Posted by: Ed Tittel
Alex Ionescu, book review, David A. Solomon, ISBN-13: 978-0735625303, ISBN: 0735625301, Mark Russinovich, Windows 2008, Windows internals, Windows Internals 5e, Windows Vista
Here’s another caveat: the primary audience for this book is Windows system developers. They’re the people who will get the most out of its contents, and my lack of in-depth Windows system programming experience probably explains why my eyes glaze over and my mind goes on vacation as I look at certain sections in the book.
That said, there’s a tremendous wealth of information on Windows in here (and from what I can tell, it applies nearly 100% to Windows 7 as well as Windows Vista, thanks to relatively little changes in the kernel and other system facilities between these two most recent desktop Windows versions). In particular, these are the topics that I found most interesting and illuminating as I flipped through the book for a first quick pass over its contents (I’ll report again from time to time as I dig more deeply into its contents):
- Chapter 2 System Architecture: learned a thing or two about device drivers, and how to find them, in this chapter.
- Chapter 3 System Mechanisms: the best coverage of the MS Hyper-V Hypervisor I’ve ever seen anywhere.
- Chapter 4 Management Mechanisms: as in previous versions, this chapter provides some of the best information about how the Windows registry is structured, and how it works, that I’ve ever seen. Worth the price of admission all by itself.
- Chapter 5 Processess, Threads, and Jobs: Here’s a tour-de-force illustration of Mark Russinovich’s knowledge of Windows internals, and how nicely the SysInternals tools work to reveal their inner workings.
- Chapter 6 Security: Provides a killer walkthrough of how Windows performs access checks and uses security identifiers (SIDs) for accounts, groups, and logons. Lots of good detail here on security minutae.
- Chapter 7 I/O System: includes great sections on Windows Plug and Play (PnP) operation and facilities, and ditto for ACPI/Power Manager.
- Chapter 8 Storage Management: Best discussions of both BitLocker Drive Encyrption and Volume Shadow Copy Servive (VSS) I’ve seen anywhere.
- Chapter 9 Memory Management: Another embarrassment of riches, and also worth the price of the book all by itself, especially the sections on physical memmory limits, working sets, and SuperFetch/ReadyBoost/ReadyDrive.
- Chapter 11 File Systems is worthwhile because it pulls info on all the Windows file systems together in one place and because it provides lots of great information on NTFS in particular.
- Chapter 12 Networking: lots of good information on the Windows IP stack, NetBIOS, MUP, NLA, LLTD, NAT, and more. I need to spend more time with this chapter to savor it more fully.
- Chapter 13 Startup and Shutdown: Great excursions into BIOS boot processes, BCD and Bootmgr, EFI boot stuff, plus more on ReadyBoot/ReadyBoost interaction. The great, great section on troubleshooting boot an startup problems is another gem.
- Chapter 14 Crash Dump Analysis: the second on “The Blue Screen” includes a list of the top 30 stop codes for Windows Vista, and included all my old familiars, for sure. The in-depth discussion of crash dump analysis includes basic and advanced sections, and is also sure to reward further study.
Anybody who works with Windows regularly and needs to understand its inner working will find their investment in this book amply repaid. It is worth every bit of the $38 to $70 you’ll pay for it by shopping online. My only beef about this book is that it’s a monster, at over 1,200 pages and 4.4 pounds, it’s a bit too heavy to read in your lap or hold in your hands for very long. You’ll want to plant this puppy on a table to flip through its many useful bits of information.
Here’s a full citation: Mark Russinovich, David A. Solomon, and Alex Ionescu: Windows Internals: Including Windows Server 2008 and Windows Vista, Fifth Edition, Microsoft Press, 6/17/2009, ISBN-13: 978-0735625303.