RTM’d today: Windows Internals, Sixth Edition, Part 1

CaptureThe wait is almost over. We’re thrilled to announce that Windows Internals, Part 1, 6th Edition  (ISBN 9780735648739; 752 pages) shipped to the printer today!

Written by some of the most knowledgeable experts in the internals field—Mark Russinovich, David Solomon, and Alex Ionescu—the latest edition of this highly-anticipated book will be delivered to stores in the next couple of weeks. It covers the kernel changes made in Windows 7 and Windows Server 2008 R2. In addition, the hands-on experiments that appear throughout the book have been updated to reflect the evolution of the tools.

You can order your own copy here as well as here.

The sixth edition is being released in two parts: Part 1, this month; Part 2, this fall. The reason for the split? We wanted to get this book in readers’ hands as soon as possible, but updating Windows Internals is difficult and takes a considerable amount of time, given the complex subject matter. Waiting for the entire book to be ready would push publication out too far into the future, so we decided to provide half of the content now and the second half this fall.

Today’s post shares the book’s Contents at a Glance and an excerpt from its Introduction. (For more excerpts from Windows Internals, Sixth Edition, Part 1, check out the recent posts by Christophe Nasarre, the book’s technical reviewer, here and here.)

Contents at a Glance

Chapter 1   Concepts and Tools
Chapter 2   System Architecture
Chapter 3   System Mechanisms
Chapter 4   Management Mechanisms
Chapter 5   Processes, Threads, and Jobs
Chapter 6   Security
Chapter 7   Networking

Introduction (excerpt)

Windows Internals, Sixth Edition is intended for advanced computer professionals (both developers and system administrators) who want to understand how the core components of the Microsoft Windows 7 and Windows Server 2008 R2 operating systems work internally. With this knowledge, developers can better comprehend the rationale behind design choices when building applications specific to the Windows platform. Such knowledge can also help developers debug complex problems. System administrators can benefit from this information as well, because understanding how the operating system works “under the covers” facilitates understanding the performance behavior of the system and makes troubleshooting system problems much easier when things go wrong. After reading this book, you should have a better understanding of how Windows works and why it behaves as it does.

Structure of the Book

For the first time, Windows Internals has been divided into two parts. Updating the book for each release of Windows takes considerable time so producing it in two parts allows us to publish the first part earlier.

This book, Part 1, begins with two chapters that define key concepts, introduce the tools used in the book, and describe the overall system architecture and components. The next two chapters present key underlying system and management mechanisms. Part 1 wraps up by covering three core components of the operating system: processes, threads, and jobs; security; and networking.

Part 2, which will be available separately in fall 2012, covers the remaining core subsystems: I/O, storage, memory management, the cache manager, and file systems. Part 2 concludes with a description of the startup and shutdown processes and a description of crash-dump analysis.

History of the Book

This is the sixth edition of a book that was originally called Inside Windows NT (Microsoft Press, 1992), written by Helen Custer (prior to the initial release of Microsoft Windows NT 3.1). Inside Windows NT was the first book ever published about Windows NT and provided key insights into the architecture and design of the system. Inside Windows NT, Second Edition (Microsoft Press, 1998) was written by David Solomon. It updated the original book to cover Windows NT 4.0 and had a greatly increased level of technical depth.

Inside Windows 2000, Third Edition (Microsoft Press, 2000) was authored by David Solomon and Mark Russinovich. It added many new topics, such as startup and shutdown, service internals, registry internals, file-system drivers, and networking. It also covered kernel changes in Windows 2000, such as the Windows Driver Model (WDM), Plug and Play, power management, Windows Management Instrumentation (WMI), encryption, the job object, and Terminal Services. Windows Internals, Fourth Edition was the Windows XP and Windows Server 2003 update and added more content focused on helping IT professionals make use of their knowledge of Windows internals, such as using key tools from Windows Sysinternals (www.microsoft.com/technet/sysinternals) and analyzing crash dumps. Windows Internals, Fifth Edition was the update for Windows Vista and Windows Server 2008. New content included the image loader, user-mode debugging facility, and Hyper-V.

Sixth Edition Changes

This latest edition has been updated to cover the kernel changes made in Windows 7 and Windows Server 2008 R2. Hands-on experiments have been updated to reflect changes in tools.

Hands-on Experiments

Even without access to the Windows source code, you can glean much about Windows internals from tools such as the kernel debugger and tools from Sysinternals and Winsider Seminars & Solutions. When a tool can be used to expose or demonstrate some aspect of the internal behavior of Windows, the steps for trying the tool yourself are listed in “EXPERIMENT” boxes. These appear throughout the book, and we encourage you to try these as you’re reading—seeing visible proof of how Windows works internally will make much more of an impression on you than just reading about it will.