Book Review: Windows Internals 5th Edition

I referred to Windows Internal 5th Edition in my post last week “Me and Windows”. I completed the book this week and thought I’d give you a small review.

The book starts out great. The first chapter on Concepts and Tools is about as informative and useful as any introduction to a technical book that I have ever read. It definitely puts a big hunger in your tummy to read more. I was really impatient to get to Chapter 9 about Memory Management but didn’t want to jump ahead…

Chapter 2 about System Architecture was really cool too because I finally understood what all those DLLs I see in Process Explorer are really for and what those system processes really do. The Key System Components section was really, really valuable.

Once we get to Chapter 3 about System Mechanisms, we are starting to get deeply NERD. Sweaty palms, the whole banana. Sometimes I nearly got lost but the text was worded such that with a re-read or three, the concepts really did sink in. I take back much of what I have said against Windoze over the years – Windows 2008 is pretty fascinating and a MASSIVE improvement over Server 2003 / XP. It should be noted that this book covers the abortion otherwise known as Vista. Just bear with them, they will release the 6th Edition this year with the Server 2008 R2 / Se7en changes and you will find that they corrected the evils of Vista. Thank goodness.

Once you hit a stride in Chapter 4, you learn what in the hell is up with the Registry and Windows Services. I felt like I went from crawling around blind in a cellar to being outside in Norway in August with 20-hour days. It all started to click and make sense. And so well written. It must also be noted that the examples are very, very relevant and fun to do. They are almost all really, really quick and intensely intuitive.

Chapter 5 about Processes, Threads, and Jobs was a real eye-opener too. I finally figured out how to use Process Monitor (like Process Explorer another product of Russinovich and the sysinternals team) and other tools like the Live Kernel Debugger (LiveKD). Again, it was like a small innocent form of nerd heaven. Again, very, very technical but one gets a far better feel and appreciation for how it all ticks.

[Aside: Makes me wanna run out and read  Amit Singh’s Mac OS X Internals just to compare but I really must do some non-nerd reading for a while. Well kind of because I suppose the Isaacson bio of Einstein and Gödel, Escher, Bach: An Eternal Golden Braid by Hofstadler can both be qualified as nerd reads too…]

Chapter 6 about Security was interesting but I was impatient to get to Chapter 7 about the I/O system (very interesting), Chapter 8 about Storage Management (finally understood about those Basic and Dynamic Disks I always wondered about) and finally Chapter 9 on Memory Management. To be honest, I guess I was expecting to learn far more miraculous things and came away a little disappointed. I guess the confusion between the various Page Mapping between Virtual and Physical memory which takes up most of the chapter got a bit long. The concepts were sort of new – I now have a better grasp of “Committed Memory”  versus the “Working Set” but felt that a few more exercises about these concepts would have been helpful. I liked learning about ReadyBoost (but can’t use it with my MacBook Pro running Windows under VMware Fusion) and SuperFetch which are both rather impressive. I guess I felt there were more buttons to press in the other chapters. Also missing was a more detailed discussion of the ever-elusive system cache. As referred to in my previous post, I did have an email exchange with Russovich who explained that the old manner of tuning the system cache (file servers vs. web servers and so forth) was no longer either possible or necessary. It just wasn’t clear in the book (actually there was a false reference back to the previous chapter wherein there was no discussion of the subject).

The Cache Manager in Chapter 10 was actually where this System Cache discussion happened but as it is rather cloudy between the paging system and the cache, I can’t claim to have quite seen the boundaries between the two or even really understood which metrics were critical for monitoring. Mark said by email that cache faults / sec was the most reliable statistic for detecting cache thrashing. Perhaps I need to re-read Chapters 9 and 10 again in a few months…

Chapter 11 File Systems gave me a few more ideas about NTFS that I didn’t know but nothing earth shattering. Same comment on Chapter 12 Networking. I mean I liked seeing the stack and all but the exercises weren’t as fresh or exciting as in the earlier chapters. And to finish off, the Chapters 13 Startup and Shutdown and Chapter 14 Crash Dump Analysis were more of interest to driver developers although now I have a better handle on MBT and I appreciated the small list of common causes of crashes which hopefully will be useful someday.

Final word? An interesting book – especially the first half. Definitely worth reading next to your keyboard to try the different experiments. I am hoping that 6th Edition will fill in some gaps, correct the ills of Vista, and perhaps inject a little more life into Chapters 9 to 12.

About mfinocchiaro

IT Architecture Guru for large PLM software company but dabbling in Web 2.0 and other stuff.
This entry was posted in books, nerd stuff and tagged , , , , , . Bookmark the permalink.

1 Response to Book Review: Windows Internals 5th Edition

  1. Pingback: Tweets that mention Book Review: Windows Internals 5th Edition | Fino’s Weblog --

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s