What do you think?
Rate this book
Windows Internals
Windows Internals: Covering Windows Server 2008 and Windows Vista
See how the core components of the Windows operating system work behind the scenes—guided by a team of internationally renowned internals experts. Fully updated for Windows Server® 2008 and Windows Vista®, this classic guide delivers key architectural insights on system design, debugging, performance, and support—along with hands-on experiments to experience Windows internal behavior firsthand.
Delve inside Windows architecture and internals:
1232 pages, Hardcover
First published January 1, 2008
20 people are currently reading
228 people want to read
About the author
Mark E. Russinovich
47 books366 followersMark Russinovich is a Technical Fellow in Windows Azure, Microsoft's cloud operating system group. Russinovich is a widely recognized expert in Windows operating system internals as well as operating system architecture and design.
Russinovich joined Microsoft when Microsoft acquired Winternals software, the company he cofounded in 1996 and where he worked as Chief Software Architect. He is also cofounder of Sysinternals.com, where he wrote and published dozens of popular Windows administration and diagnostic utilities including Autoruns, Process Explorer and Tcpview.
Russinovich coauthored "Windows Internals" and "The Sysinternals Administrator's Reference," both from Microsoft Press, authored the cyberthriller Zero Day, is a Contributing Editor for TechNet Magazine and Senior Contributing Editor for Windows IT Pro Magazine, and has written many articles on Windows internals. He has been a featured speaker at major industry conferences around the world, including Microsoft's TechEd, IT Forum, and Professional Developer's Conference, as well as Windows Connections, Windev, and TechMentor, and has taught Windows internals, troubleshooting and file system and device driver development to companies worldwide, including Microsoft, the CIA and the FBI. Russinovich earned his Ph.D. in computer engineering from Carnegie Mellon University.
Russinovich joined Microsoft when Microsoft acquired Winternals software, the company he cofounded in 1996 and where he worked as Chief Software Architect. He is also cofounder of Sysinternals.com, where he wrote and published dozens of popular Windows administration and diagnostic utilities including Autoruns, Process Explorer and Tcpview.
Russinovich coauthored "Windows Internals" and "The Sysinternals Administrator's Reference," both from Microsoft Press, authored the cyberthriller Zero Day, is a Contributing Editor for TechNet Magazine and Senior Contributing Editor for Windows IT Pro Magazine, and has written many articles on Windows internals. He has been a featured speaker at major industry conferences around the world, including Microsoft's TechEd, IT Forum, and Professional Developer's Conference, as well as Windows Connections, Windev, and TechMentor, and has taught Windows internals, troubleshooting and file system and device driver development to companies worldwide, including Microsoft, the CIA and the FBI. Russinovich earned his Ph.D. in computer engineering from Carnegie Mellon University.
Ratings & Reviews
Friends & Following
Create a free account to discover what your friends think of this book!
Community Reviews
Displaying 1 - 9 of 9 reviews
October 17, 2016
I referred to Windows Internal 5th Edition in my post last week “Me and Windows”. I completed the book this week and thought I’d give you a small review.
The book starts out great. The first chapter on Concepts and Tools is about as informative and useful as any introduction to a technical book that I have ever read. It definitely puts a big hunger in your tummy to read more. I was really impatient to get to Chapter 9 about Memory Management but didn’t want to jump ahead…
Chapter 2 about System Architecture was really cool too because I finally understood what all those DLLs I see in Process Explorer are really for and what those system processes really do. The Key System Components section was really, really valuable.
Once we get to Chapter 3 about System Mechanisms, we are starting to get deeply NERD. Sweaty palms, the whole banana. Sometimes I nearly got lost but the text was worded such that with a re-read or three, the concepts really did sink in. I take back much of what I have said against Windoze over the years – Windows 2008 is pretty fascinating and a MASSIVE improvement over Server 2003 / XP. It should be noted that this book covers the abortion otherwise known as Vista. Just bear with them, they will release the 6th Edition this year with the Server 2008 R2 / Se7en changes and you will find that they corrected the evils of Vista. Thank goodness.
Once you hit a stride in Chapter 4, you learn what in the hell is up with the Registry and Windows Services. I felt like I went from crawling around blind in a cellar to being outside in Norway in August with 20-hour days. It all started to click and make sense. And so well written. It must also be noted that the examples are very, very relevant and fun to do. They are almost all really, really quick and intensely intuitive.
Chapter 5 about Processes, Threads, and Jobs was a real eye-opener too. I finally figured out how to use Process Monitor (like Process Explorer another product of Russinovich and the sysinternals team) and other tools like the Live Kernel Debugger (LiveKD). Again, it was like a small innocent form of nerd heaven. Again, very, very technical but one gets a far better feel and appreciation for how it all ticks.
