Windows via C/C++

Author:

Jeffrey Richter, Christophe Nasarre

Review:

Buy from Amazon

Just got this nice hardcover book: 5th edition of "Programming Applications for Microsoft Windows". It has 200 pages less but more material covered because of smaller font and line spacing. What's new:

C++ classes throughout - I guess writing .NET books influenced this decision
x64 Windows specifics
New Vista and Windows Server 2008 API
New tools
Updated classes for API hooking

and the most important for me - updated SEH material and Windows Error Reporting (WER) coverage with very nice diagrams.
Bearing in mind that the previous 4th edition is 8 years old it should be read by everyone using Win32 API, debugging user mode applications (knowledge of Win32 subsystem helps greatly), extending or maintaining legacy Windows software. Highly recommended. 5 starts for 5th edition :-)

Advanced Windows Debugging

Author:

Mario Hewardt and Daniel Pravat

Review:

Buy from Amazon

This is the book I wanted to read when I started doing Windows crash dump analysis more than 4 years ago. Although other excellent Windows debugging books existed at that time including "Debugging Applications" written by John Robbins and "Debugging Windows Programs: Strategies, Tools, and Techniques for Visual C++ Programmers" written by Everett N. McKay and Mike Woodring I needed a book that discusses debugging in the context of WinDbg and other tools from Debugging Tools for Windows package. So I had to learn from day-to-day experience and WinDbg help. Now WinDbg is a de facto standard in debugging and troubleshooting on Windows platforms and the book comes at the right time to teach the best practices and techniques. I'm reading it sequentially and I'm on the page 106 at the moment reading Chapter 2 "Basic Debugging Tasks" and I have already learnt techniques and debugging strategies I missed due to certain habits in using WinDbg. Even if you do mostly memory dump analysis and not live debugging of your product you also will learn a lot to apply in your day-to-day problem identification and troubleshooting. I'll write more about this wonderful book as soon as I finish reading it. Absolutely must have for any Windows software engineers, escalation engineers and technical support engineers willing to advance their debugging skills.

Inside the Machine: An Illustrated Introduction to Microprocessors and Computer Architecture

Author:

Jon Stokes

Review:

Buy from Amazon

When you write programs in C or C++ it is good to know how these languages are represented in assembly language code. When you analyze crash dumps or do low level debugging involving assembly language code it is good to know how CPU abstractions are implemented in hardware. I read this book during summer and was impressed by its clarity and visual presentation. Instruction latency, pipelining, caching, locality, micro-ops fusion and memory aliasing are explained very well on color pictures without complication and all recent Intel CPU architectures including their history and motivation behind there development are covered. I particularly like data/code streams as a general computer architecture model. Highly recommended.

Forthcoming Book about Windows Crash Dump Analysis (Systematic Software Fault Analysis Series)

The reader will master crash and hang memory dump analysis for process, minidump, kernel and complete memory dumps from Windows XP/Vista/7 and Windows Server 2003/2008/R2.

Secure Programming with Static Analysis

Author:

Brian Chess, Jacob West

Review:

Buy from Amazon

Almost finished reading the book and I would never look at any source code again without security in mind. The first chapters describe how static analysis tools work. Later chapters on buffer overflows are excellent although with some minor typos. Web programming chapters on HTTP, XML, services, privacy and privilege were very illuminating. I was very eager to buy this book because I had been developing parts of C++ static code analysis tool for Programming Research (PRQA C++) 5 years ago although at that time the company didn't anticipate this market segment. Highly recommended for software engineers developing new or maintaining old software and security engineers performing code reviews.

BIOS Disassembly Ninjutsu Uncovered

Author:

Darmawan Salihun

Review:

Buy from Amazon

If you are interested in modern BIOS internals, disassembling, accessing it from user or kernel mode, BIOS security and rootkits this book is a must read and as far as I know this is the only book available in the market. Reading x86 assembly language skill is a prerequisite because the book provides many BIOS code snippets. How to use IDA Pro and its freeware version for reverse engineering BIOS code is also covered. Highly recommended.

Contents:

Chapter 1: PC BIOS Technology
Chapter 2: Preliminary Reverse Code Engineering
Chapter 3: BIOS-Related Software Development Preliminary
Chapter 4: Getting Acquainted with the System
Chapter 5: Implementation of Motherboard BIOS
Chapter 6: BIOS Modification
Chapter 7: PCI Expansion ROM Software Development
Chapter 8: PCI Expansion ROM Reverse Engineering
Chapter 9: Accessing BIOS within the Operating System
Chapter 10: Low-Level Remote Server Management
Chapter 11: BIOS Security Measures
Chapter 12: BIOS Rootkit Engineering
Chapter 13: BIOS Defense Techniques
Chapter 14: Embedded x86 BIOS Technology
Chapter 15: What's Next?

