Product Description

(Pearson Education) Reveals undocumented secret functions and features of the Windows 2000 and NT 4.0 systems, showing what they are for and how to use them. The CD-ROM contains the source code for all examples in the text, and compiled and linked binary builds. System requirements not listed. Softcover. DLC: Microsoft Windows (Computer File).

Product Details

• Amazon Sales Rank: #774194 in Books
• Published on: 2001-05-07
• Original language: English
• Number of items: 1
• Binding: Paperback
• 592 pages

From the Author
In the days of DOS and Windows 3.x, several knowing authors wrote books about undocumented features about these operating systems - essential details for programmers accidentally or intentionally missing from the original Microsoft documentation. This tradition continued when Windows 3.11 evolved into Windows 95 and its successors. However, when the first usable Version of Windows NT (Version 3.5) surfaced in 1995, none of the renowned writers of "undocumented" books took any notice.

It lasted until 1999, until the first "Undocumented Windows NT" book was finally published by Prasad Dabak, Sandeep Phadke, and Milind Borate from India. The next leap forward was Gary Nebbett's "Windows NT/2000 Native API Reference" (2000), comprehensively documenting an essential subset of the NT kernel's huge, but largely undocumented, programming interface. My book "Undocumented Windows 2000 Secrets" is intended to be one more piece in this mosaic.

My main intention in writing this book was to lead the readers through some of the basic, but hidden, mechanisms of the Windows 2000 and NT 4.0 kernel with the help of detailed sample code. My point of view is that a programmer always gets the most thorough understanding of an operating system by experimenting with it. The sample programs discussed in my book and packed onto the book's companion CD should serve as starting points for further exploration, and the text surrounding them provides the necessary theoretical background needed to get started.

I would be the happiest man on earth if my book would spur the inquiring minds of developers everywhere, kicking off an avalanche of research that unveils all mysteries that still surround most parts of the Windows NT/2000 kernel. I never believed that treating the operating system as a black box was a good programming paradigm. And I still don't believe it.

From the Back Cover
Most of the Windows 2000 and NT operating system kernels beneath the Win32 surface have not been publicly documented by Microsoft. Therefore, system programmers must explore the operating system on their own to learn more about its internal structures and functions--information essential to developing more sophisticated system level software. In Undocumented Windows 2000 Secrets, Windows programming aficionado Sven B. Schreiber reveals numerous undocumented features of the Windows 2000 and NT 4.0 kernel--secrets he has discovered through years of close examination and exploration. Much of this material is published here for the first time, most notably, the specification of the Microsoft PDB file format and the documentation of the system's core object structures. The author describes these features in depth, shows how to put them to work, and introduces expert techniques for writing high-quality system-level software. You will find an introduction to the basic architecture of Windows 2000, a guide to setting up your workstation to explore the kernel, and an introduction to kernel-mode driver programming. Specific topics featured include the following:
* Using the Windows 2000 debugging interfaces
* Loading, parsing, and utilizing the Windows 2000 symbol files
* Foundations of the native API, including the Win32 kernel-mode interface and the Windows 2000 Runtime Library
* Basics of kernel-mode driver development
* Windows 2000 system memory, including a sample memory spy device and a sample memory dump utility
* Hooking calls to the user-mode subset of the native API
* Calling kernel API functions from user-mode applications
* Windows 2000 kernel objects, covering basic object structures and accessing live system objects
Each chapter incorporates sample code that demonstrates these functions in action and which can be reused by any programmer to give an immediate boost to their Windows programs. The accompanying CD contains the source code for all of the samples in the book, as well as compiled and linked binary builds. The CD also includes the Multi-Format Visual Disassembler by Jean-Louis Seigne and the PE and COFF File Viewer by Wayne Radburn. These programs are not just barebones applications but full-fledged debugging applications and libraries. The companion Web site, orgon/w2k_internals/, contains additional samples and updates. You will not only learn about many practical tools and techniques, but you will also gain a deeper understanding into Windows 2000 internals that will enhance your overall ability to debug and optimize Windows applications. 0201721872B06012001

About the Author

Sven B. Schreiber is a practicing systems programmer, working for a large corporation in Nürnberg, Germany. He has authored several technical articles for Dr. Dobb's Journal, Windows Developer's Journal, and others.

