Author news: Alex Ionescu on Windows Internals Fifth Edition

  • Article

Just wanted to quickly add to Kim’s post about this book today by pointing you to a very detailed post by David Solomon and Mark Russinovich’s coauthor, Alex Ionescu. His post is here.

Alex’s post is invaluable because he shares two lists of coverage in the new edition:

  • Older technologies that have not been previously covered in the book (Alex lists 14 of them: the image loader in Ntdll.dll, for example)
  • New technologies (Alex lists 20 technologies and acknowledges that the list is incomplete by half at least: the new worker factory kernel component which handles the user-mode and .NET thread pool, for example).

If you’ve read Windows Internals in the past and you’re wondering whether the new edition is new enough, this post should help you decide. To close, here’s another snippet from Alex’s post:

The last chapter that deserves a mention is the networking chapter. I almost left this chapter as last during the book revision, thinking that there were very few things worth mention and that really needed updating. This was a mistake on my part, largely due to my inexperience with this one part of Windows (and technically, not a part of the kernel itself). I soon discovered that I was dead wrong, and that networking technologies in Vista had received among the most improvements, changes and new features, as well as a major deprecation of older technologies and services.

This chapter probably got the most updates, and almost every page has been changed, from the new user-level APIs, to the redesigned TCP/IP stack, the kernel-level deprecation of TDI and introduction of WSK (WinSock Kernel), the new NDIS 6.0, the new Windows Filtering Platform (WFP) and more. All the top services are now described, such as BITS (the Background Intelligent Transfer Service), the location and topology services such as Network Location Awareness (NLA) and Link-Layer Topology Discovery (LLTD), the quality of service services (the new policy-based QoS and qWAVE, or Quality Windows Audio Video Experience, come to mind) and let’s not forget the new peer to peer service infrastructure, as well as the Peer Name Resolution Protocol (Pnrp). More minor changes include updates to the Distributed File System (DFS) technologies, the binding infrastructure and deprecation of older networking technologies such as NetBEUI and ATM.