The definitive guide to modern Windows internals: new coverage of virtualization, file systems, boot, security, and more.

For advanced computing professionals, this is the definitive up-to-date guide to how Windows core components behave under the hood. Using it, experienced developers can build more powerful and scalable software, administrators can debug complex system and performance problems, and security researchers can harden their systems. This Seventh Edition is fully updated through the May 2021 (21H1/2104) updates to Windows 10 and Windows Server (2022, 2019, and 2016). It adds extensive content on Hyper-V, plus fully rewritten chapters on the boot process, new storage technologies, and Windows system and management mechanisms. As always, it delivers unparalleled insight based on insider access to Microsoft source code, with hands-on experiments using the latest debugging tools to show you Windows internal behaviors firsthand. With Windows 11 introducing new user interface design elements that build upon the same core technologies as Windows 10, readers will be well-prepared for this new chapter of computing.

Leading Windows insiders help you:

Discover system mechanisms for serving device drivers and applications, including ALPC, Object Manager, synchronization, WNF, WoW64, and the processor execution model

Explore underlying hardware architecture, including trap processing, segmentation, and side channel vulnerabilities

Understand Windows virtualization, and how virtualization-based security (VBS) protects against OS vulnerabilities

Delve into key management and configuration mechanisms, including the Registry, Windows services, WMI, and Task Scheduling

Explore diagnostic services such as Event Tracing for Windows (ETW) and DTrace

Learn how the cache manager and file system drivers interact to provide reliable support for files, directories, and disks, including on Persistent Memory (NVDIMM) DAX devices.

Understand NTFS, ReFS, and other Windows file systems

Review Windows startup/shutdown operations, and OS components involved in boot flow

Analyze UEFI-based Secure Boot, Measured Boot, and Secure Launch

About This Book

For experienced programmers, architects, software quality and performance specialists, administrators, security practitioners, and support professionals

Assumes you are a Windows power user

Table of Contents

  1. Cover Page
  2. Title Page
  3. Copyright Page
  4. Dedication Page
  5. Contents at a glance
  6. Contents
  7. About the Authors
  8. Foreword
  9. Introduction
  10. Chapter 8. System mechanisms
    1. Processor execution model
    2. Hardware side-channel vulnerabilities
    3. Side-channel mitigations in Windows
    4. Trap dispatching
    5. WoW64 (Windows-on-Windows)
    6. Object Manager
    7. Synchronization
    8. Advanced local procedure call
    9. Windows Notification Facility
    10. User-mode debugging
    11. Packaged applications
    12. Conclusion
  11. Chapter 9. Virtualization technologies
    1. The Windows hypervisor
    2. The virtualization stack
    3. Virtualization-based security (VBS)
    4. The Secure Kernel
    5. Isolated User Mode
    6. Conclusion
  12. Chapter 10. Management, diagnostics, and tracing
    1. The registry
    2. Windows services
    3. Task scheduling and UBPM
    4. Windows Management Instrumentation
    5. Event Tracing for Windows (ETW)
    6. Dynamic tracing (DTrace)
    7. Windows Error Reporting (WER)
    8. Global flags
    9. Kernel shims
    10. Conclusion
  13. Chapter 11. Caching and file systems
    1. Terminology
    2. Key features of the cache manager
    3. Cache virtual memory management
    4. Cache size
    5. Cache data structures
    6. File system interfaces
    7. Fast I/O
    8. Read-ahead and write-behind
    9. File systems
    10. The NT File System (NTFS)
    11. NTFS file system driver
    12. NTFS on-disk structure
    13. NTFS recovery support
    14. Encrypted file system
    15. Direct Access (DAX) disks
    16. Resilient File System (ReFS)
    17. ReFS advanced features
    18. Storage Spaces
    19. Conclusion
  14. Chapter 12. Startup and shutdown
    1. Boot process
    2. Conclusion
  15. Contents of Windows Internals, Seventh Edition, Part 1
  16. Index
  17. Code Snippets