Windows internals 5th

New material has been added since the 6th edition which covered Windows 7 and Windows Server R2. These include system mechanisms, management mechanisms, networking, file systems, cache management and troubleshooting system crashes.

Inside Windows NT was the first book ever published about Windows NT and provided key insights into the architecture and design of the system. It updated the original book to cover Windows NT 4. It added many new topics, such as startup and shutdown, service internals, registry internals, file-system drivers, and networking.

Windows Internals, Fourth Edition was the Windows XP and Windows Server update and added more content focused on helping IT professionals make use of their knowledge of Windows internals, such as using key tools from Windows Sysinternals and analyzing crash dumps.

According to data related to the crash dump analysis, the main causes for system to crash are related to page faults, power management issues and access violations: drivers are often the main suspects.

What are the improvements that the OS can provide to reduce the impact of these crashes and what is still up to software developers only? Alex Ionescu: Adopting a micro-kernel approach where drivers run in an isolated environment is academically one of the preferred solutions. However, the performance implications of such a design change are quite drastic they have been getting better, however and the application compatibility issues, for Windows, may be too severe to ever go down this path.

UMDF is still limited to only a few classes of devices however, but it can still help reduce the amount of blue screens of death on a Windows machine. Making the code that driver developers have to write a lot easier to write, and able to run in a more constrained environment can definitely reduce catastrophic crashes as well. Finally, producing tools to test, fuzz, and exercise drivers allows driver developers to catch crashes before they ship, and tools such as Driver Verifier and the WHQL process at Microsoft are doing just that.

In fact, you will probably find today that most driver crashes are either going to be in old, legacy drivers that are no longer maintained, malicious drivers such as rootkits , and video card drivers simply because of the immense complexity required to build such a driver — case in point, the video driver on my machine is 14MB, three times larger than the kernel itself!

Do you think that they could be integrated as part of the operating system in a future release? You can search for a file handle, for example, a feature derived from the handle search in Process Explorer that enables you to find the process keeping a file locked, for example.

Part 1 will come out in early with part 2 following a couple of months later. While waiting to read the new 6th edition, I want to thank in a special way Mark Russinovich, David Solomon and Alex Ionescu for their precious help in writing this page: their answers are the value added of this article.

The Microsoft Press Store by Pearson. Register your book to access additional benefits. Not for sale. About eBook formats. We've made every effort to ensure the accuracy of this book and its companion content. Any errors that have been confirmed since this book was published can be downloaded below. Download the errata. If you find an error, you can report it to us through our Submit errata page.

Sign in. Your cart.