If you are interested in modern BIOS internals, disassembling, accessing it from user or kernel mode, BIOS security and rootkits this book is a must read and as far as I know this is the only book available in the market. Reading x86 assembly language skill is a prerequisite because the book provides many BIOS code snippets. How to use IDA Pro and its freeware version for reverse engineering BIOS code is also covered. Highly recommended.
Chapter 1: PC BIOS Technology
Chapter 2: Preliminary Reverse Code Engineering
Chapter 3: BIOS-Related Software Development Preliminary
Chapter 4: Getting Acquainted with the System
Chapter 5: Implementation of Motherboard BIOS
Chapter 6: BIOS Modification
Chapter 7: PCI Expansion ROM Software Development
Chapter 8: PCI Expansion ROM Reverse Engineering
Chapter 9: Accessing BIOS within the Operating System
Chapter 10: Low-Level Remote Server Management
Chapter 11: BIOS Security Measures
Chapter 12: BIOS Rootkit Engineering
Chapter 13: BIOS Defense Techniques
Chapter 14: Embedded x86 BIOS Technology
Chapter 15: What's Next?
This is a very interesting book that views debugging from various perspectives including critical thinking. It uses GDB debugger for C++ debugging case studies and therefore this book can be considered as a GDB tutorial. Highly recommended for Unix software engineers especially if their job involves software maintenance. This book is also useful for escalation engineers willing to improve their troubleshooting and debugging skills. Very useful is Appendix B that lists and annotates various books related to debugging.
The book arrived today and I like it. Certainly when more and more drivers are WDF (KMDF or UMDF) and you start getting crash dumps you will definitely need to understand this framework. So you better start reading about it in advance. Additional covered topics are ETW (event tracing for Windows), WinDbg extensions, PREfast and static driver verifier. Highly recommended.
Highly recommended to learn about new changes and additions to Vista code base.
1. Code Quality (SAL annotation for C/C++ string buffers, banned API and cryptography, static analysis tools)
2. User Account Control, Tokens and Integrity Levels
3. Buffer Overrun Defenses (ASLR, stack randomization, heap defenses, NX, /GS, SafeSEH)
4. Networking Defenses (IPv6, Network List Manager, RSS, Winsock Secure Socket Extensions, Windows Firewall)
5. Creating Secure and Resilient Services
6. Internet Explorer 7 Defenses
7. Cryptographic Enhancements
8. Authentication and Authorization (CardSpace, GINA changes)
9. Miscellaneous Defenses and Security-Related Technologies (Windows Defender API, Signing, TPM, Credential User Interface API, Kernel Mode Debugging issues)
I bought this book 2 years ago and finally found time to read it. This is very good book if you already know C++ well from reading Effective C++, Exceptional C++ and many other top-quality books where C++ is praised. Now you would see its limitations and problems. I like the discussion about C and C++ ABI (application binary interface). To be honest I like every chapter. Almost (if not all) aspects of C++ are discussed and it is certainly good refresher if you haven't read any good C++ book in the last couple of years.
The short book aims to cover kernel hooks, process injection, I/O filtering, I/O control, memory management, process synchronization, TDI communication, network filtering, email filtering, key logging, process hiding, device driver hiding, registry key hiding, directory hiding, etc. However it is a poorly written book. As the author explains the publisher contacted him after the rootkit was written. 80-90% of the book is just code listings. Code was made looking as being developed incrementally to teach you writing rootkits but that was done post factum and every new code change or addition is not highlighted... There are even code editing mistakes. If you know kernel stuff everything would look obvious but if you don't know there is no explanation. I regret that I ordered and bought it. The amount of information that I digested fits in a couple of pages. Another book written by Greg Hoglund "Rootkits: Subverting the Windows Kernel" is much better.
The books explains various Win32 API quirks, digs into internals of Windows dialog manager, Visual C++ compiler (class layout) and discusses many other less known facts. A must read book for any Win32 API developer (even experienced). The author worked in application compatibility team and provides real insight into various components of Windows GUI and user interface and explains why they work in certain ways. I even found a couple of bugs in my own tools after reading this book. The section about Windows dialog manager and message delivery is very enlightening.