Undocumented Windows 2000 Secrets: A Programmer's Cookbook - Softcover

From the Author

In the days of DOS and Windows 3.x, several knowing authors wrote books about undocumented features about these operating systems - essential details for programmers accidentally or intentionally missing from the original Microsoft documentation. This tradition continued when Windows 3.11 evolved into Windows 95 and its successors. However, when the first usable Version of Windows NT (Version 3.5) surfaced in 1995, none of the renowned writers of "undocumented" books took any notice.

It lasted until 1999, until the first "Undocumented Windows NT" book was finally published by Prasad Dabak, Sandeep Phadke, and Milind Borate from India. The next leap forward was Gary Nebbett's "Windows NT/2000 Native API Reference" (2000), comprehensively documenting an essential subset of the NT kernel's huge, but largely undocumented, programming interface. My book "Undocumented Windows 2000 Secrets" is intended to be one more piece in this mosaic.

My main intention in writing this book was to lead the readers through some of the basic, but hidden, mechanisms of the Windows 2000 and NT 4.0 kernel with the help of detailed sample code. My point of view is that a programmer always gets the most thorough understanding of an operating system by experimenting with it. The sample programs discussed in my book and packed onto the book's companion CD should serve as starting points for further exploration, and the text surrounding them provides the necessary theoretical background needed to get started.

I would be the happiest man on earth if my book would spur the inquiring minds of developers everywhere, kicking off an avalanche of research that unveils all mysteries that still surround most parts of the Windows NT/2000 kernel. I never believed that treating the operating system as a black box was a good programming paradigm. And I still don't believe it.

From the Back Cover

Most of the Windows 2000 and NT operating system kernels beneath the Win32 surface have not been publicly documented by Microsoft. Therefore, system programmers must explore the operating system on their own to learn more about its internal structures and functions--information essential to developing more sophisticated system level software. In Undocumented Windows 2000 Secrets, Windows programming aficionado Sven B. Schreiber reveals numerous undocumented features of the Windows 2000 and NT 4.0 kernel--secrets he has discovered through years of close examination and exploration. Much of this material is published here for the first time, most notably, the specification of the Microsoft PDB file format and the documentation of the system's core object structures. The author describes these features in depth, shows how to put them to work, and introduces expert techniques for writing high-quality system-level software. You will find an introduction to the basic architecture of Windows 2000, a guide to setting up your workstation to explore the kernel, and an introduction to kernel-mode driver programming. Specific topics featured include the following:
* Using the Windows 2000 debugging interfaces
* Loading, parsing, and utilizing the Windows 2000 symbol files
* Foundations of the native API, including the Win32 kernel-mode interface and the Windows 2000 Runtime Library
* Basics of kernel-mode driver development
* Windows 2000 system memory, including a sample memory spy device and a sample memory dump utility
* Hooking calls to the user-mode subset of the native API
* Calling kernel API functions from user-mode applications
* Windows 2000 kernel objects, covering basic object structures and accessing live system objects
Each chapter incorporates sample code that demonstrates these functions in action and which can be reused by any programmer to give an immediate boost to their Windows programs. The accompanying CD contains the source code for all of the samples in the book, as well as compiled and linked binary builds. The CD also includes the Multi-Format Visual Disassembler by Jean-Louis Seigne and the PE and COFF File Viewer by Wayne Radburn. These programs are not just barebones applications but full-fledged debugging applications and libraries. The companion Web site, orgon/w2k_internals/, contains additional samples and updates. You will not only learn about many practical tools and techniques, but you will also gain a deeper understanding into Windows 2000 internals that will enhance your overall ability to debug and optimize Windows applications. 0201721872B06012001