Undocumented Windows NTŪ (Paperback)

by Prasad Dabak (Author), Sandeep Phadke (Author), Milind Borate (Author) "the kernel, which ultimately relies on the hardware abstraction layer (HAL) that talks directly with the hardware. The NT development team's choice of programming language..." (more)
Key Phrases: vad tree, page table directory, appropriate error code, Cache Manager, Service Descriptor Table, Thread Environment Block (more...)

Editorial Reviews

Product Description
Although Microsoft Windows NT is one of the most popular operating systems in the corporate world, no book has documented what actually goes on under the hood -- until now. Undocumented Windows NT dissects the Win32 interface, deconstructs the underlying APIs, and deciphers the Memory Management architecture to help you understand operations, fix flaws, and enhance performance.

In this groundbreaking guide, three experts share what they've dug up on NT through years of hands-on research and programming experience. The authors' in-depth investigation uncovers both the strengths and the weaknesses -- and reveals how you can make any Windows NT system more stable and secure.

From the Back Cover
Undocumented Windows NT® Although Microsoft Windows NT is one of the most popular operating systems in the corporate world, no book has documented what actually goes on under the hood — until now. In this groundbreaking guide, three experts share what they've dug up on NT through years of hands-on research and programming experience. Undocumented Windows NT dissects the Win32 interface, deconstructs the underlying APIs, and deciphers the Memory Management architecture to help you understand operations, fix flaws, and enhance performance. The authors' in-depth investigation uncovers both the strengths and the weaknesses — and reveals how you can make any Windows NT system more stable and secure.

See all Editorial Reviews

Product Details

• Paperback: 335 pages
• Publisher: Hungry Minds (October 1999)
• Language: English
• ISBN-10: 0764545698
• ISBN-13: 978-0764545696
• Product Dimensions: 9 x 7 x 1.1 inches
• Shipping Weight: 1.3 pounds
• Average Customer Review: 4.0 out of 5 stars See all reviews (6 customer reviews)
• Amazon.com Sales Rank: #1,219,163 in Books (See Bestsellers in Books)

Customer Reviews

Most Helpful Customer Reviews

12 of 13 people found the following review helpful:

2.0 out of 5 stars A topic with potential -- unrealised potential, that is., March 16, 2000

By	Felix Kasza (Redmond, WA USA) - See all my reviews (REAL NAME)

Part I: Essentials

When I opened _Undocumented Windows NT_, I expected it to start where Solomon's _Inside Windows NT 2nd ed._ left off. Unfortunately, the first half is only a rehash of readily available information, sprinkled with a few beginner-level tips and techniques for budding reverse-engineering fans.

Part II: Undocumented Windows NT

Part II presents the system service dispatch mechanism (operative term: KiSystemServiceTable), which is anything but a secret, at least since Nishad Herath published his article on just that topic in October 1998 (archived at http://www.cmkrnl.com/arc-newint2e.html -- sorry, amazon.com strips HTML tags). Personally, I found the article easier to read and absorb, too.

Putting LPCs to work is a good chapter. Nebbett's _Native API Reference_ is, after all, just that, a reference, while the authors of _Undocumented Windows NT_ do a decent job of explaining how to use LPC. Hooking existing and adding new software interrupts is a holdover from the bad old DOS days, and about as useful. Besides, the authors make the same mistake that already marred my enjoyment of the first part of the book -- they have enough background material on CPU architecture to bore the developer who has read the Intel manuals (which we all did, I hope), but not enough to enlighten the programmer who has skipped the processor manuals.

Part III: Appendices

The rest of the book can safely be ignored: the contents of the thirty pages filled with a description of the PE format is available (for free) on the MSDN web site, and in an updated version, too, and the appendix claiming to offer details on NT's system services cannot stand up to Nebbett's work, which dedicates a whole 500 pages to just that one topic.

Summary

The book does hold promise, judging from the table of contents; but now it is time for the authors to hunker down, and get some spelunking done for the second edition, which, one hopes, will be forthcoming. Once the book has doubled in page count for the same covered material, I'll take another look at it.

8 of 8 people found the following review helpful:

4.0 out of 5 stars Corrections to my review dated 16 March 2000, March 22, 2000

By	Felix Kasza (Redmond, WA USA) - See all my reviews (REAL NAME)

A week ago, I posted a review of _Undocumented Wndows NT_, a review that contains one factual error and one fallacious assumption which caused me to view the work in a worse light than I would otherwise have done.

The error is in attributing the reverse-engineering of the KiSystemServiceTable mechanism to Nishad Herath. Nishad has done an excellent, and by all appearances independent, job, but I was now given proof that the authors got there first. Kudos goes to Dabak/Phadke/Borate, and I retract the implied statement that they are offering information they could have found on dejanews -- such information was not available when they wrote the chapter in question.

The flawed assumption of mine was that the blurb on the cover, by which I judged _Undocumented Windows NT_, was written by the authors: it was not. The authors' summary can be found higher up on this page, and it does more accurately reflect the contents of the book. The mismatch between the expectations raised by the blurb and the actual contents caused me to give a lower rating than I would otherwise have given; I hope to correct the average by submitting this review with a corrected, higher, rating.

Finally, I would like to point out a minor, but helpful detail: While the authors do not offer as much information on NT's native API as Gary Nebbett's _Windows NT/2000 Native API Reference_, which I mentioned in my earlier review, it must be pointed out that they provide a header file with the necessary function and structure declarations, something that is missing from the Nebbett book.

Felix Kasza.

5 of 5 people found the following review helpful:

4.0 out of 5 stars Great source of Windows NT extensibility mechanisms, April 1, 2000

By	D. Beck - See all my reviews (REAL NAME)

The book is the first one that I've encountered that explains, with good working examples, how to fundamentally extend Windows NT functionality through new system services, software interrupts, and ring 0 code.

It also provides good explanations of the virtual memory and LPC facilities, with very helpful specific code examples.

The book does have a version 1.0 flavor to it. The editing and publishing are mediocre and there are many other areas of NT that I would love to see the authors apply their impressive investigative skills to.

If you are interested in understanding as much about the internals of NT as anyone that doesn't have access to the NT source code can, this book is well worth examining.