Welcome Sign in
Windows Sysinternals
 Printer Friendly Version      Send     
Click to Rate and Give Feedback
 
 

Windows Internals Book

Published November 30, 2006 | Updated August 1, 2008


Windows Internals, 5th edition will cover Windows Vista and Windows Server 2008 — it is scheduled for availability in January 2009. In the meantime, you can read the following articles by Mark Russinovich on Windows Vista and Server 2008 internals:

Introduction

Windows Internals, 4th edition replaces Inside Windows 2000, 3rd edition. With 25% more content than the previous edition, it has been updated to cover Windows XP and Windows Server 2003, including 64-bit support, while also still covering Windows 2000. This new edition is even more valuable to the IT professional/system administrator as it takes the internals information and applies it to advanced troubleshooting, such as taking advantage of Sysinternals tools like Filemon, Regmon, and Process Explorer. It also has a new chapter on crash dump analysis.

Download the PDF version of Chapter 4, Management Mechanisms, which includes sections on the Registry, Services and WMI, as a preview: Windows Internals Chapter 4 PDF.

  • " I can't think of many technical books where I've gone out and bought multiple editions and there certainly isn't another where I'd consider buying 4 editions but for this particular book it just has to be done. The definitive guide to how things work in Windows and understanding how things work is 90% of the battle in my view. "—Mike Taulty

This review from the January 2006 issue of MCP Magazine has glowing things to say about the book and the crash analysis chapter in particular:

  • "The Internals book is worth its weight in gold just for the crash dump analysis information it provides. As a first step in the chapter, a tool named Notmyfault is discussed. This tool is ideal for performing basic crash dump analysis and allows you to crash your system in various ways to obtain certain information from your system. The crash options represent the most common ones that are seen by the Microsoft product support team. "

Here's another nice review and there are several on Amazon. Please consider adding a review yourself if you buy the book.

Description of the Book

Delve inside the Windows kernel with noted internals experts Mark Russinovich and David Solomon, in collaboration with the Microsoft Windows product development team. This classic guide—fully updated for Windows Server 2003, Windows XP, and Windows 2000—describes the architecture and internals of the Windows operating system. You'll find hands-on experiments you can use to experience Windows internal behavior firsthand, along with advanced troubleshooting information to help keep your systems running smoothly and efficiently. Whether you're a developer or a system administrator, you'll find critical architectural insights that you can quickly apply for better design, debugging, performance, and support.

Get in-depth, inside knowledge of the Windows operating system:

  • Understand the key mechanisms that configure and control Windows, including dispatching, startup and shutdown, and the registry
  • Explore the Windows security model, including access, privileges, and auditing
  • Investigate internal system architecture using the kernel debugger and other tools
  • Examine the data structures and algorithms that deal with processes, threads, and jobs
  • Observe how Windows manages virtual and physical memory
  • Understand the operation and format of NTFS, and troubleshoot file system access problems
  • View the Windows networking stack from top to bottom, including mapping, APIs, name resolution, and protocol drivers
  • Troubleshoot boot problems and perform crash analysis

The book has a foreword by Jim Allchin, Group Vice President of Platforms at Microsoft, and a historical perspective by David Cutler, Microsoft Senior Distinguished Engineer and lead architect of Windows NT.

Table of Contents

  1. Introduction
  2. Architecture
  3. System Mechanisms
  4. Management Mechanisms
  5. Startup and Shutdown
  6. Processes, Threads and Jobs
  7. Memory Management
  8. Security
  9. I/O System
  10. Storage
  11. Cache Manager
  12. File Systems
  13. Networking
  14. Crash Dump Analysis

Book Tools

Tools referenced in the book, but that are not available through other links on Sysinternals:

  • Notmyfault: Use this executable and driver to crash your system in several different ways. Chapter 7 uses Notmyfault to demonstrate pool leak troubleshooting and Chapter 14 uses it for crash analysis examples. The download includes x86 (in the exe\release directory) and x64 versions (in the exe\relamd directory) as well as full source.
  • Testlimit: Chapter 3 uses Testlimit to demonstrate the operating system's per-process limit on the number of concurrently opened handles, but the tool's command-line options also let you test limits of process and thread creation. The download includes source.
  • Accvio: This executable generates a user mode access violation by trying to reference virtual address zero, which by default, is marked no access. Chapter 3 uses it to demonstrate the behavior of Windows when an application triggers an unhandled exception.

Errata

If you have general feedback for us, find an inaccuracy, or have a suggestion for the next edition, please send e-mail to syssite@microsoft.com. We'll post corrections and tool updates to this page.

This Microsoft Knowledge Base article lists errata:


Ordering the Book

You can order the book from Amazon.com in two forms: as a stand-alone book or as part of the Windows Server 2003 Resource Kit. The Windows Server 2003 Resource Kit includes the book in e-book form, while the stand-alone does not.

Page view tracker