapter 5 (Processes, Threads, and Jobs) and Chapter 6 (Security), download this PDF.

Ordering the Book

The book is available for purchase on Amazon.com and available from O’Reilly in 4 ebook formats.

History of the Book

This is the sixth edition of a book that was originally called Inside Windows NT (Microsoft Press, 1992), written by Helen Custer (prior to the initial release of Microsoft Windows NT 3.1). Inside Windows NT was the first book ever published about Windows NT and provided key insights into the architecture and design of the system. Inside Windows NT, Second Edition (Microsoft Press, 1998) was written by David Solomon. It updated the original book to cover Windows NT 4.0 and had a greatly increased level of technical depth.

Inside Windows 2000, Third Edition (Microsoft Press, 2000) was authored by David Solomon and Mark Russinovich. It added many new topics, such as startup and shutdown, service internals, registry internals, file-system drivers, and networking. It also covered kernel changes in Windows 2000, such as the Windows Driver Model (WDM), Plug and Play, power management, Windows Management Instrumentation (WMI), encryption, the job object, and Terminal Services. Windows Internals, Fourth Edition was the Windows XP and Windows Server 2003 update and added more content focused on helping IT professionals make use of their knowledge of Windows internals, such as using key tools from Windows Sysinternals (www.microsoft.com/technet/sysinternals) and analyzing crash dumps. Windows Internals, Fifth Edition was the update for Windows Vista and Windows Server 2008. New content included the image loader, user-mode debugging facility, and Hyper-V.

Table of Contents

Part 1:

1. Concepts and Tools
2. System Architecture
3. System Mechanisms
4. Management Mechanisms
5. Processes, Threads, and Jobs
6. Security
7. Networking

Part 2:

1. I/O System
2. Storage Management
3. Memory Management
4. Cache Manager
5. File Systems
6. Startup and Shutdown
7. Crash Dump Analysis