Customer Reviews

Undocumented Windows 2000 Secrets: A Programmer's Cookbook

5 star:		(8)
4 star:		(3)
3 star:		(1)
2 star:		(0)
1 star:		(0)

 

 

I will start will a caveat - the name "Undocumented Windows 2000 Secrets" is clearly modeled on two books written by Matt Pietrek - "Undocumented Windows" and "Windows 95 Programming Secrets". Despite this deliberate title plagiarism, the style and content of Schreiber's book is quite different to those of Pietrek. Pietrek concentrated on examining the Win32 API functions, disassembling them, exposing many functions not formerly documented, but used internally, and occasionally exploring the Kernel-mode modules which lie beneath the entire Win32 API. Schreiber has almost nothing to say about the Win32 API, exposes no new Win32 API functions, and shows disassembly for none of them.

Caveat aside, Schreiber has done some remarkable work here. Firstly, he knows how to write. Given the generally poor style of most programming books, which are either entirely incomprehensible and poorly edited, or banal, silly, and full of margin pictures etc, this books stands as a shining example of how to present difficult content. The English is flawless, and chapters follow a clear design and progression. Difficult material is presented as such, and I for one, enjoy Schreiber telling me how hard he worked on a certain problem, and how revolutionary is his generic solution. Assembly code is presented with an apology that it could not have been written in straight "C", and clearly explained.

He also avoids the pitfall of ignoring older systems. This book is clearly not about the 9x family, so I have no problem with him ignoring that, but he does an excellent job of pointing out that everything he writes is valid for NT version 4, except in a few cases that he highlights.

He is also very careful about not covering ground already adequately covered by others, and provides clear references to other books where relevant, for example Nebbett's "Native API Reference" and Solomon & Russinovich's "Inside Windows 2000".

So, what does he cover? Firstly, how to debug system-level programs, using low-level debuggers, and also shows the internal structure of Microsoft debug files. Then a review of the Native API - not a catalogue like Nebbett, but the mechanism of invoking them, and how the system instructions flow from one module to another.

Then comes a wonderful introduction to writing a simple Kernel Mode device driver. Anybody who has tried this will know that most device driver documentation is written for those already expert, and if all you want is a minimal driver to access some Kernel Mode function, you have to grope around in the dark vainly hoping for somebody to guide you. Well, here it is at last - a clear guide to writing simple device drivers, clearly explained, and even with an MSDev Wizard to whip up a framework! For this alone it is worth getting the book.

Using his device driver, he explores Win2000 memory, and most importantly, develops a wonderful generic mechanism for monitoring and intercepting all calls to the Native API - managed from a user-mode GUI application! He then builds a user-mode application that allows you to make a call to any Kernel function from the user mode, seamlessly calling down to the minimal device driver. Wow!

Finally, he gives a concise description of Kernel Objects, and covers the most important ones.

The appendixes are really huge catalogues of the various WindDBG commands, the Native APIs, and the structures on encounters in the Kernel Mode.

Do I have any criticism? Amazingly, none at all! And this is the first Amazon review I have written in which I have none!

In summary, if you are at all interested in understanding Win2000 internals, monitoring calls to the Kernel Mode, or making your own calls to privileged functions, this book is one of the most important, and most accessible books on the market. Also, the author is available on email - I contacted him, and within a day received a good response. So, after all, Schreiber may go down in history as Peitrek's successor!

This book would suit anyone attempting the painful transition from user mode to kernel mode programming, as well as hardened system hackers. It is very hands on, and doesn't induce the same level of insomnia as the DDK documentation. If, like myself you don't intend to actually implement any more undocumented techniques than as absolutely necessary, it's still great to understand what's going on behind the scenes. It's refreshing to read something written by someone who isn't afraid to rip open the black boxes and leave the panel's strewn on the floor!

This is an excellent book that I started reading and couldn't put down for days. The author explains complex Win2K internal structures clearly. By providing the source and binaries of the tools he developed, he made it very easy to run the tools and examine the internals while reading the book - sort of like lab experiments! I've read some articles published in DDJ, WD, MSDN, etc. in the past that were difficult to understand. After reading this book, I've re-read some of them and they now make sense.

