Windows internals

Windows Internals (Inside Windows) Gets Welcome Update

Cover shot from Amazon Books

Here’s another caveat: the primary audience for this book is Windows system developers. They’re the people who will get the most out of its contents, and my lack of in-depth Windows system programming experience probably explains why my eyes glaze over and my mind goes on vacation as I look at certain sections in the book.

That said, there’s a tremendous wealth of information on Windows in here (and from what I can tell, it applies nearly 100% to Windows 7 as well as Windows Vista, thanks to relatively little changes in the kernel and other system facilities between these two most recent desktop Windows versions).  In particular, these are the topics that I found most interesting and illuminating as I flipped through the book for a first quick pass over its contents (I’ll report again from time to time as I dig more deeply into its contents):

• Chapter 2 System Architecture: learned a thing or two about device drivers, and how to find them, in this chapter.
• Chapter 3 System Mechanisms: the best coverage of the MS Hyper-V Hypervisor I’ve ever seen anywhere.
• Chapter 4 Management Mechanisms: as in previous versions, this chapter provides some of the best information about how the Windows registry is structured, and how it works, that I’ve ever seen. Worth the price of admission all by itself.
• Chapter 5 Processess, Threads, and Jobs: Here’s a tour-de-force illustration of Mark Russinovich’s knowledge of Windows internals, and how nicely the SysInternals tools work to reveal their inner workings.
• Chapter 6 Security: Provides a killer walkthrough of how Windows performs access checks and uses security identifiers (SIDs) for accounts, groups, and logons. Lots of good detail here on security minutae.
• Chapter 7 I/O System: includes great sections on Windows Plug and Play (PnP) operation and facilities, and ditto for ACPI/Power Manager.
• Chapter 8 Storage Management: Best discussions of both BitLocker Drive Encyrption and Volume Shadow Copy Servive (VSS) I’ve seen anywhere.
• Chapter 9 Memory Management: Another embarrassment of riches, and also worth the price of the book all by itself, especially the sections on physical memmory limits, working sets, and SuperFetch/ReadyBoost/ReadyDrive.
• Chapter 11 File Systems is worthwhile because it pulls info on all the Windows file systems together in one place and because it provides lots of great information on NTFS in particular.
• Chapter 12 Networking: lots of good information on the Windows IP stack, NetBIOS, MUP, NLA, LLTD, NAT, and more. I need to spend more time with this chapter to savor it more fully.
• Chapter 13 Startup and Shutdown: Great excursions into BIOS boot processes, BCD and Bootmgr, EFI boot stuff, plus more on ReadyBoot/ReadyBoost interaction. The great, great section on troubleshooting boot an startup problems is another gem.
• Chapter 14 Crash Dump Analysis: the second on “The Blue Screen” includes a list of the top 30 stop codes for Windows Vista, and included all my old familiars, for sure. The in-depth discussion of crash dump analysis includes basic and advanced sections, and is also sure to reward further study.

Anybody who works with Windows regularly and needs to understand its inner working will find their investment in this book amply repaid. It is worth every bit of the $38 to $70 you’ll pay for it by shopping online. My only beef about this book is that it’s a monster, at over 1,200 pages and 4.4 pounds, it’s a bit too heavy to read in your lap or hold in your hands for very long. You’ll want to plant this puppy on a table to flip through its many useful bits of information.

Here’s a full citation: Mark Russinovich, David A. Solomon, and Alex Ionescu: Windows Internals: Including Windows Server 2008 and Windows Vista, Fifth Edition, Microsoft Press, 6/17/2009, ISBN-13: 978-0735625303.

Boot-Land.com is another hidden treasure

If you read my previous blog, you already know that VistaPE is  a project that uses WinBuilder to automate the construction of a WinPE 2.0-based bootable image from the Windows Automated Installation Kit (WAIK) as well as the Vista OS install media (or a hard-disk copy thereof, for much better build-time performance). What may not have been clear in that posting, has now become crystal clear to me, thanks to spending a large part of the last two days devouring the forum posts, tutorials, and how-to’s available at Nuno Brito’s stellar site www.Boot-Land.net, the home of WinBuilder and an affiliate site for VistaPE.net.

What I didn’t immediately realize but am now keenly aware of, is that this site is a treasure trove of Windows internals lore, tools references, and information that has to be explored to be believed, and deeply pondered to be fully understood. I have learned more in the past two days about Windows boot structures, how the boot process begins, about the various types of file systems and MBR records that PC BIOSes can create and the various versions of Windows can accommodate, and how to build bootable floppies, hard disks, UFDs, and optical media than I ever imagined possible.

To me, Boot-Land.net is a stunning and entirely convincing demonstration of the power of open source and community effort. There’s no way a commercial outfit would be willing to disclose the kind of information that people want and need to know about low-level inner workings of operating systems, bootstrap loaders, BIOS operations, and related forensics and construction tools–at least, not without feeling like its “valuable intellectual property” had been given away purely for good will. Boot-Land.net does this as a matter of deliberate policy, design, and support for community.

Any Windows professionals, including those who work with XP and Vista, as well as other versions both older and newer, will find lots of interesting, valuable, and useful information here about how to design, build, and install compact boot environments for Windows machines. They’ll also learn about lots of tools they can include in such environments for installation, automated deployment, troubleshooting, and system repair.

I’d have to recommend this as one of the best resources I’ve ever seen when it comes to understanding how the Windows OS is put together, how it loads and boots, and what kinds of specifics are necessary to fit customized configurations to particular collections of hardware (motherboard, CPU, chipsets, devices, peripherals, and so forth). My only beefs against the site are its “sink or swim” approach to organizing and presenting information and providing guidance to newbies, and the incredible amount of information through which interested parties must work to find the items of greatest interest and relevance to them. But when compared to the treasures and wisdom so liberally scattered around its collection of goodies, those are pretty minor beefs indeed.

You simply must check it out! http://www.boot-land.net/forums/