[Aside: Makes me wanna run out and read Amit Singh’s Mac OS X Internals just to compare but I really must do some non-nerd reading for a while. Well kind of because I suppose the Isaacson bio of Einstein and Gödel, Escher, Bach: An Eternal Golden Braid by Hofstadler can both be qualified as nerd reads too…]
Chapter 6 about Security was interesting but I was impatient to get to Chapter 7 about the I/O system (very interesting), Chapter 8 about Storage Management (finally understood about those Basic and Dynamic Disks I always wondered about) and finally Chapter 9 on Memory Management. To be honest, I guess I was expecting to learn far more miraculous things and came away a little disappointed. I guess the confusion between the various Page Mapping between Virtual and Physical memory which takes up most of the chapter got a bit long. The concepts were sort of new – I now have a better grasp of “Committed Memory” versus the “Working Set” but felt that a few more exercises about these concepts would have been helpful. I liked learning about ReadyBoost (but can’t use it with my MacBook Pro running Windows under VMware Fusion) and SuperFetch which are both rather impressive. I guess I felt there were more buttons to press in the other chapters. Also missing was a more detailed discussion of the ever-elusive system cache. As referred to in my previous post, I did have an email exchange with Russovich who explained that the old manner of tuning the system cache (file servers vs. web servers and so forth) was no longer either possible or necessary. It just wasn’t clear in the book (actually there was a false reference back to the previous chapter wherein there was no discussion of the subject).
The Cache Manager in Chapter 10 was actually where this System Cache discussion happened but as it is rather cloudy between the paging system and the cache, I can’t claim to have quite seen the boundaries between the two or even really understood which metrics were critical for monitoring. Mark said by email that cache faults / sec was the most reliable statistic for detecting cache thrashing. Perhaps I need to re-read Chapters 9 and 10 again in a few months…
Chapter 11 File Systems gave me a few more ideas about NTFS that I didn’t know but nothing earth shattering. Same comment on Chapter 12 Networking. I mean I liked seeing the stack and all but the exercises weren’t as fresh or exciting as in the earlier chapters. And to finish off, the Chapters 13 Startup and Shutdown and Chapter 14 Crash Dump Analysis were more of interest to driver developers although now I have a better handle on MBT and I appreciated the small list of common causes of crashes which hopefully will be useful someday.
Final word? An interesting book – especially the first half. Definitely worth reading next to your keyboard to try the different experiments. I am hoping that 6th Edition will fill in some gaps, correct the ills of Vista, and perhaps inject a little more life into Chapters 9 to 12.
CODA: I did actually write to and get a reply from Mark Russinovich (who has gone on to won Microsoft's Azure Cloud) and his intention was to rewrite the Memory Management chapters in the 6th Edition. I read them but they are still a bit far from perfect.
The book starts out great. The first chapter on Concepts and Tools is about as informative and useful as any introduction to a technical book that I have ever read. It definitely puts a big hunger in your tummy to read more. I was really impatient to get to Chapter 9 about Memory Management but didn’t want to jump ahead…
Chapter 2 about System Architecture was really cool too because I finally understood what all those DLLs I see in Process Explorer are really for and what those system processes really do. The Key System Components section was really, really valuable.
Once we get to Chapter 3 about System Mechanisms, we are starting to get deeply NERD. Sweaty palms, the whole banana. Sometimes I nearly got lost but the text was worded such that with a re-read or three, the concepts really did sink in. I take back much of what I have said against Windoze over the years – Windows 2008 is pretty fascinating and a MASSIVE improvement over Server 2003 / XP. It should be noted that this book covers the abortion otherwise known as Vista. Just bear with them, they will release the 6th Edition this year with the Server 2008 R2 / Se7en changes and you will find that they corrected the evils of Vista. Thank goodness.
Once you hit a stride in Chapter 4, you learn what in the hell is up with the Registry and Windows Services. I felt like I went from crawling around blind in a cellar to being outside in Norway in August with 20-hour days. It all started to click and make sense. And so well written. It must also be noted that the examples are very, very relevant and fun to do. They are almost all really, really quick and intensely intuitive.
Chapter 5 about Processes, Threads, and Jobs was a real eye-opener too. I finally figured out how to use Process Monitor (like Process Explorer another product of Russinovich and the sysinternals team) and other tools like the Live Kernel Debugger (LiveKD). Again, it was like a small innocent form of nerd heaven. Again, very, very technical but one gets a far better feel and appreciation for how it all ticks.
[Aside: Makes me wanna run out and read Amit Singh’s Mac OS X Internals just to compare but I really must do some non-nerd reading for a while. Well kind of because I suppose the Isaacson bio of Einstein and Gödel, Escher, Bach: An Eternal Golden Braid by Hofstadler can both be qualified as nerd reads too…]
Chapter 6 about Security was interesting but I was impatient to get to Chapter 7 about the I/O system (very interesting), Chapter 8 about Storage Management (finally understood about those Basic and Dynamic Disks I always wondered about) and finally Chapter 9 on Memory Management. To be honest, I guess I was expecting to learn far more miraculous things and came away a little disappointed. I guess the confusion between the various Page Mapping between Virtual and Physical memory which takes up most of the chapter got a bit long. The concepts were sort of new – I now have a better grasp of “Committed Memory” versus the “Working Set” but felt that a few more exercises about these concepts would have been helpful. I liked learning about ReadyBoost (but can’t use it with my MacBook Pro running Windows under VMware Fusion) and SuperFetch which are both rather impressive. I guess I felt there were more buttons to press in the other chapters. Also missing was a more detailed discussion of the ever-elusive system cache. As referred to in my previous post, I did have an email exchange with Russovich who explained that the old manner of tuning the system cache (file servers vs. web servers and so forth) was no longer either possible or necessary. It just wasn’t clear in the book (actually there was a false reference back to the previous chapter wherein there was no discussion of the subject).
