Windows Internals, Part 2, 7th edition

Published by Microsoft Press (October 1, 2021) © 2022
  • Mark E. Russinovich
  • Andrea Allievi
  • Alex Ionescu
  • David A. Solomon

Title overview

Drill down into Windows architecture and internals, discover how core Windows components work behind the scenes, and master information you can continually apply to improve architecture, development, system administration, and support.


Written by a team of renowned Windows experts, this classic guide is now fully updated for the latest releases of Windows. As always, it combines unparalleled insider perspectives on how Windows behaves “under the hood” with hands-on experiments that let you experience these internal behaviors firsthand.


Part 2 examines these and other key Windows 10 OS components and capabilities:
  • Startup and shutdown using UEFI and secure launch with measured boot
  • The registry
  • Windows management and tracing mechanisms such as WMI and ETW
  • System mechanisms such as ALPC and WNF
  • The cache manager
  • Windows file systems such as NTFS and ReFS
  • Hyper-V and virtualization-based security (VBS)
  • The Universal Windows Platform (UWP) application model

Revised throughout, this edition also contains these entirely new chapters:
  • Virtualization technologies
  • System mechanisms
  • Management diagnostics and tracing
  • Caching and file system support
  • Startup and shutdown
  • The complete, official source of public information on Windows internal behavior, mechanisms, and operation: crucial for software architecture, driver development, debugging, reverse engineering, system optimization, security hardening, and support
  • Covers UEFI boot, including secure launch & measured boot, the registry, WMI, ALPC, Event Tracing for Windows (ETW), Windows Notification Facility (WNF), the cache manager, NTFS and ReFS, Hyper-V, the secure kernel and virtualization based security (VBS), the Universal Windows Platform (UWP) application model, and more
  • Demonstrates key Windows behaviors with hands-on experiments you can replicate, leveraging the latest debugger technologies such as NatVis and LINQ

The book has been largely rewritten and thoroughly updated to cover all the versions of Windows 10, up to the 2104 Update (21H1), including past changes from Windows 8.1. Encompassing the significant kernel and system changes in the last 11 years since Windows 7, it expands on Part 1 by including new chapters on virtualization technologies, management mechanisms, including diagnostics and tracing, system mechanisms such as ALPC and WNF, and caching and file system support (including a description of the ReFs file system), plus startup and shutdown using new technologies such as UEFI and Secure Launch. Hands-on experiments have been updated throughout, both to expand into the learning material as well as to showcase improvements in the Windows Debugging Tools.

Key features

What is a VitalSource eTextbook?

The full text downloaded to your computer.

With VitalSource eTextbooks you can:

  • search for key concepts, words and phrases
  • make highlights and notes as you study
  • share your notes with friends

eTextbooks are downloaded to your computer and accessible either offline through the Bookshelf (available as a free download), available online and also via the iPad and Android apps.

Upon purchase, you'll gain instant access.

Table of contents


Introduction

CHAPTER 8 System mechanisms


CHAPTER 9 Virtualization technologies


CHAPTER 10 Management, diagnostics, and tracing


CHAPTER 11 Caching and file systems


CHAPTER 12 Startup and shutdown


Contents of Windows Internals, Seventh Edition, Part 1

Author bios

Andrea Allievi (Greater Seattle, WA Area) is a Senior Kernel Engineer with more than 15 years of experience in the field. He works in the Windows Core OS team at Microsoft, where he designs and develops robust Windows kernel Security features. He is also active in the security research community and often speaks at conferences, including Recon and Blue Hat. He started as a Security Researcher in small Italian companies such as TgSoft and SaferBytes. He then moved to the Talos group at Cisco Systems, where his time was split between the development of anti-virus and anti-rootkit tools and security research of offensive and defensive technologies, particularly in the Windows' kernel. In that time, after the design of the first UEFI Bootkit and the bypass of the Windows 8.1 Kernel Patch Protection, he became an internationally recognized expert in the operating system's internals.


Alex Ionescu (Greater Seattle, WA Area) is a Senior Vice President of Endpoint Security at CrowdStrike, and an internationally recognized expert in low-level system software, operating system research and kernel development, security training, and reverse engineering. He teaches Windows Internals courses around the world and is active in the security research community through conference talks and bug bounty programs.

Mark E. Russinovich (Seattle, WA Area) is a Technical Fellow in the Windows Azure Group at Microsoft, focusing on the Microsoft Cloud. He is a widely recognized expert in operating systems, distributed systems, and cybersecurity. Russinovich is co-author of the popular Windows Internals series of books and Windows Sysinternals Administrator's Reference. He joined Microsoft when it acquired Winternals, a software company he co-founded in 1996. He created the popular Sysinternals tools.

David A. Solomon (Los Angeles, CA Area), coauthor of the Windows Internals book series, has taught Windows internals to thousands of developers and IT professionals worldwide, including Microsoft staff. He is a regular speaker at Microsoft conferences, including TechNet and PDC.

Loading...Loading...Loading...