Windows Internals, Fifth Edition is intended for advanced computer professionals (both developers and system administrators) who want to understand how the core components of the Windows Vista and Windows Server 2008 operating systems work internally. With this knowledge, developers can better comprehend the rationale behind design choices when building applications specific to the Windows platform. Such knowledge can also help developers debug complex problems. System administrators can benefit from this information as well, because understanding how the operating system works “under the covers” facilitates understanding the performance behavior of the system and makes troubleshooting system problems much easier when things go wrong. After reading this book, you should have a better understanding of how Windows works and why it behaves as it does. .
Structure of the Book
The first two chapters (“Concepts and Tools” and “System Architecture”) lay the foundation with definitions and explanations of terms and concepts used throughout the rest of the book. The next two chapters—“System Mechanisms” and “Management Mechanisms”—describe key underlying mechanisms in the system. The next eight chapters explain the core components of the operating system: processes, threads, and jobs; security; the I/O system;
storage management; memory management; the cache manager; file systems; and networking.
The last two chapters cover startup and shutdown process and crash dump analysis.
History of the Book
This is the fifth edition of a book that was originally called Inside Windows NT (Microsoft Press, 1992), written by Helen Custer (prior to the initial release of Microsoft Windows NT 3.1).Inside Windows NT was the first book ever published about Windows NT and provided key insights into the architecture and design of the system. Inside Windows NT, Second Edition (Microsoft Press, 1998) was written by David Solomon. It updated the original book to cover Windows NT 4.0 and had a greatly increased level of technical depth. Inside Windows 2000, Third Edition (Microsoft Press, 2000) was authored by David Solomon and Mark Russinovich.
It added many new topics, such as startup and shutdown, service internals, registry internals, file system drivers, and networking. It also covered kernel changes in Windows 2000, such as the Windows Driver Model (WDM), Plug and Play, power management, Windows Management Instrumentation (WMI), encryption, the job object, and Terminal Services.
Windows Internals, Fourth Edition was the Windows XP and Windows Server 2003 update xxiv Introduction
and added more content focused on helping IT professionals make use of their knowledge of Windows internals, such as using key tools from Windows Sysinternals (www.microsoft.com/ technet/sysinternals) and analyzing crash dumps.
Fifth Edition Changes
This latest edition has been updated to cover the kernel changes made in Windows Vista and Windows Server 2008. Hands-on experiments have been updated to reflect changes in tools, and newly added experiments use tools not available when the fourth edition was written. Additionally, content has been added to cover mechanisms that were not previously described, such as the image loader and user-mode debugging facility, and information about previously covered subjects has been expanded as well.
Hands-On Experiments ..
Even without access to the Windows source code, you can glean much about Windows internals from tools such as the kernel debugger and tools from Sysinternals and Winsider Seminars & Solutions (www.winsiderss.com). When a tool can be used to expose or demonstrate some aspect of the internal behavior of Windows, the steps for trying the tool yourself are listed in “Experiment” boxes. These appear throughout the book, and we encourage you to try these as you’re reading—seeing visible proof of how Windows works internally will make much more of an impression on you than just reading about it will.
Topics Not Covered
Windows is a large and complex operating system. This book doesn’t cover everything relevant to Windows internals but instead focuses on the base system components. For example, this book doesn’t describe COM+, the Windows distributed object-oriented programming infrastructure, or the .NET Framework, the foundation of managed code applications.
Because this is an internals book and not a user, programming, or system administration book, it doesn’t describe how to use, program, or configure Windows.
A Warning and a Caveat
Because this book describes undocumented behavior of the internal architecture and operation of the Windows operating system (such as internal kernel structures and functions), this Introduction xxv
content is subject to change between releases. (External interfaces, such as the Windows API,are not subject to incompatible changes.)
.By “subject to change,” we don’t necessarily mean that details described in this book will change between releases, but you can’t count on them not changing. Any software that uses these undocumented interfaces might not work on future releases of Windows. Even worse,software that runs in kernel mode (such as device drivers) and uses these undocumented interfaces might experience a system crash when running on a newer release of Windows.
Find Additional Content Online
As new or updated material becomes available that complements this book, it will be posted online on the Microsoft Press Online Developer Tools Web site. The type of material you might find includes updates to book content, articles, links to companion content, errata, sample chapters, and more. This Web content is available at www.microsoft.com/learning/ books/online/developer and is updated periodically.
Support
Every effort has been made to ensure the accuracy of this book. Should you run into any problems or issues, please refer to the sources listed below.
From the Authors
This book isn’t perfect. No doubt it contains some inaccuracies, or possibly we’ve omitted some topics we should have covered. If you find anything you think is incorrect, or if you believe we should have included material that isn’t here, please feel free to send e-mail to winint@solsem.com. Updates and corrections will be posted on the Web site http://technet.
microsoft.com/en-us/sysinternals/bb963901.aspx.
From Microsoft Press
Microsoft Press provides corrections for books through the World Wide Web at the following address:
www.microsoft.com/mspress/support
xxvi Introduction
Questions and Comments
In addition to sending feedback directly to the authors, if you have comments, questions, or ideas regarding the presentation or use of this book, you can send them to Microsoft using either of the following methods:
Postal mail:
Microsoft Press
Attn: Windows Internals Editor
One Microsoft Way
Redmond, WA 98052-6399
E-mail:
mspinput@microsoft.com
Please note that product support isn’t offered through these mail addresses. For support information, visit Microsoft’s Web site at http://support.microsoft.com/. ...