The Cache Manager in Chapter 10 was actually where this System Cache discussion happened but as it is rather cloudy between the paging system and the cache, I can’t claim to have quite seen the boundaries between the two or even really understood which metrics were critical for monitoring. Mark said by email that cache faults / sec was the most reliable statistic for detecting cache thrashing. Perhaps I need to re-read Chapters 9 and 10 again in a few months…
Chapter 11 File Systems gave me a few more ideas about NTFS that I didn’t know but nothing earth shattering. Same comment on Chapter 12 Networking. I mean I liked seeing the stack and all but the exercises weren’t as fresh or exciting as in the earlier chapters. And to finish off, the Chapters 13 Startup and Shutdown and Chapter 14 Crash Dump Analysis were more of interest to driver developers although now I have a better handle on MBT and I appreciated the small list of common causes of crashes which hopefully will be useful someday.
Final word? An interesting book – especially the first half. Definitely worth reading next to your keyboard to try the different experiments. I am hoping that 6th Edition will fill in some gaps, correct the ills of Vista, and perhaps inject a little more life into Chapters 9 to 12.
CODA: I did actually write to and get a reply from Mark Russinovich (who has gone on to won Microsoft's Azure Cloud) and his intention was to rewrite the Memory Management chapters in the 6th Edition. I read them but they are still a bit far from perfect.
July 8, 2011
The Bible of everything Windows, written by the god of everything Windows. This is a fantastic, exhaustive, detailed, and largely technical reference to the underlying mechanisms of Windows.
October 15, 2020
Excellent resources
September 11, 2010
This book is huge (i.e. heavy!) and one of the rare times that I can honestly say that it met and often exceeded my expectations for technical depth.
If you want to know *exactly* what happens when you call CreateProcess, it's in there. If you want to know step-by-step what happens when you see the "Starting Windows" process at boot time, it's in there. If you want to know the architecture of the core NT kernel and its subsystems (e.g. Memory Manager, Plug & Play subsystem, Hardware Abstraction Layer, etc), it's all in there.
I'm a huge fan of the main author (Russinovich) and enjoy tools that he's made such as Process Monitor and Process Explorer that often give you details about your code that only makes sense after you've read this book (e.g. Deferred Procedure Call counts)
My only complaint is that I wish some parts were written in code or pseudo-code rather than prose. It seems that some parts could have been a bit shorter if written that way.
If you want to know *exactly* what happens when you call CreateProcess, it's in there. If you want to know step-by-step what happens when you see the "Starting Windows" process at boot time, it's in there. If you want to know the architecture of the core NT kernel and its subsystems (e.g. Memory Manager, Plug & Play subsystem, Hardware Abstraction Layer, etc), it's all in there.
I'm a huge fan of the main author (Russinovich) and enjoy tools that he's made such as Process Monitor and Process Explorer that often give you details about your code that only makes sense after you've read this book (e.g. Deferred Procedure Call counts)
My only complaint is that I wish some parts were written in code or pseudo-code rather than prose. It seems that some parts could have been a bit shorter if written that way.
Want to read
July 6, 2010Although, SysInternals Suite is a MUST-HAVE package for software experts, I didn't like the way they promote this package in the book.
Moreover, there're slight differences between 4th and 5th editions just few pages (compared to the whole book :P) describe those differences. Why reader must buy that 1232-pages book just to read those few pages?
Moreover, there're slight differences between 4th and 5th editions just few pages (compared to the whole book :P) describe those differences. Why reader must buy that 1232-pages book just to read those few pages?
February 5, 2010
Definitely the APitUE for NT. I'm so happy not to have needed to use closed source software this past decade.
---
need to read up on IOPC for my thesis. not very happy about it.
---
need to read up on IOPC for my thesis. not very happy about it.
November 1, 2013
Anyone working on windows must read this book to understand the internals of windows. Core concepts very well explained.
June 4, 2014
This is a good book, and although many people will probably think I am crazy for saying this, I wish it went into even more depth. As a systems programmer, I can use everything I can get my hands on.
August 7, 2016
Awesome techniques used to explain concepts!
Enjoyed reading this...
Big Fan of SysInternals!!
Enjoyed reading this...
Big Fan of SysInternals!!
Displaying 1 - 9 of 9 reviews