I've also used some of the tools to delve into Windows XP! and have already seen what some of the differences between Win2K and WinXP are. I'm applying some of the techniques in this book to recompile the code that the author graciously provided and make the necessary changes to see what's underneath WinXP. I wrote a kernel-mode driver for the first time after using the author's win2k_wiz to create a skeleton. Wow! that made it easy!

In my opinion Schreiber has joined the ranks of Pietrek, Schulman, Russinovich, and the other OS gurus.

I picked up this book to try to fill the gaps between Inside Microsoft Windows 2000 and Undocumented Windows NT and it did just that. The author wrote this book in a very clear manner. The documented internal structures and file formats were very helpful although don't depend on this book to find all structures. The author seemed to document only the ones that he happened across in his research. For example, he documents PTEs, but does not touch Prototype PTEs. All in all though, I think it is an excellent book and has some helpful utility programs included.

Wow! This is a really good book if you plan to move from user mode to kernel mode. I bought this book because it was recommended by an author I really respect. It actually makes kernel mode application development look easy. I know that's a wild claim to make but its my honest opinion.The CD actually has a wizard for generating VS projects for kernel mode applications in addition to some really cool tools! The author also explains the skeleton code so a reader can easily build their apps on the foundation. The only problem I have with this book is the fact that its account on memory management is rather difficult to comprehend. I'm sure I would have been totally lost if I didn't already have this knowlegde. Readers who don't already understand this can consult volume 3 of the intel x86 manual or the book: "Memory Management" by Bill Blunden.

It should be noted that this book has very little to do with the win32 api. It is strictly a kernel mode/native API book so readers who have no interest in the kernel should not consider buying this book. I highly recommend it for system programmers who like me keep asking:"How does it work?"

I have overwhelming thankfulness that someone else has done all this hard work! Sven has taken Windows 2000 by the scruff of the neck and has explained many of its internal features in a refreshingly straightforward way - he is a great communicator with obvious and infectious enthusiasm for the subject. I believe this book will be one of those classics, since it is of use not only to explain 2000 but also NT4 and no doubt many future versions of the OS as well.

This book is highly recommended to device driver writers and kernel hackers. This book revolves around the tools presented on the companion cd, an excellent kernel spy (with working source code and tools. Nowadays, so many books have source codes on their CD that just flat out don't work). The author of this book has carefully prepared the source code and made sure it works on both NT4 and w2k. My only complaint about building the source code is it requires windows 2000 DDK which is no longer available from msdn as free download. It'd been much more convenient if the author had actually provided some of the header files and libraries to build the tools without having to get the entire DDK library.

The author explains why/how the tools/source code on the companion CD works. These explanations bring you through some of the most exciting aspects of w2k hacking such as direct kernel call linking in userland app, hooking kernel native APIs. The assembly code demonstrates some very useful hacking tricks.

Appendix A is a summary of microsoft kernel debugger commands, which is extremely useful in itself!

This is a quality book for serious kernel hackers.

This is the ONLY book about the kernel that is NOT about device drivers for real devices (it show how to be a kernel system programmer).

Documents all the internal structures that MS does NOT want you to know about.
How to hook the kernel and how to use kernel handles and much more.
Must reading for any kernel programmer.

Hello...

I cannt really comment this book because i dont have it. But from the table of content, many reviews and look insides... I know... I need this book!!! Its so bad that this book is out of print. I cannt find it all over the web... So I try my chance here...

I am one of the waiting customers for this book... I will pay till 90$ for this book with 10 $ shipping credit to germany...
Please sell your book...

Wow! This is a really good book if you plan to move from user mode to kernel mode. I bought this book because it was recommended by an author I really respect. It actually makes kernel mode application development look easy. I know that's a wild claim to make but its my honest opinion.The CD actually has a wizard for generating VS projects for kernel mode applications in addition to some really cool tools! The author also explains the skeleton code so a reader can easily build their apps on the foundation. The only problem I have with this book is the fact that its account on memory management is rather difficult to comprehend. I'm sure I would have been totally lost if I didn't already have this knowlegde. Readers who don't already understand this can consult volume 3 of the intel x86 manual or the book: "Memory Management" by Bill Blunden.

It should be noted that this book has very little to do with the win32 api. It is strictly a kernel mode/native API book so readers who have no interest in the kernel should not consider buying this book. I highly recommend it for system programmers who like me keep asking:"How does it work?"