Reddit reviews Windows Internals, Part 1 (6th Edition) (Developer Reference)
We found 16 Reddit comments about Windows Internals, Part 1 (6th Edition) (Developer Reference). Here are the top ones, ranked by their Reddit score.
Used Book in Good Condition
This book covers rootkit development, not analysis, on Windows 7 and x86/IA32. It's a must read, if you're interested in rootkits.
While not yet released, it looks very promising. Over the years, Microsoft has continually introduced better protections against rootkits and malware in Windows. Among other things, the book will cover how some of the rootkits/bootkits seen in the wild have bypassed protections such as Secure Boot, kernel-mode signing, Patch Guard and Device Guard.
I'd also recommend having a look at the following books:
Also, Windows Internals for both Windows 7 and Windows 10 is a great reference to have laying around.
Thanks ;). Not so skilled on that and my advice might be misleading; though I got a background in cs:This would be my suggestion for someone beginning.
You can also search for those books pdf by using google hacks eg
filetype:pdf "title of the book here"
orintitle:index.of "title of the book here"
How deep do you want to go?
This article is almost a 1:1 copy of Wikipedia[1] combined with diagrams from Wikimedia[2] (and doesn't even cite the sources on top of that). If you want a simplified, yet accurate, explanation of virtual memory then check out page 15 of Windows Internals Part I (6th Edition).
[1] https://en.wikipedia.org/wiki/Virtual_memory
[1] https://en.wikipedia.org/wiki/Code_segment
[1] https://en.wikipedia.org/wiki/Data_segment
[2] https://upload.wikimedia.org/wikipedia/commons/thumb/6/6e/Virtual_memory.svg/2000px-Virtual_memory.svg.png
There's always errors or obvious issues - if you know where to look, unfortunately there is no book that really gives you a chance to getting to the bottom of things... the biggest recommendation I can tell you is learning how Windows really works. For that, this book will tell you all you need to know, but it's VERY advanced and can cause headaches.... http://www.amazon.com/Windows-Internals-Part-Covering-Server/dp/0735648735/ref=sr_1_1?ie=UTF8&qid=1368094717&sr=8-1&keywords=windows+internals
EDIT - This is part 1 of a 2 series which covers Windows 7 and Server 2008. Each edition of Windows has it's own copy (Windows 8 has not been written yet)
And follow it up with Windows Internals (which apparently is now split across two books). The Petzold book and this book by Russinovich & Solomon are the two books you have to read to do Windows system programming.
https://www.amazon.com/Windows-Internals-Part-Developer-Reference/dp/0735648735
There's a more recent version coming out for Windows 10, but you can get used copies of 6th edition for a low cost and if you're just interested in how Windows works you don't need the latest edition.
Yeah. The Win32 API is curmudgeonly old beast.
This Windows Internals series by Mark Russinovich is something all Windows admins should strive to read--if not for anything but context.
Hi there!
A basic understanding of the different server roles and the technologies behind them would be helpful; Active Directory, DNS (as it pertains to the MS side of the house), IIS, etc. A number of 'Windows Server' books will help you here.
I assume you are familiar with the OS, but you might want to brush up on it. Books like Windows Internals would help you there, but might be deeper than you need.
In terms of the various tools you might find yourself using, I keep a list of tools and link to a number of other 'tool compilations.' On the Windows side, SysInternals, PowerShell, and a number of others on the list are critical.
Lastly, and perhaps most importantly, learn PowerShell. I keep a list of resources I've found helpful in learning and using PowerShell here. This includes cheat sheets, books, blogs, videos, communities and more. I assume you have some understanding of scripting. If so, pick up PowerShell in Action v2. It covers PowerShell in depth for anyone who has familiarity with scripting or programming. If you prefer videos, Microsoft just provided two full day PowerShell courses (see Getting Started... and Advanced Tools... videos section of my post). You will note a few jokes about calling Bruce Payette - this is why you want to pick up PowerShell in Action.
Good luck!
Not a website, but: Windows Internals, Part 1: Covering Windows Server 2008 R2 and Windows 7
I know that literally noone wants a career removing malware, my org uses SCCM Endpoint and that's basically all I do now : /.
