The reader will master crash and hang memory dump analysis for process, minidump, kernel and complete memory dumps from Windows XP/Vista/7 and Windows Server 2003/2008/R2.
Almost finished reading the book and I would never look at any source code again without security in mind. The first chapters describe how static analysis tools work. Later chapters on buffer overflows are excellent although with some minor typos. Web programming chapters on HTTP, XML, services, privacy and privilege were very illuminating. I was very eager to buy this book because I had been developing parts of C++ static code analysis tool for Programming Research (PRQA C++) 5 years ago although at that time the company didn't anticipate this market segment. Highly recommended for software engineers developing new or maintaining old software and security engineers performing code reviews.
If you are interested in modern BIOS internals, disassembling, accessing it from user or kernel mode, BIOS security and rootkits this book is a must read and as far as I know this is the only book available in the market. Reading x86 assembly language skill is a prerequisite because the book provides many BIOS code snippets. How to use IDA Pro and its freeware version for reverse engineering BIOS code is also covered. Highly recommended.
Chapter 1: PC BIOS Technology
Chapter 2: Preliminary Reverse Code Engineering
Chapter 3: BIOS-Related Software Development Preliminary
Chapter 4: Getting Acquainted with the System
Chapter 5: Implementation of Motherboard BIOS
Chapter 6: BIOS Modification
Chapter 7: PCI Expansion ROM Software Development
Chapter 8: PCI Expansion ROM Reverse Engineering
Chapter 9: Accessing BIOS within the Operating System
Chapter 10: Low-Level Remote Server Management
Chapter 11: BIOS Security Measures
Chapter 12: BIOS Rootkit Engineering
Chapter 13: BIOS Defense Techniques
Chapter 14: Embedded x86 BIOS Technology
Chapter 15: What's Next?
This is a very interesting book that views debugging from various perspectives including critical thinking. It uses GDB debugger for C++ debugging case studies and therefore this book can be considered as a GDB tutorial. Highly recommended for Unix software engineers especially if their job involves software maintenance. This book is also useful for escalation engineers willing to improve their troubleshooting and debugging skills. Very useful is Appendix B that lists and annotates various books related to debugging.
The book arrived today and I like it. Certainly when more and more drivers are WDF (KMDF or UMDF) and you start getting crash dumps you will definitely need to understand this framework. So you better start reading about it in advance. Additional covered topics are ETW (event tracing for Windows), WinDbg extensions, PREfast and static driver verifier. Highly recommended.
Highly recommended to learn about new changes and additions to Vista code base.
1. Code Quality (SAL annotation for C/C++ string buffers, banned API and cryptography, static analysis tools)
2. User Account Control, Tokens and Integrity Levels
3. Buffer Overrun Defenses (ASLR, stack randomization, heap defenses, NX, /GS, SafeSEH)
4. Networking Defenses (IPv6, Network List Manager, RSS, Winsock Secure Socket Extensions, Windows Firewall)
5. Creating Secure and Resilient Services
6. Internet Explorer 7 Defenses
7. Cryptographic Enhancements
8. Authentication and Authorization (CardSpace, GINA changes)
9. Miscellaneous Defenses and Security-Related Technologies (Windows Defender API, Signing, TPM, Credential User Interface API, Kernel Mode Debugging issues)
I bought this book 2 years ago and finally found time to read it. This is very good book if you already know C++ well from reading Effective C++, Exceptional C++ and many other top-quality books where C++ is praised. Now you would see its limitations and problems. I like the discussion about C and C++ ABI (application binary interface). To be honest I like every chapter. Almost (if not all) aspects of C++ are discussed and it is certainly good refresher if you haven't read any good C++ book in the last couple of years.
The short book aims to cover kernel hooks, process injection, I/O filtering, I/O control, memory management, process synchronization, TDI communication, network filtering, email filtering, key logging, process hiding, device driver hiding, registry key hiding, directory hiding, etc. However it is a poorly written book. As the author explains the publisher contacted him after the rootkit was written. 80-90% of the book is just code listings. Code was made looking as being developed incrementally to teach you writing rootkits but that was done post factum and every new code change or addition is not highlighted... There are even code editing mistakes. If you know kernel stuff everything would look obvious but if you don't know there is no explanation. I regret that I ordered and bought it. The amount of information that I digested fits in a couple of pages. Another book written by Greg Hoglund "Rootkits: Subverting the Windows Kernel" is much better.
The books explains various Win32 API quirks, digs into internals of Windows dialog manager, Visual C++ compiler (class layout) and discusses many other less known facts. A must read book for any Win32 API developer (even experienced). The author worked in application compatibility team and provides real insight into various components of Windows GUI and user interface and explains why they work in certain ways. I even found a couple of bugs in my own tools after reading this book. The section about Windows dialog manager and message delivery is very enlightening.