HN Books @HNBooksMonth

The best books of Hacker News.

Hacker News Comments on
Windows Internals, Part 1: System architecture, processes, threads, memory management, and more (Developer Reference)

Pavel Yosifovich, Mark Russinovich, David Solomon, Alex Ionescu · 6 HN comments
HN Books has aggregated all Hacker News stories and comments that mention "Windows Internals, Part 1: System architecture, processes, threads, memory management, and more (Developer Reference)" by Pavel Yosifovich, Mark Russinovich, David Solomon, Alex Ionescu.
View on Amazon [↗]
HN Books may receive an affiliate commission when you make purchases on sites after clicking through links on this page.
Amazon Summary
The definitive guide–fully updated for Windows 10 and Windows Server 2016 Delve inside Windows architecture and internals, and see how core components work behind the scenes. Led by a team of internals experts, this classic guide has been fully updated for Windows 10 and Windows Server 2016. Whether you are a developer or an IT professional, you’ll get critical, insider perspectives on how Windows operates. And through hands-on experiments, you’ll experience its internal behavior firsthand–knowledge you can apply to improve application design, debugging, system performance, and support. This book will help you: ·        Understand the Window system architecture and its most important entities, such as processes and threads ·        Examine how processes manage resources and threads scheduled for execution inside processes ·        Observe how Windows manages virtual and physical memory ·        Dig into the Windows I/O system and see how device drivers work and integrate with the rest of the system ·        Go inside the Windows security model to see how it manages access, auditing, and authorization, and learn about the new mechanisms in Windows 10 and Server 2016
HN Books Rankings

Hacker News Stories and Comments

All the comments and stories posted to Hacker News that reference this book.
I don't have any one complete book that I can recommend, and I don't even really have a great reading list for this. But I'll make an attempt to share what I think is useful as a starting point.

1. Systems Operations is first and foremost about understanding systems, in all of their complexity, which means understanding the internals of your OS primarily.

2. Performance and networking, in particular, are super important areas to focus on understanding when it comes to learning the topic to help with software development.

3. A lot of it is about understanding concepts in abstract and being able to extrapolate to other situations and apply these concepts, so there's actually quite a lot of useful information that can be learned on one OS and still applied to another OS (or on one game engine and applied to another, et al).

Here's a few books I think are worth reading, not in any particular order of prevalence, but loosely categorized


High Performance MySQL:

SQL Queries for Mere Mortals:

The Art of SQL:


TCP/IP Illustrated: (updates on author's site at

The TCP/IP Guide:

UNIX Network Programming:

Beej's Guide to Network Programming:

Operating Systems:

Operating Systems Concepts: (various editions, I have the 7th edition... I recommend you find the latest)

Modern Operating Systems: (the "Tanenbaum Book")

Operating Systems Design and Implementation: (the other one, the "MINIX Book")

Windows Internals:

Part 1:

Part 2: (I had the pleasure of being taught from this book by Mark Russinovich and David Solomon at a previous employer, was an amazing class and these books are incredible resources even applied outside of Windows, we used 5th edition, I linked 7th, which has the 2nd part pending publication).

MacOS Internals:

Part 1:

Part 2:

Part 3:

Linux Kernel Programming:

Part 1:

Part 2:

The Linux Programming Interface:

General Systems Administration:

Essential Systems Administration:

UNIX and Linux Systems Administration Handbook:

The Linux Command Line and Shell Scripting Bible:

UNIX Shell Programming:

BASH Hackers Wiki:

TLDP Advanced BASH Scripting Guide:

The Debian Administrator's Handbook:

TLDP Linux System Administrator's Guide:

Performance & Benchmarking:

Systems Performance: (this is Brendan Gregg's book where you learn about the magic of dtrace)

BPF Performance Tools: (the newer Brendan Gregg book about BPF, stellar)

The Art of Computer Systems Performance Analysis: (no longer available from Amazon, but is available direct from publisher. This is basically the one book you should read about creating and structuring benchmarks or performance tests)

I guess that's a "reading list", but this is just a small part of what you need to know to excel in systems operations.

