[Dreg]

Programming - Undocumented Windows NT
Addison Wesley Advanced Windows Debugging Nov 2007
Addison.Wesley Professional Rootkits Subverting the windows Kernel Jul 2005
DRIVERS Windows2k Device Driver Book A Guide for Programmers
MS Press - Programming the Windows Driver Model 2nd
Microsoft Press Developing Drivers with the Windows Driver Foundation Apr 2007
O'Reilly - Windows NT File System Internals, A Developer's Guide
Reversing Secrets of Reverse Engineering
Undocumented Windows 2000 Secrets - The Programmers Cookbook
Windows 2000 native API reference
Windows System Programming Third Edition
Wordware The Rootkit Arsenal May 2009
Wrox Professional Rootkits Mar 2007
Wiley The Shellcoders Handbook

[EP_X0FF]

Hi,

This is good idea.
Since we are not supporting warez here, I think links to official selling places amazon etc,
(if book is still available) will be very good.

So after little arranging of this topic it can be set as sticky.

Regards.

[__Genius__]

The Windows 2000 Device Driver Book, A Guide for Programmers
Windows Via C/C++ 2007
Microsoft Windows Internals, 4th Edition (Ms press, support for windows, NT, 200,XP, 2003)
Microsoft Windows Internals, 5th Edition (MS press, Support for windows Vista / Sever 2008)
Microsoft Windows Internals, 6th Eidtion (MS press, Support for windows 7 - Upcoming event from Mark Russinovich)
Windows NT / 2000 native API reference - Gary Nebbet
Exploiting Software How to Break Code - Greg Hoglund
The IDA Pro book (Unofficial Guide to the world's most popular disassembler)
Shellcoder's Programming Uncovered
Hacker's Debugging Uncovered - Kris kaspersky
Malicious Cryptography - Exposing Cryptovirology
Hacking exposed malware and Rootkits - 2009
The Art of Software Security Assessment
The Art of Software Security Testing
The Assembly Programming Master book (include in-depth debugging & Driver Development Materials)
----
Priv8 msg for download links .

best regards,
Genius

[Meriadoc]

aforementioned...

Advanced Windows Debugging
Exploiting Software
Rootkits Subverting the Windows Kernel
Microsoft Windows Internals

are always on my list, must reads.

[EP_X0FF]

Microsoft Windows Internals

I have bought it year ago, 4rd edition, Microsoft Press :) In every chapter was always something interesting and new. So I highly recommend it for reading as well as Richter book - Windows via C/C++ (new edition) with a lot of useful examples covering new Vista architecture.

[__Genius__]

I'm reading Hacking exposed malware and Rootkits right now, I also recommend this book to everybody, it has more malicious methods than countermeasures :D
also , in the last chapter , in the defense parts that is related to Writing an anti-Rootkit application the author has promised to release an Open-Source Anti-Rootkit applications .
but I don't know why authors in some chapters mentioned GMER ARK as an open-Source Anti-Rootkit ... :shock: :!:
I'm also confirmed with EP and Meriadoc, also I recommend The Assembly Programming master book with Icezelion's ASM tutorials .

[ .. ] now I'm porting Standard windows via C/C++ applications from C++ to Delphi 2010 :lol: if anyone like can help me :) :D

[EP_X0FF]

now I'm porting Standard windows via C/C++ applications from C++ to Delphi 2010 :lol: if anyone like can help me

Of course, if you unsure and/or not familiar with something feel free to ask your beginners questions here -> Newbie Questions
This will help to keep thread free from offtopic.

[qpok]

I see recommendations for the book "Rootkits: Subverting the Windows Kernel". I've been pondering whether to buy this book or not. I am a little worried that it is getting outdated - should I still buy the book? And ofc it won't cover Vista or Windows 7.

I've myself started reading Bill Blunden's "The Rootkit Arsenal: Escape and Evasion in the Dark Corners of the System": http://bit.ly/9Jx1f0 It has given me a very good first impression. It's well articulated, apt and funny and is surely to teach you some Windows internals. Plus, I like the Chinese text on the cover: 鬼上电脑. I think it directly translates to ghost in the electric brain (=rootkit) - some Chinese speakers can clarify this :)

I think the first post should be organized either by alphabet or organized into categories. Furthermore, it would be extremely helpful to add ISBN after the title. This speeds up searching the book & searching the cheapest copy (e.g. by using http://www.bookfinder.com/). Stackoverflow.com also has a somewhat similar post http://stackoverflow.com/questions/1711 ... hould-read. You can see it is very neatly organized and including the cover image for the book is a neat idea.

That was a bit lengthy but it's better to get this thread straight on the right track.

[Alex]

Yes this book is too old to find in it techniques used by today's malware rootkits. But some techniques are unchanged like layered drivers or IRP hooking. This book is nothing more then description of Greg's examples available in his vault. I bought this book just because it is cult position and because I appreciate Greg's and James's work. In my opinion everyone who is interested in rootkits should have it on his bookshelf.

Undocumented Windows 2000 Secrets - A Programmer's Cookbook is available to download for free from its authors web site - here.

Alex