Windows Internals, Part 2

The definitive guide to modern Windows internals: new coverage of virtualization, file systems, boot, security, and more.

For advanced computing professionals, this is the definitive up-to-date guide to how Windows core components behave “under the hood.” Using it, experienced developers can build more powerful and scalable software, administrators can debug complex system and performance  problems, and security researchers can harden their systems. This Seventh Edition is fully updated through the May 2021 (21H1/2104) updates to Windows 10 and Windows Server (2022, 2019, and 2016). It adds extensive content on Hyper-V, plus fully rewritten chapters on the boot process, new storage technologies, and Windows system and management mechanisms. As always, it delivers unparalleled insight based on insider access to Microsoft source code, with hands-on experiments using the latest debugging tools to show you Windows’ internal behaviors firsthand. With Windows 11 introducing new user interface design elements that build upon the same core technologies as Windows 10, readers will be well-prepared for this new chapter of computing.

Leading Windows insiders help you:

• Discover system mechanisms for serving device drivers and applications, including ALPC, Object Manager, synchronization, WNF, WoW64, and the processor execution model

• Explore underlying hardware architecture, including trap processing, segmentation, and side channel vulnerabilities

• Understand Windows virtualization, and how virtualization-based security (VBS) protects against OS vulnerabilities

• Delve into key management and configuration mechanisms, including the Registry, Windows services, WMI, and Task Scheduling

• Explore diagnostic services such as Event Tracing for Windows (ETW) and DTrace

• Learn how the cache manager and file system drivers interact to provide reliable support for files, directories, and disks, including on Persistent Memory (NVDIMM) DAX devices.

• Understand NTFS, ReFS, and other Windows file systems

• Review Windows startup/shutdown operations, and OS components involved in boot flow

• Analyze UEFI-based Secure Boot, Measured Boot, and Secure Launch

About This Book

• For experienced programmers, architects, software quality and performance specialists, administrators, security practitioners, and support professionals

• Assumes you are a Windows power user

Andrea Allievi (Greater Seattle, WA Area) is a Senior Kernel Engineer with more than 15 years of experience in the field. He works in the Windows Core OS team at Microsoft, where he designs and develops robust Windows kernel Security features. He is also active in the security research community and often speaks at conferences, including Recon and Blue Hat. He started as a Security Researcher in small Italian companies such as TgSoft and SaferBytes. He then moved to the Talos group at Cisco Systems, where his time was split between the development of anti-virus and anti-rootkit tools and security research of offensive and defensive technologies, particularly in the Windows' kernel. In that time, after the design of the first UEFI Bootkit and the bypass of the Windows 8.1 Kernel Patch Protection, he became an internationally recognized expert in the operating system's internals.

Alex Ionescu (Greater Seattle, WA Area) is a Senior Vice President of Endpoint Security at CrowdStrike, and an internationally recognized expert in low-level system software, operating system research and kernel development, security training, and reverse engineering. He teaches Windows Internals courses around the world and is active in the security research community through conference talks and bug bounty programs.

Mark E. Russinovich (Seattle, WA Area) is a Technical Fellow in the Windows Azure Group at Microsoft, focusing on the Microsoft Cloud. He is a widely recognized expert in operating systems, distributed systems, and cybersecurity. Russinovich is co-author of the popular Windows Internals series of books and Windows Sysinternals Administrator's Reference. He joined Microsoft when it acquired Winternals, a software company he co-founded in 1996. He created the popular Sysinternals tools.

David A. Solomon (Los Angeles, CA Area), coauthor of the Windows Internals book series, has taught Windows internals to thousands of developers and IT professionals worldwide, including Microsoft staff. He is a regular speaker at Microsoft conferences, including TechNet and PDC.

The New copy of this book will include any supplemental materials advertised. Please check the title of the book to determine if it should include any access cards, study guides, lab manuals, CDs, etc.

The Used, Rental and eBook copies of this book are not guaranteed to include any supplemental materials. Typically, only the book itself is included. This is true even if the title states it includes any access cards, study guides, lab manuals, CDs, etc.