I would say for the typical software developer writing web applications, the most important thing to know is how databases work and how networking works, since these are going to be the primary items affecting your application performance. But there's obviously topics not included in this list that are also worth understanding, such as browser/DOM internals, how caching and CDNs work, and web-specific optimizations that can be achievable with HTTP/2 or QUIC.

For the average software developer writing desktop applications, I'd say make sure you /really/ understand OS internals... at the base everything you do on a computer system is based on what the OS provides to you. Even though you are abstracted (possibly many layers) away from this, being able to peel back the layers and understand what's /really/ happening is essential to writing high-quality application code that is performant and secure, as well as making you a champ at debugging issues.

If you're trying to get into systems operations as a field, this is just a brush over the top surface and there's a lot deeper diving required.

Appreciate the recs. Thanks very much for taking the time to write a detailed response.
The best start would probably be both parts of Windows Internals:

These aren't about programming per se, but if you want to do systems programming it helps to have a detailed understanding of the system. :)

After that, specific reading probably depends on the exact task you want to perform, but MS has good documentation and tutorials in many areas. Writing drivers, for example:

To add on, the windows internals books have exercises with the sysinternals tools. If sitting down and plowing through a doorstop of a book isn't your cup of tea, try picking a chapter or two which sound interesting, skimming them, and doing the exercises.
Oh come on!

Certainly all systems have undocumented stuff that are left undocumented because the users are not supposed to use it. If they would, they couldn't change it.

System calls seems like the very definition of what should be documented for users. Particularly if you want someone to write compilers for your operating system.
How exactly does the Windows design here prevent writing compilers? The API is stable, it just isn't on the syscall level.

Please educate yourself about the Windows architecture.

The stable program-kernel interface is not the kernel syscalls, but library API. That's exactly the same as every other non-Linux OS out there including other Unixes and other Free OSs.
Pretty sure that isn't true of FreeBSD, NetBSD or OpenBSD. It most certainly wasn't true of any Unix.

They all have files that end up as /usr/include/sys/syscall.h and define well-known numerical constants for each (documented!) system call.

Oh, look! They even share the exact same numerical values for the old school system calls. #1 is exit(), #2 is fork(), so on and so forth.

Gosh, on my linux laptop, here in /usr/include/asm/unistd_64.h is pretty much the same numbers, but objectively hidden a little bit more than in the direct Unix descendants. I interpret this as "less documented than in Unixes".

Wow, even Minix source code has the same numbers:

I wonder why that is? Maybe it's because the system call numbers are in fact documented, part of the POSIX API, and descend from Bell Labs Unix source code. Here's V7's list of system call numbers as proof:

Documenting syscalls does not mean a guarantee of stability. I can't recall any other Unixes except Linux which has committed to maintaining syscalls, which means this interface cannot be relied on.


OpenBSD deletes "relic from the past" syscall:

Solaris documenting deleted syscalls (note however the libc interface is guaruaneed):

MacOS X is so unstable that even go developers had to go through libSystem:

> MacOS X is so unstable that even go developers had to go through libSystem

Just to be clear to anyone else, the Mac OS X syscall interface is guaranteed to be unstable by Apple. Going through libSystem is the only way.

A book... That cost money.

Compare that with the man pages of some decent BSD. Or even Linux..

But yes. I have contemplated buying one of those windows internals. I will probably buy that book just because of your comment. It's not that expensive.

The series of books known as "Windows System Internals"[0]

Raymond Chen of "Old New Thing" fame and all his friends[1]

The creator of process monitor occasionally writes nice blog posts about troubleshooting[2]

A lot of historical NT stuff is still valid, or at least mildly relevant today.




For those who are interested, the next version of Windows Internals is available for pre-order from Amazon :)

Oh, and @EvanAnderson - you might want to take a look at the Windows Sybsystem for Linux (WSL) - which allows you to run unmodified ELF64 Linux binaries directly on Windows:

Windows Internals 7th Edition Book 1 is available already[0], and there will be 2 more books[1]. Russinovich and Solomon have stepped down a while ago, according to that forum thread, but the new book lists them as authors because Catlin and Hanrahan worked over the already existing stuff.



HN Books is an independent project and is not operated by Y Combinator or
~ [email protected]
;laksdfhjdhksalkfj more things ~ Privacy Policy ~
Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.