Undocumented Windows NT® [Paperback]

Prasad Dabak (Author), Sandeep Phadke (Author), Milind Borate (Author)

Book Description

Publication Date: November 5, 1999 | ISBN-10: 0764545698 | ISBN-13: 978-0764545696

Although Microsoft Windows NT is one of the most popular operating systems in the corporate world, no book has documented what actually goes on under the hood -- until now. Undocumented Windows NT dissects the Win32 interface, deconstructs the underlying APIs, and deciphers the Memory Management architecture to help you understand operations, fix flaws, and enhance performance.

In this groundbreaking guide, three experts share what they've dug up on NT through years of hands-on research and programming experience. The authors' in-depth investigation uncovers both the strengths and the weaknesses -- and reveals how you can make any Windows NT system more stable and secure.

Editorial Reviews

From the Back Cover

Undocumented Windows NT^® Although Microsoft Windows NT is one of the most popular operating systems in the corporate world, no book has documented what actually goes on under the hood — until now. In this groundbreaking guide, three experts share what they've dug up on NT through years of hands-on research and programming experience. Undocumented Windows NT dissects the Win32 interface, deconstructs the underlying APIs, and deciphers the Memory Management architecture to help you understand operations, fix flaws, and enhance performance. The authors' in-depth investigation uncovers both the strengths and the weaknesses — and reveals how you can make any Windows NT system more stable and secure. Get the Inside Story on Windows NT APIs

• Use the interfaces underlying the Win32 interface to invent new ways to solve problems
• Discover how to "hook" system services not documented in the Microsoft Windows NT SDK
• Learn about security holes inherent in the design of Windows NT — and how you can address them
• Master techniques for analyzing Windows NT yourself
• Get a better understanding of the Memory Management architecture
• Modify and administer Windows NT systems to make them more fault tolerant
• Compare and contrast popular Win32 implementations

Bonus CD-ROM includes all scripts, code samples, and executables used in the book www.idgbooks.com

About the Author

About the Authors Prasad Dabak, M.C.S., Sandeep Phadke, M.C.S., and Milind Borate, M.C.S., are system programmers and consultants based in Pune, India, which is about 100 miles east of Mumbai. Their clients, all of which are located in the United States, include software development firms, banks, and Fortune 500 manufacturing companies.

Product Details

• Paperback: 335 pages
• Publisher: Wiley (November 5, 1999)
• Language: English
• ISBN-10: 0764545698
• ISBN-13: 978-0764545696
• Product Dimensions: 8.9 x 6.9 x 1.1 inches
• Shipping Weight: 1 pounds
• Average Customer Review: 4.0 out of 5 stars  See all reviews (6 customer reviews)
• Amazon Best Sellers Rank: #297,755 in Books (See Top 100 in Books)

More About the Author

Discover books, learn about writers, read author blogs, and more.

Customer Reviews

Most Helpful Customer Reviews

12 of 13 people found the following review helpful:

2.0 out of 5 stars A topic with potential -- unrealised potential, that is., March 16, 2000

By 

Felix Kasza "Felix Kasza" (Redmond, WA) - See all my reviews

This review is from: Undocumented Windows NT® (Paperback)

Part I: Essentials

When I opened _Undocumented Windows NT_, I expected it to start where Solomon's _Inside Windows NT 2nd ed._ left off. Unfortunately, the first half is only a rehash of readily available information, sprinkled with a few beginner-level tips and techniques for budding reverse-engineering fans.

Part II: Undocumented Windows NT

Part II presents the system service dispatch mechanism (operative term: KiSystemServiceTable), which is anything but a secret, at least since Nishad Herath published his article on just that topic in October 1998 (archived at http://www.cmkrnl.com/arc-newint2e.html -- sorry, amazon.com strips HTML tags). Personally, I found the article easier to read and absorb, too.

Putting LPCs to work is a good chapter. Nebbett's _Native API Reference_ is, after all, just that, a reference, while the authors of _Undocumented Windows NT_ do a decent job of explaining how to use LPC. Hooking existing and adding new software interrupts is a holdover from the bad old DOS days, and about as useful. Besides, the authors make the same mistake that already marred my enjoyment of the first part of the book -- they have enough background material on CPU architecture to bore the developer who has read the Intel manuals (which we all did, I hope), but not enough to enlighten the programmer who has skipped the processor manuals.

Part III: Appendices

The rest of the book can safely be ignored: the contents of the thirty pages filled with a description of the PE format is available (for free) on the MSDN web site, and in an updated version, too, and the appendix claiming to offer details on NT's system services cannot stand up to Nebbett's work, which dedicates a whole 500 pages to just that one topic.

Summary

The book does hold promise, judging from the table of contents; but now it is time for the authors to hunker down, and get some spelunking done for the second edition, which, one hopes, will be forthcoming. Once the book has doubled in page count for the same covered material, I'll take another look at it.

8 of 8 people found the following review helpful:

4.0 out of 5 stars Corrections to my review dated 16 March 2000, March 22, 2000

By 

Felix Kasza "Felix Kasza" (Redmond, WA) - See all my reviews

This review is from: Undocumented Windows NT® (Paperback)

A week ago, I posted a review of _Undocumented Wndows NT_, a review that contains one factual error and one fallacious assumption which caused me to view the work in a worse light than I would otherwise have done.

The error is in attributing the reverse-engineering of the KiSystemServiceTable mechanism to Nishad Herath. Nishad has done an excellent, and by all appearances independent, job, but I was now given proof that the authors got there first. Kudos goes to Dabak/Phadke/Borate, and I retract the implied statement that they are offering information they could have found on dejanews -- such information was not available when they wrote the chapter in question.

The flawed assumption of mine was that the blurb on the cover, by which I judged _Undocumented Windows NT_, was written by the authors: it was not. The authors' summary can be found higher up on this page, and it does more accurately reflect the contents of the book. The mismatch between the expectations raised by the blurb and the actual contents caused me to give a lower rating than I would otherwise have given; I hope to correct the average by submitting this review with a corrected, higher, rating.

Finally, I would like to point out a minor, but helpful detail: While the authors do not offer as much information on NT's native API as Gary Nebbett's _Windows NT/2000 Native API Reference_, which I mentioned in my earlier review, it must be pointed out that they provide a header file with the necessary function and structure declarations, something that is missing from the Nebbett book.

Felix Kasza.

5 of 5 people found the following review helpful:

4.0 out of 5 stars Great source of Windows NT extensibility mechanisms, April 1, 2000

By 

D. Beck - See all my reviews
(REAL NAME)   

This review is from: Undocumented Windows NT® (Paperback)

The book is the first one that I've encountered that explains, with good working examples, how to fundamentally extend Windows NT functionality through new system services, software interrupts, and ring 0 code.

It also provides good explanations of the virtual memory and LPC facilities, with very helpful specific code examples.

The book does have a version 1.0 flavor to it. The editing and publishing are mediocre and there are many other areas of NT that I would love to see the authors apply their impressive investigative skills to.

If you are interested in understanding as much about the internals of NT as anyone that doesn't have access to the NT source code can, this book is well worth examining.