Why Programs Fail: A Guide to Systematic Debugging

Author:

Andreas Zeller

Review:

Buy from Amazon

The book is written by the author of DDD (GUI shell for GDB). Excellent coverage of various debugging concepts and techniques with GDB and DDD usage examples including automated debugging methods, on of them is the so called delta debugging. Highly recommended.

Debugging by Thinking: A Multidisciplinary Approach

Author:

Robert Charles Metzger

Review:

Buy from Amazon

This is a very interesting book that views debugging from various perspectives including critical thinking. It uses GDB debugger for C++ debugging case studies and therefore this book can be considered as a GDB tutorial. Highly recommended for Unix software engineers especially if their job involves software maintenance. This book is also useful for escalation engineers willing to improve their troubleshooting and debugging skills. Very useful is Appendix B that lists and annotates various books related to debugging.

Developing Drivers with the Windows Driver Foundation

Author:

Penny Orwick, Guy Smith

Review:

Buy from Amazon

The book arrived today and I like it. Certainly when more and more drivers are WDF (KMDF or UMDF) and you start getting crash dumps you will definitely need to understand this framework. So you better start reading about it in advance. Additional covered topics are ETW (event tracing for Windows), WinDbg extensions, PREfast and static driver verifier. Highly recommended.

Writing Secure Code for Windows Vista

Author:

Michael Howard, David LeBlanc

Review:

Buy from Amazon

Highly recommended to learn about new changes and additions to Vista code base.

Contents:

1. Code Quality (SAL annotation for C/C++ string buffers, banned API and cryptography, static analysis tools)
2. User Account Control, Tokens and Integrity Levels
3. Buffer Overrun Defenses (ASLR, stack randomization, heap defenses, NX, /GS, SafeSEH)
4. Networking Defenses (IPv6, Network List Manager, RSS, Winsock Secure Socket Extensions, Windows Firewall)
5. Creating Secure and Resilient Services
6. Internet Explorer 7 Defenses
7. Cryptographic Enhancements
8. Authentication and Authorization (CardSpace, GINA changes)
9. Miscellaneous Defenses and Security-Related Technologies (Windows Defender API, Signing, TPM, Credential User Interface API, Kernel Mode Debugging issues)

Imperfect C++: Practical Solutions for Real-Life Programming

Author:

Matthew Wilson

Review:

Buy from Amazon

I bought this book 2 years ago and finally found time to read it. This is very good book if you already know C++ well from reading Effective C++, Exceptional C++ and many other top-quality books where C++ is praised. Now you would see its limitations and problems. I like the discussion about C and C++ ABI (application binary interface). To be honest I like every chapter. Almost (if not all) aspects of C++ are discussed and it is certainly good refresher if you haven't read any good C++ book in the last couple of years.

Highly recommended.

Professional Rootkits

Author:

Ric Vieler

Review:

The short book aims to cover kernel hooks, process injection, I/O filtering, I/O control, memory management, process synchronization, TDI communication, network filtering, email filtering, key logging, process hiding, device driver hiding, registry key hiding, directory hiding, etc. However it is a poorly written book. As the author explains the publisher contacted him after the rootkit was written. 80-90% of the book is just code listings. Code was made looking as being developed incrementally to teach you writing rootkits but that was done post factum and every new code change or addition is not highlighted... There are even code editing mistakes. If you know kernel stuff everything would look obvious but if you don't know there is no explanation. I regret that I ordered and bought it. The amount of information that I digested fits in a couple of pages. Another book written by Greg Hoglund "Rootkits: Subverting the Windows Kernel" is much better.

Not recommended.

The Old New Thing: Practical Development Throughout the Evolution of Windows

Author:

Raymond Chen

Review:

Buy from Amazon

The books explains various Win32 API quirks, digs into internals of Windows dialog manager, Visual C++ compiler (class layout) and discusses many other less known facts. A must read book for any Win32 API developer (even experienced). The author worked in application compatibility team and provides real insight into various components of Windows GUI and user interface and explains why they work in certain ways. I even found a couple of bugs in my own tools after reading this book. The section about Windows dialog manager and message delivery is very enlightening.

Highly recommended.

Syndicate content