Advanced DPCs
Learn about some of the advanced (undocumented) features of DPCs.
Books on Windows
See what books we recommend for information on Windows internals systems programming.
BOOT.INI Options
The most complete BOOT.INI option reference available outside of Microsoft.
Device Object Security
Are your device objects as secure as they should be? Learn what permissions are applied to the objects you create with IoCreateDevice and get introduced to kernel-mode security APIs that can be used to close potential device object security holes.
Inside Disk Defragmenting
Find out about the APIs Windows NT Defragmentation products use, and download a free defragmenting demonstration program, complete with full source.
Inside the Disk Key
The HKLM\System\Disk\Information value is the heart of Windows NT's disk administration. It contains information on drive mappings and fault tolerant configurations. In this article I go inside the Disk\Information value to describe its format, and provide source code to a program, Diskkey, that reads and decodes it.
Inside High Resolution Timers
Learn how high resolution multimedia timers are implemented in Windows NT.
Inside I/O Completion Ports
Learn about Completion Ports, a powerful tool for building scalable high-performance server applications, and find out what goes on inside of NT to implement them.
Inside the Native API
Wonder what the Native API is? How about what functions are in it? You'll find out this and more in this in-depth look at the API, complete with a catalog of all its functions, including what's new in Win2K.
Inside Native Applications
Learn what a "native" Windows NT application is, how they are built, and how they work. An example native application, Native, is provided with source code, and will print a customizable message to the boot-time Blue Screen.
Magazines on Windows
View our list of recommended Windows magazines.
Monitoring Boot-time Registry Access
Regmon for Windows NT Version 3.7 lets you monitor and record Registry activity from very early in a system boot. Learn about Windows by examining the Registry activity of an entire boot-to-boot life cycle!
NT 4.0 ACL Editors
I've documented the NT 4.0 system ACL editor dialog interface, something that is useful for applications wishing to provide standard security editing facilities.
Our Publications
Learn about Blue Screens, NTFS, Security, Memory Management and much more. A list of our Windows 95 and Windows NT internals-related publications, many of which are on-line. Also, a topic list for Mark's past and upcoming Windows NT Magazine NT Internals column.
Speaking Schedule
Mark's conference speaking schedule.
Sysinternals at Microsoft
Sysinternals tools are used heavily by Microsoft developers and support personnel. They are referenced in over two dozen Microsoft Knowledge Base articles and this page serves as a list of the ones we know of.
Sysinternals Newsletter
The Sysinternals newsletter provides you updates on what's new at Sysinternals, plus miscellaneous tips and information on Windows internals.
Tips and Trivia
A growing grab-bag of Windows NT miscellany.
Understanding Malware: Viruses, Spyware and Rootkits
Mark Russinovich gives an introduction to malware and manual cleaning techniques in one of the top-10 rated of all on-demand Microsoft webcasts.
Windows 2000 Quantums
Find out about internal quantum tables in Win2K.
Windows Internals
The official updates and errata page for the definitive book on Windows 2000, XP and Windows Server 2003 internals, by Mark Russinovich and David Solomon.
WinXP Source Tree
Explore the source tree layout of the Windows XP kernel-mode subsystems, TCP/IP stack, NTFS file system driver, and multiprocessor HAL.
Note: this page contains javascript and loads slowly.