Overview
Most of the Windows 2000 and NT operating system kernels beneath the Win32 surface have not been publicly documented by Microsoft. Therefore, system programmers must explore the operating system on their own to learn more about its internal structures and functions—information essential to developing more sophisticated system level software.In Undocumented Windows 2000 Secrets, Windows programming aficionado Sven B. Schreiber reveals numerous undocumented features of the Windows 2000 and NT 4.0 kernel—secrets he has discovered through years of close examination and exploration. Much of this material is published here for the first time, most notably, the specification of the Microsoft PDB file format and the documentation of the system's core object structures. The author describes these features in depth, shows how to put them to work, and introduces expert techniques for writing high-quality system-level software.
You will find an introduction to the basic architecture of Windows 2000, a guide to setting up your workstation to explore the kernel, and an introduction to kernel-mode driver programming. Specific topics featured include the following:
- Using the Windows 2000 debugging interfaces
- Loading, parsing, and utilizing the Windows 2000 symbol files
- Foundations of the native API, including the Win32 kernel-mode interface and the Windows 2000 Runtime Library
- Basics of kernel-mode driver development
- Windows 2000 system memory, including a sample memory spy device and a sample memory dump utility
- Hooking calls to the user-mode subset of the native API
- Calling kernel APIfunctions from user-mode applications
- Windows 2000 kernel objects, covering basic object structures and accessing live system objects
Each chapter incorporates sample code that demonstrates these functions in action and which can be reused by any programmer to give an immediate boost to their Windows programs. The accompanying CD contains the source code for all of the samples in the book, as well as compiled and linked binary builds. The CD also includes the Multi-Format Visual Disassembler by Jean-Louis Seigne and the PE and COFF File Viewer by Wayne Radburn. These programs are not just barebones applications but full-fledged debugging applications and libraries. The companion Web site, ...
Editorials
From Barnes & Noble
The Barnes & Noble ReviewWhile Microsoft has started giving some of its largest and most influential corporate customers a peek at the Windows 2000 source code, few developers get that privilege. What's more, a relatively small portion of Windows 2000's internals are documented -- most of that in Microsoft's device driver kits, which tell you just enough to write your drivers and file system extensions, and not much more. If you're a systems programmer, odds are you've often wanted to know what was really going on under the hood.
So did systems programmer Sven B. Schreiber. Only he's done something about it. He's identified the undocumented internals of Windows 2000 that matter most, examined them as thoroughly as possible, and returned to tell the tale.
Undocumented Windows 2000 Secrets covers the native API, security, symbol files, system memory, debugging, kernel-mode drivers, kernel functions, object management, and more. Much of this stuff has never, to our knowledge, seen the light of day (for instance, the specs for Microsoft's PDB file format).
Along the way, Schreiber shows you how to do your own kernel spelunking. You'll go deep inside Win2K's debugging interfaces; learn how to work with symbol files; and explore both kernel objects and system memory (the book provides find sample memory spy devices and dump utilities).
The book's CD-ROM contains a trial version of MFVDasm, the system programmer's "Swiss army knife" (it's a disassembler, PE file cruncher, hex dump utility, and ASM code browser). There's also a free PE/COFF file viewer (great for viewing the innards of .exe, .dll, .obj, .lib, and .dbg files). And there's plenty of C code (on disk and throughout the book).
Schreiber warns that the code's "not for the fainthearted." But if you were fainthearted, you wouldn't be a Windows systems programmer. (Bill Camarda)
Bill Camarda is a consultant and writer with nearly 20 years' experience in helping technology companies deploy and market advanced software, computing, and networking products and services. His 15 books include Special Edition Using Word 2000 and Upgrading & Fixing Networks For Dummies®, Second Edition.