Our Publications Copyright © 1996 Mark Russinovich and Bryce Cogswell Last Updated August 11, 1997 Our printed works Introduction Both of us write magazine articles related to Windows NT internals, and we often get asked where they can be found. On this page you'll find a bibliography of our publications. In addition, you'll find the upcoming schedule of topics that will be covered in Mark's Windows NT Magazine column, NT Internals. Where applicable, the article title will link to the on-line version of the text. You might also want to check out Windows NT Magazine's articles on-line (all from issues more than 3 months old). Coming Soon - we'll add a section to the page that links to NT Internals making news. NT Internals Inside Windows NT Disk Column May '97 Defragmenting July '97 Inside the Windows NT Scheduler, Part 1 August '97 Inside the Windows NT Scheduler, Part 2 September '97 Inside On-Access Virus Scanners October '97 Inside the Object Manager November '97 Inside Interrupt Handling Publications * "Inside the Windows NT Registry," by Mark Russinovich, Windows NT Magazine, April 1997. This article describes the organization of the Registry, discusses what is stored in each root key and their subkeys, and points out a few Registry tricks. * "Examining the Windows NT File System," by M. Russinovich and B. Cogswell, Dr. Dobb's Journal, February 1997. NTFilemon is presented in this article, which also presents the basics of the NT I/O manager and how file systems interface with it. * "Windows NT System Call Hooking," by M. Russinovich and B. Cogswell, Dr. Dobb's Journal, January 1997. NTRegmon is presented in this article, and it describes how NTRegmon uses a technique we came up with, kernel-mode system call hooking, to watch all Registry activity. * "Inside the Difference Between Windows NT Workstation and Windows NT Server," by M. Russinovich, Windows NT Magazine, November 1996. The definitive article describing the differences between the two flavors of NT. Mark was the technical source behind O'Reilly and Associates disclosure in September 1996 that, contrary to some of Microsoft's claims, Server and Workstation share the same code base. * "Inside the Windows 95 Registry," by M. Russinovich and B. Cogswell, Windows Developer's Journal, October 1996. Regmon is presented in this article, which also describes the overall layout of the Windows 95 Registry. * "NTFSDOS Poses Little Security Threat," by M. Russinovich and B. Cogswell, Windows NT Magazine, September 1996. Our view on how NTFSDOS does not "break" NT security, but rather highlights the need for physical security. * "Inside SoftRAM 95," by M. Russinovich, B. Cogswell, and A. Schulman, Dr. Dobb's Journal, August 1996. Mark broke the story on SoftRAM 95 (published by Syncronys Softcorp.), the second best selling Windows product of 1995 (behind Windows 95 Upgrade), showing the world it was a fraud. This article goes inside the program to expose its deceit. * "Replay for Concurrent Non-Deterministic Shared Memory Applications," by M. Russinovich and B. Cogswell, Proceedings of ACM Conference on Programming Language Design and Implementation, May 1996. This academic paper presents a technique we developed to efficiently replay a class of programs that traditionally required much more expensive (in space and time) and intrusive methods to enable identical re-execution. Replay techniques are used in fault tolerance and debugging applications. * "Examining VxD Service Hooking," by M. Russinovich and B. Cogswell, Dr. Dobb's Journal, May 1996. VCMon (VCache Monitor) is presented in this article as an example of the kinds of visibility VxD service hooking can provide. * "Journaling and Playback for Windows 95," by M. Russinovich and B. Cogswell, Dr. Dobb's Journal, March 1996. Windows 95 introduced new VxD services that enable a VxD to record and play-back keyboard and mouse input at the lowest level. Ctrl2Cap is another example of this feature. * "Examining the Windows 95 Layered File System," by M. Russinovich and B. Cogswell, Dr. Dobb's Journal, Dec. 1995. Here we present a Windows 95 VSD that hooks all physical disk I/O and presents it ala Filemon. We also discuss the organization of the Windows 95 disk I/O subsystem. ------------------------------------------------------------------------- [Image]