Windows Internals Book
Published November 30, 2006 | Updated July 1, 2009
Introduction
.png "Windows Internals, 5th Edition")
Windows Internals, 5th edition is the update to Windows Internals, 4th edition to cover Windows Vista and Windows Server 2008 (32-bit and 64-bit). It was written by Mark Russinovich, a Technical Fellow in Microsoft’s Windows Core Operating System Division, David Solomon, an operating systems expert and Windows internals teacher, and with contributions from Alex Ionecsu, who specializes in OS internals and security.
This edition has 25% more content than the previous edition and includes coverage of features new to Windows Vista and Windows Server 2008 like PatchGuard, Hyper-V support, Kernel Transaction Manager, I/O priorities, SuperFetch, ReadyBoot, ReadyBoost, BitLocker, UAC, Windows Integrity Mechanism, and Service Security Hardening, and more. It’s also updated with new experiments and new examples that highlight the use of Sysinternals tools like Process Explorer and Process Monitor.
.gif)
Top of page
Description of the Book
Get the architectural perspectives and inside details you need to understand how Windows operates
See how the core components of the Windows operating system work behind the scenes—guided by a team of internationally renowned internals experts. Fully updated for Windows Server® 2008 and Windows Vista®, this classic guide delivers key architectural insights on system design, debugging, performance, and support— along with hands-on experiments to experience Windows internal behavior firsthand.
Delve inside Windows architecture and internals:
- Understand how the core system and management mechanisms work—from the object manager to services to the registry
- Explore internal system data structures using tools like the kernel debugger
- Grasp the scheduler’s priority and CPU placement algorithms
- Go inside the Windows security model to see how it authorizes access to data
- Understand how Windows manages physical and virtual memory
- Tour the Windows networking stack from top to bottom— including APIs, protocol drivers, and network adapter drivers
- Troubleshoot file-system access problems and system boot problems
- Learn how to analyze crashes
Top of page
Table of Contents
- Introduction
- Architecture
- System Mechanisms
- Management Mechanisms
- Processes, Threads and Jobs
- Security
- I/O System
- Storage Management
- Memory Management
- Cache Manager
- File Systems
- Networking
- Startup and Shutdown
- Crash Dump Analysis
Top of page
Book Tools
Tools referenced in the book and hosted but not referenced on Sysinternals include:
- Notmyfault: Use this executable and driver to crash your system in several different ways. Chapter 7 uses Notmyfault to demonstrate pool leak troubleshooting and Chapter 14 uses it for crash analysis examples. The download includes x86 (in the exe\release directory) and x64 versions (in the exe\relamd directory) as well as full source.
- Testlimit: Chapter 3 uses Testlimit to demonstrate the operating system's per-process limit on the number of concurrently opened handles, but the tool's command-line options also let you test limits of process and thread creation.
- Accvio: This executable generates a user mode access violation by trying to reference virtual address zero, which by default, is marked no access. Chapter 3 uses it to demonstrate the behavior of Windows when an application triggers an unhandled exception.
Top of page
Errata
If you have general feedback for us, find an inaccuracy, or have a suggestion for the next edition, please send e-mail to syssite@microsoft.com . We'll post corrections and tool updates to this page.
Related Content
Mark’s TechNet Magazine articles on Windows Vista and Windows Server 2008 internals:
Mark’s webcasts on Windows Vista and Windows Server 2008 internals: