Software Diagnostics Institute

The book is written by the author of DDD (GUI shell for GDB). Excellent coverage of various debugging concepts and techniques with GDB and DDD usage examples including automated debugging methods, on of them is the so called delta debugging. Highly recommended.

This is a very interesting book that views debugging from various perspectives including critical thinking. It uses GDB debugger for C++ debugging case studies and therefore this book can be considered as a GDB tutorial. Highly recommended for Unix software engineers especially if their job involves software maintenance. This book is also useful for escalation engineers willing to improve their troubleshooting and debugging skills. Very useful is Appendix B that lists and annotates various books related to debugging.

The book arrived today and I like it. Certainly when more and more drivers are WDF (KMDF or UMDF) and you start getting crash dumps you will definitely need to understand this framework. So you better start reading about it in advance. Additional covered topics are ETW (event tracing for Windows), WinDbg extensions, PREfast and static driver verifier. Highly recommended.

Highly recommended to learn about new changes and additions to Vista code base.

Contents:

1. Code Quality (SAL annotation for C/C++ string buffers, banned API and cryptography, static analysis tools)
2. User Account Control, Tokens and Integrity Levels
3. Buffer Overrun Defenses (ASLR, stack randomization, heap defenses, NX, /GS, SafeSEH)
4. Networking Defenses (IPv6, Network List Manager, RSS, Winsock Secure Socket Extensions, Windows Firewall)
5. Creating Secure and Resilient Services
6. Internet Explorer 7 Defenses
7. Cryptographic Enhancements
8. Authentication and Authorization (CardSpace, GINA changes)
9. Miscellaneous Defenses and Security-Related Technologies (Windows Defender API, Signing, TPM, Credential User Interface API, Kernel Mode Debugging issues)

I bought this book 2 years ago and finally found time to read it. This is very good book if you already know C++ well from reading Effective C++, Exceptional C++ and many other top-quality books where C++ is praised. Now you would see its limitations and problems. I like the discussion about C and C++ ABI (application binary interface). To be honest I like every chapter. Almost (if not all) aspects of C++ are discussed and it is certainly good refresher if you haven't read any good C++ book in the last couple of years.

Highly recommended.

The short book aims to cover kernel hooks, process injection, I/O filtering, I/O control, memory management, process synchronization, TDI communication, network filtering, email filtering, key logging, process hiding, device driver hiding, registry key hiding, directory hiding, etc. However it is a poorly written book. As the author explains the publisher contacted him after the rootkit was written. 80-90% of the book is just code listings. Code was made looking as being developed incrementally to teach you writing rootkits but that was done post factum and every new code change or addition is not highlighted... There are even code editing mistakes. If you know kernel stuff everything would look obvious but if you don't know there is no explanation. I regret that I ordered and bought it. The amount of information that I digested fits in a couple of pages. Another book written by Greg Hoglund "Rootkits: Subverting the Windows Kernel" is much better.

Not recommended.

The books explains various Win32 API quirks, digs into internals of Windows dialog manager, Visual C++ compiler (class layout) and discusses many other less known facts. A must read book for any Win32 API developer (even experienced). The author worked in application compatibility team and provides real insight into various components of Windows GUI and user interface and explains why they work in certain ways. I even found a couple of bugs in my own tools after reading this book. The section about Windows dialog manager and message delivery is very enlightening.

Highly recommended.