Delve inside Windows architecture and internals—and see how core components work behind the scenes. Led by three renowned internals experts, this classic guide is fully updated for Windows 7 and Windows Server 2008 R2—and now presents its coverage in two volumes.

As always, you get critical insider perspectives on how Windows operates. And through hands-on experiments, you’ll experience its internal behavior firsthand—knowledge you can apply to improve application design, debugging, system performance, and support.

In Part 1, you will:

  • Understand how core system and management mechanisms work—including the object manager, synchronization, Wow64, Hyper-V, and the registry
  • Examine the data structures and activities behind processes, threads, and jobs
  • Go inside the Windows security model to see how it manages access, auditing, and authorization
  • Explore the Windows networking stack from top to bottom—including APIs, BranchCache, protocol and NDIS drivers, and layered services
  • Dig into internals hands-on using the kernel debugger, performance monitor, and other tools

Delve inside the Windows kernel with noted internals experts Mark Russinovich and David Solomon, in collaboration with the Microsoft Windows product development team. This classic guide—fully updated for Windows Server 2003, Windows XP, and Windows 2000, including 64-bit extensions—describes the architecture and internals of the Windows operating system. You’ll find hands-on experiments you can use to experience Windows internal behavior firsthand, along with advanced troubleshooting information to help you keep your systems running smoothly and efficiently. Whether you’re a developer or a system administrator, you’ll find critical architectural insights that you can quickly apply for better design, debugging, performance, and support.

Get in-depth, inside knowledge of the Windows operating system:

  • Understand the key mechanisms that configure and control Windows, including dispatching, startup and shutdown, and the registry
  • Explore the Windows security model, including access, privileges, and auditing
  • Investigate internal system architecture using the kernel debugger and other tools
  • Examine the data structures and algorithms that deal with processes, threads, and jobs
  • Observe how Windows manages virtual and physical memory
  • Understand the operation and format of NTFS, and troubleshoot file system access problems
  • View the Windows networking stack from top to bottom, including mapping, APIs, name resolution, and protocol drivers
  • Troubleshoot boot problems and perform crash analysis

See how the core components of the Windows operating system work behind the scenes—guided by a team of internationally renowned internals experts. Fully updated for Windows Server(R) 2008 and Windows Vista(R), this classic guide delivers key architectural insights on system design, debugging, performance, and support—along with hands-on experiments to experience Windows internal behavior firsthand.

Delve inside Windows architecture and internals:





Understand how the core system and management mechanisms work—from the object manager to services to the registry
Explore internal system data structures using tools like the kernel debugger
Grasp the scheduler's priority and CPU placement algorithms
Go inside the Windows security model to see how it authorizes access to data
Understand how Windows manages physical and virtual memory
Tour the Windows networking stack from top to bottom—including APIs, protocol drivers, and network adapter drivers
Troubleshoot file-system access problems and system boot problems
Learn how to analyze crashes

Drill down into Windows architecture and internals, discover how core Windows components work behind the scenes, and master information you can continually apply to improve architecture, development, system administration, and support.
Led by three renowned Windows internals experts, this classic guide is now fully updated for Windows 10 and 8.x. As always, it combines unparalleled insider perspectives on how Windows behaves “under the hood” with hands-on experiments that let you experience these hidden behaviors firsthand.
Part 2 examines these and other key Windows 10 OS components and capabilities:
  • Startup and shutdown
  • The Windows Registry
  • Windows management mechanisms
  • WMI
  • System mechanisms
  • ALPC
  • ETW
  • Cache Manager
  • Windows file systems
  • The hypervisor and virtualization
  • UWP Activation
Revised throughout, this edition also contains three entirely new chapters:
  • Virtualization technologies
  • Management diagnostics and tracing
  • Caching and file system support