0201721872AB04062001

Customer Reviews

A Truly Extraordinary Book
I will start will a caveat - the name "Undocumented Windows 2000 Secrets" is clearly modeled on two books written by Matt Pietrek - "Undocumented Windows" and "Windows 95 Programming Secrets". Despite this deliberate title plagiarism, the style and content of Schreiber's book is quite different to those of Pietrek. Pietrek concentrated on examining the Win32 API functions, disassembling them, exposing many functions not formerly documented, but used internally, and occasionally exploring the Kernel-mode modules which lie beneath the entire Win32 API. Schreiber has almost nothing to say about the Win32 API, exposes no new Win32 API functions, and shows disassembly for none of them.

Caveat aside, Schreiber has done some remarkable work here. Firstly, he knows how to write. Given the generally poor style of most programming books, which are either entirely incomprehensible and poorly edited, or banal, silly, and full of margin pictures etc, this books stands as a shining example of how to present difficult content. The English is flawless, and chapters follow a clear design and progression. Difficult material is presented as such, and I for one, enjoy Schreiber telling me how hard he worked on a certain problem, and how revolutionary is his generic solution. Assembly code is presented with an apology that it could not have been written in straight "C", and clearly explained.

He also avoids the pitfall of ignoring older systems. This book is clearly not about the 9x family, so I have no problem with him ignoring that, but he does an excellent job of pointing out that everything he writes is valid for NT version 4, except in a few cases that he highlights.

He is also very careful about not covering ground already adequately covered by others, and provides clear references to other books where relevant, for example Nebbett's "Native API Reference" and Solomon & Russinovich's "Inside Windows 2000".

So, what does he cover? Firstly, how to debug system-level programs, using low-level debuggers, and also shows the internal structure of Microsoft debug files. Then a review of the Native API - not a catalogue like Nebbett, but the mechanism of invoking them, and how the system instructions flow from one module to another.

Then comes a wonderful introduction to writing a simple Kernel Mode device driver. Anybody who has tried this will know that most device driver documentation is written for those already expert, and if all you want is a minimal driver to access some Kernel Mode function, you have to grope around in the dark vainly hoping for somebody to guide you. Well, here it is at last - a clear guide to writing simple device drivers, clearly explained, and even with an MSDev Wizard to whip up a framework! For this alone it is worth getting the book.

Using his device driver, he explores Win2000 memory, and most importantly, develops a wonderful generic mechanism for monitoring and intercepting all calls to the Native API - managed from a user-mode GUI application! He then builds a user-mode application that allows you to make a call to any Kernel function from the user mode, seamlessly calling down to the minimal device driver. Wow!

Finally, he gives a concise description of Kernel Objects, and covers the most important ones.

The appendixes are really huge catalogues of the various WindDBG commands, the Native APIs, and the structures on encounters in the Kernel Mode.

Do I have any criticism? Amazingly, none at all! And this is the first Amazon review I have written in which I have none!

In summary, if you are at all interested in understanding Win2000 internals, monitoring calls to the Kernel Mode, or making your own calls to privileged functions, this book is one of the most important, and most accessible books on the market. Also, the author is available on email - I contacted him, and within a day received a good response. So, after all, Schreiber may go down in history as Peitrek's successor!

A Programmer's Cookbook
This book would suit anyone attempting the painful transition from user mode to kernel mode programming, as well as hardened system hackers. It is very hands on, and doesn't induce the same level of insomnia as the DDK documentation. If, like myself you don't intend to actually implement any more undocumented techniques than as absolutely necessary, it's still great to understand what's going on behind the scenes. It's refreshing to read something written by someone who isn't afraid to rip open the black boxes and leave the panel's strewn on the floor!

Want to know what's underneath Win2K/ WinXP? Read this book!
This is an excellent book that I started reading and couldn't put down for days. The author explains complex Win2K internal structures clearly. By providing the source and binaries of the tools he developed, he made it very easy to run the tools and examine the internals while reading the book - sort of like lab experiments! I've read some articles published in DDJ, WD, MSDN, etc. in the past that were difficult to understand. After reading this book, I've re-read some of them and they now make sense.

I've also used some of the tools to delve into Windows XP! and have already seen what some of the differences between Win2K and WinXP are. I'm applying some of the techniques in this book to recompile the code that the author graciously provided and make the necessary changes to see what's underneath WinXP. I wrote a kernel-mode driver for the first time after using the author's win2k_wiz to create a skeleton. Wow! that made it easy!

In my opinion Schreiber has joined the ranks of Pietrek, Schulman, Russinovich, and the other OS gurus.