But
You can remove 97%+ of all malware manually and quickly with a bit of intelligence and the techniques decribed in this video.
Video is TechEd talk with Mark Russinovich who quite literally wrote the book on how Windows works and discovered the Sony Rootkit. He also developed these tools mostly himself (now owned by Microsoft).
To understand Windows OS, check out Windows Internals Part 1 and Part 2 books: http://www.amazon.com/Windows-Internals-Part-Developer-Reference/dp/0735648735
You're probably going to absolutely hate my advice, but I recommend you read these two books:
Windows Internals, Part 1 and Windows Internals, Part 2
They're very long books, and they can be very dry if you're not interested in them. But if you want one surefire way to learn driver development, it's to learn how the inner mechanisms work. When I first started trying to teach myself Linux driver development (which I feel is actually even easier than Windows), I noticed most of the tutorials I did pretty much went in one ear and out the other. I could write the drivers up and get them working with the tutorial, but I just didn't know what to do next. You'll probably retain maybe less than 25% of the material when you read both those books (probably around 1,300 pages). However, what you will retain is the breadth of knowledge.
When you start working with WDF, you probably won't know nearly anything required to develop your first real driver. What you will know after reading those books though is how to learn. Once you have the breadth to figure out what you don't know/remember, you can easily look it up and figure it out for yourself. If you don't know what you don't know, it's unlikely anyone (including online resources) will be able to help you.
This is out of my league in terms of knowledge, as I don't know the way Unix security is implemented too well but I will say this, syncing Windows permissions to Unix will be easy, just group the write permissions into Windows into a write permission on Unix, the other way though is going to be considerably hard unless you start working with the Unix version of extended attributes, which I certainly don't know about.
For information on the Windows Security system, and how ACLs work, then the Windows Internals 6th Edition books will be your best bet, Mark Russinovich, David Solomon and Alex Ionescu practically know the OS inside and out and they are a great read for learning more about the insides of Windows. Security is in part 1 chapter 6 on page 509 or 487 depending on your reader, but it helps to read through both just in case there are some additional details listed elsewhere.
I've linked the books below on the US version of Amazon, if you are in a different country it should be available using the search box on their, additionally you can probably
Part 1: http://www.amazon.com/Windows-Internals-Edition-Developer-Reference/dp/0735648735/ref=sr_1_1?ie=UTF8&qid=1405718207&sr=8-1&keywords=windows+internals+7th+edition
Part 2: http://www.amazon.com/Windows-Internals-Edition-Developer-Reference/dp/0735665877/ref=sr_1_2?ie=UTF8&qid=1405718207&sr=8-2&keywords=windows+internals+7th+edition
Additionally I think Russinovich has a public email that you can contact him on to discuss stuff if you like. Apologies that I couldn't help a bit more but like I said, the requirements are far beyond my scope of knowledge.
The key idea is really just to have enough knowledge about the system so that you can follow what is likely wrong in a logical manner.
In this case this means having a good understanding of operating system internals, processor architecture and knowing some x86 assembly/C/C++.
Some good resources:
Your definition of 'heavily using' a core may not agree with Microsoft's. As I mentioned, x86-Land has long used time-sharing on a single core to get multiple threads processed "at the same time". My understanding of newer Windows (the ones SMP-aware) is that the kernel has an 'affinity' for using the same core or two for as much work as possible. I don't dispute your assertion that an under-utilized core will pick up a new thread over a 'busier' one but I think if you were to put the ole microscope to what's going on you'll find that Core 0 may be operating 75% of the threads (as they are mostly kernel processes); Core 1 may be running 20% and the other 2 running what's left.
I used to work as a Microsoft Partner so a lot of my info comes from TechNet but also from well-respected sources such as AnandTech.com and Tomshardware.com. The deep down kernel type stuff comes from Mark Russinovich who founded Sysinternals (and the series of tools that bear that name) and has written a few books about how Windows works. He's one of the few people that know more about Windows than the people who actually wrote it.
I agree with your original point but throwing up a comment like that here is just asking for the fanbois on both sides to start foaming at the mouth.