Good morning.
I’m reading win internals 7th edition. Part 1 is already done. I open the part 2 looked at Contents and didn’t see there Crash Dump Analysis. I compared both 6th and 7th editions and found out that 7th edition doesn’t have Crash Dump Analysis, Networking and Disk Management chapters + there is no legacy boot description despite it’s not actual mostly anymore. I’m a little disappointed about they removed these important parts of the book. Now to fully understand logically NT architecture you need to read win internals 7th edition and read Crash Dump Analysis and Storage Management form part 2 6th edition and Networking from part 1 6th edition. Am i right? Is there more important chapters/secitons that is not included in the 7th edition?
"To fully understand NT architecture" is a bold claim. You can just read the 6th edition if they didn't add them to 7th edition. Microsoft doesn't change the NT kernel overnight.
Thank you for your reply, Staarblitz. Yes, i mean exactly what you say: reading the latest edition of win internals (7th edition) and after read chapters from 6th edition that were cut off(networks, crash dump, disks). I also read amd64 documentation in parallel (volume 1 is done, now it’s volume 2). After this i want to learn uefi, acpi, tpm documentation and explore WRK source code issued by microsoft. Maybe it’s impossible as you noted, but i still want try to understand Windows NT as deep as possible.
Yes. That will get you through. Make sure to read blog posts from known internalists like Alex Ionescu and Pavel Yosifovich. Use PDB files for undocumented structures, if anything, you can use google. It sometimes returns good results.
And you can contact or ask me as well.
Thank you for you advice, Starrblitz. I also appreciate you’re open to help me with questions that will bother me in the future. It’s became more simpler to learn win internals with gemini that often can explain you some things you cannot fully understand. It helped me with explaining some difficult security mechanisms like CFG, patch guard. But gemini is auxiliary instrument that cannot replace pure documentation and source code.
As far as I see, Gemini is the most accurate model for NT debugging. But always double check whatever it says. Sometimes it hallucinates hard. But for crash dumps and explanations, it works nice.
1 Like
Thank you. I’ll take note of this.