I'm a student
I'm an educator
Request full copy

Windows Internals, Part 2, 7th edition

Published by Microsoft Press (October 1, 2021) © 2022

  • Andrea Allievi
  • Mark E. Russinovich
  • Alex Ionescu
  • David A. Solomon

eTextbook

$57.99

  • Available for purchase from all major ebook resellers, including InformIT.com.
  • To request a review copy, click on the "Request a Review Copy" button.
$47.99

  • A print text (hardcover or paperback) 
  • Free shipping
  • Also available for purchase as an ebook from all major ebook resellers, including InformIT.com
Drill down into Windows architecture and internals, discover how core Windows components work behind the scenes, and master information you can continually apply to improve architecture, development, system administration, and support.

Written by a team of renowned Windows experts, this classic guide is now fully updated for the latest releases of Windows. As always, it combines unparalleled insider perspectives on how Windows behaves “under the hood” with hands-on experiments that let you experience these internal behaviors firsthand.

Part 2 examines these and other key Windows 10 OS components and capabilities:
  • Startup and shutdown using UEFI and secure launch with measured boot
  • The registry
  • Windows management and tracing mechanisms such as WMI and ETW
  • System mechanisms such as ALPC and WNF
  • The cache manager
  • Windows file systems such as NTFS and ReFS
  • Hyper-V and virtualization-based security (VBS)
  • The Universal Windows Platform (UWP) application model
Revised throughout, this edition also contains these entirely new chapters:
  • Virtualization technologies
  • System mechanisms
  • Management diagnostics and tracing
  • Caching and file system support
  • Startup and shutdown
  • The complete, official source of public information on Windows internal behavior, mechanisms, and operation: crucial for software architecture, driver development, debugging, reverse engineering, system optimization, security hardening, and support
  • Covers UEFI boot, including secure launch & measured boot, the registry, WMI, ALPC, Event Tracing for Windows (ETW), Windows Notification Facility (WNF), the cache manager, NTFS and ReFS, Hyper-V, the secure kernel and virtualization based security (VBS), the Universal Windows Platform (UWP) application model, and more
  • Demonstrates key Windows behaviors with hands-on experiments you can replicate, leveraging the latest debugger technologies such as NatVis and LINQ

The book has been largely rewritten and thoroughly updated to cover all the versions of Windows 10, up to the 2104 Update (21H1), including past changes from Windows 8.1. Encompassing the significant kernel and system changes in the last 11 years since Windows 7, it expands on Part 1 by including new chapters on virtualization technologies, management mechanisms, including diagnostics and tracing, system mechanisms such as ALPC and WNF, and caching and file system support (including a description of the ReFs file system), plus startup and shutdown using new technologies such as UEFI and Secure Launch. Hands-on experiments have been updated throughout, both to expand into the learning material as well as to showcase improvements in the Windows Debugging Tools.

The full text downloaded to your computer

With eBooks you can:

  • search for key concepts, words and phrases
  • make highlights and notes as you study
  • share your notes with friends

eBooks are downloaded to your computer and accessible either offline through the Bookshelf (available as a free download), available online and also via the iPad and Android apps.

Upon purchase, you'll gain instant access to this eBook.


Introduction

CHAPTER 8 System mechanisms


CHAPTER 9 Virtualization technologies


CHAPTER 10 Management, diagnostics, and tracing


CHAPTER 11 Caching and file systems


CHAPTER 12 Startup and shutdown


Contents of Windows Internals, Seventh Edition, Part 1

Andrea Allievi (Greater Seattle, WA Area) is a Senior Kernel Engineer with more than 15 years of experience in the field. He works in the Windows Core OS team at Microsoft, where he designs and develops robust Windows kernel Security features. He is also active in the security research community and often speaks at conferences, including Recon and Blue Hat. He started as a Security Researcher in small Italian companies such as TgSoft and SaferBytes. He then moved to the Talos group at Cisco Systems, where his time was split between the development of anti-virus and anti-rootkit tools and security research of offensive and defensive technologies, particularly in the Windows' kernel. In that time, after the design of the first UEFI Bootkit and the bypass of the Windows 8.1 Kernel Patch Protection, he became an internationally recognized expert in the operating system's internals.

Alex Ionescu (Greater Seattle, WA Area) is a Senior Vice President of Endpoint Security at CrowdStrike, and an internationally recognized expert in low-level system software, operating system research and kernel development, security training, and reverse engineering. He teaches Windows Internals courses around the world and is active in the security research community through conference talks and bug bounty programs.
Mark E. Russinovich (Seattle, WA Area) is a Technical Fellow in the Windows Azure Group at Microsoft, focusing on the Microsoft Cloud. He is a widely recognized expert in operating systems, distributed systems, and cybersecurity. Russinovich is co-author of the popular Windows Internals series of books and Windows Sysinternals Administrator's Reference. He joined Microsoft when it acquired Winternals, a software company he co-founded in 1996. He created the popular Sysinternals tools.
David A. Solomon (Los Angeles, CA Area), coauthor of the Windows Internals book series, has taught Windows internals to thousands of developers and IT professionals worldwide, including Microsoft staff. He is a regular speaker at Microsoft conferences, including TechNet and PDC.

Need help? Get in touch

Video
Play
Privacy and cookies
By watching, you agree Pearson can share your viewership data for marketing and analytics for one year, revocable by deleting your cookies.

Video transcript (PDF | 16KB) 

Pearson eTextbook: What’s on the inside just might surprise you

They say you can’t judge a book by its cover. It’s the same with your students. Meet each one right where they are with an engaging, interactive, personalized learning experience that goes beyond the textbook to fit any schedule, any budget, and any lifestyle. 

Digital Learning NOW

Extend your professional development and meet your students where they are with free weekly Digital Learning NOW webinars. Attend live, watch on-demand, or listen at your leisure to expand your teaching strategies. Earn digital professional development badges for attending a live session.

Explore webinars