Home > Store

Windows Internals, Part 1: System architecture, processes, threads, memory management, and more, 7th Edition

Windows Internals, Part 1: System architecture, processes, threads, memory management, and more, 7th Edition

eBook (Watermarked)

  • Your Price: $31.99
  • List Price: $39.99
  • Includes EPUB, MOBI, and PDF
  • About eBook Formats
  • This eBook includes the following formats, accessible from your Account page after purchase:

    ePub EPUB The open industry format known for its reflowable content and usability on supported mobile devices.

    MOBI MOBI The eBook format compatible with the Amazon Kindle and Amazon Kindle applications.

    Adobe Reader PDF The popular standard, used most often with the free Adobe® Reader® software.

    This eBook requires no passwords or activation to read. We customize your eBook by discreetly watermarking it with your name, making it uniquely yours.

Also available in other formats.

Register your product to gain access to bonus material or receive a coupon.


  • Copyright 2017
  • Dimensions: 7-3/8" x 9"
  • Edition: 7th
  • eBook (Watermarked)
  • ISBN-10: 0-13-398648-9
  • ISBN-13: 978-0-13-398648-8

The definitive guide–fully updated for Windows 10 and Windows Server 2016

Delve inside Windows architecture and internals, and see how core components work behind the scenes. Led by a team of internals experts, this classic guide has been fully updated for Windows 10 and Windows Server 2016.

Whether you are a developer or an IT professional, you’ll get critical, insider perspectives on how Windows operates. And through hands-on experiments, you’ll experience its internal behavior firsthand–knowledge you can apply to improve application design, debugging, system performance, and support.

This book will help you:

·        Understand the Window system architecture and its most important entities, such as processes and threads

·        Examine how processes manage resources and threads scheduled for execution inside processes

·        Observe how Windows manages virtual and physical memory

·        Dig into the Windows I/O system and see how device drivers work and integrate with the rest of the system

·        Go inside the Windows security model to see how it manages access, auditing, and authorization, and learn about the new mechanisms in Windows 10 and Server 2016

Sample Content

Table of Contents

Chapter 1: Concepts and tools       

Windows operating system versions                             

Foundation concepts and terms   

Digging into Windows internals     



Chapter 2:  System architecture     

Requirements and design goals     

Operating system model                        

Architecture overview                                

Virtualization-based security architecture overview                  

Key system components                          



Chapter 3: Processes and jobs        

Creating a process       

Process internals         

Protected processes 

Minimal and Pico processes               

Trustlets (secure processes)             

Flow of CreateProcess                                  

Terminating a process                              

Image loader                       




Chapter 4: Threads          

Creating threads          

Thread internals         

Examining thread activity                    

Thread scheduling    

Group-based scheduling                        

Worker factories (thread pools)       


Chapter 5: Memory management  

Introduction to the memory manager                        

Services provided by the memory manager          

Kernel-mode heaps (system memory pools)         

Heap manager                   

Virtual address space layouts          

Address translation 

Page fault handling    


Virtual address descriptors              


Section objects               

Working sets                      

Page frame number database            

Physical memory limits                           

Memory compression                                

Memory partitions   

Memory combining  

Memory enclaves         

Proactive memory management (SuperFetch)



Chapter 6: I/O system     

I/O system components                           

Interrupt Request Levels and Deferred Procedure Calls        

Device drivers                  

I/O processing                  

Driver Verifier                

The Plug and Play manager                  

General driver loading and installation                    

The Windows Driver Foundation 

The power manager   



Chapter 7: Security          

Security ratings            

Security system components           

Virtualization-based security         

Protecting objects      

The AuthZ API                

Account rights and privileges           

Access tokens of processes and threads                     

Security auditing        



User Account Control and virtualization                

Exploit mitigations   

Application Identification                    


Software Restriction Policies            

Kernel Patch Protection                          






We've made every effort to ensure the accuracy of this book and its companion content. Any errors that have been confirmed since this book was published can be downloaded below.

Download the errata

Submit Errata

More Information

Unlimited one-month access with your purchase
Free Safari Membership