Windows Internals »

Mark Russinovich is a Technical Fellow in the Microsoft Platform and Services Division. Russinovich is a widely recognized expert in Windows operating system internals as well as operating architecture and design. His discovery of a rootkit on popular Sony audio CDs led to industry reforms in the area of computer privacy. Russinovich joined Microsoft when Microsoft acquired Winternals software, the company he cofounded in 1996 and where he worked as Chief Software Architect. Mark is also cofounder of Microsoft Windows Sysinternals, where he writes and publishes dozens of popular Windows administration and diagnostic utilities including Process Monitor, Process Explorer and Autoruns. He previously worked at IBM's Thomas J. Watson Research Center, researching operating system support for web server acceleration and serving as an operating systems expert.

David A. Solomon is the president of David Solomon Expert Seminars and teaches classes on Windows internals to corporations worldwide, including Microsoft. He is also a regular speaker at Microsoft technical conferences. David was previously a lead developer on the VMS operating system at Digital Equipment Corporation.

Alex I. Ionescu was the lead kernel developer for ReactOS, an open source clone of Windows XP/2003 written from scratch, where he wrote most of the NT-based kernel. He is now the founder of Winsider Seminars & Solutions Inc., specializing in low-level system software for administrators and developers. Alex teaches Windows internals courses for David Solomon Expert Seminars, notably at Microsoft. He is also very active in the security research community, discovering and reporting several vulnerabilitiesrelated to the Windows kernel and presenting talks at conferences such as Blackhat and Recon.

Mark and David coauthored the previous editions of this book.

See how the core components of the Windows operating system work behind the scenes—guided by a team of internationally renowned internals experts. Fully updated for Windows Server 2008 and Windows Vista, this classic guide delivers key architectural insights on system design, debugging, performance, and support—along with hands-on experiments to experience Windows internal behavior firsthand.

Delve inside Windows architecture and internals:

• Understand how the core system and management mechanisms work—from the object manager to services to the registry
• Explore internal system data structures using tools like the kernel debugger
• Grasp the scheduler's priority and CPU placement algorithms
• Go inside the Windows security model to see how it authorizes access to data
• Understand how Windows manages physical and virtual memory
• Tour the Windows networking stack from top to bottom—including APIs, protocol drivers, and network adapter drivers
• Troubleshoot file-system access problems and system boot problems
• Learn how to analyze crashes

DedicationForewordAcknowledgmentsIntroduction Chapter 1: Concepts and ToolsChapter 2: System ArchitectureChapter 3: System MechanismsChapter 4: Management MechanismsChapter 5: Processes, Threads, and JobsChapter 6: Security Chapter 7: I/O SystemChapter 8: Storage ManagementChapter 9: Memory ManagementChapter 10: Cache ManagerChapter 11: File SystemsChapter 12: NetworkingChapter 13: Startup and ShutdownChapter 14: Crash Dump AnalysisGlossary