Reading Notebook: 15-October-09
Comments in italics are mine and express my own views, thoughts and opinions
Windows Internals by M. Russinovich, D. Solomon and A. Ionescu:
TxF <-> KTM <-> TxR (pp. 240 - 241) - how to use files transactionally (CreateFileTransacted): http://msdn.microsoft.com/en-us/library/aa365008(VS.85).aspx
hotpatching is actually 7 bytes: 2 from mov edi, edi and 5 from the previous function (p. 243) - impressive combination of near and far jumps
KPP (PatchGuard) (pp. 244 - 246)
DKOM, direct kernel object modification (p. 245) - looks like subclassing in kernel
Bugcheck 109 - CRITICAL_STRUCTURE_CORRUPTION (p. 245) - used to be not very frequent but increased in frequency since the time of this post: http://www.dumpanalysis.org/blog/index.php/2008/03/12/bug-check-frequencies/
Enhanced process notifications since Vista SP1 to block process launch (p. 246)
Two driver signing policies (KMCS and PnP) (p. 247)
Protected Media Path (p. 247) - more information is here: http://msdn.microsoft.com/en-us/library/aa376846(VS.85).aspx
Per-page image authentication (p. 247)
- Dmitry Vostokov @ SoftwareGeneralist.com -
_1125.png)
Coming Soon:
Management Bits: An Anthology from Reductionist Manager
Debugging Notebook: Essential Concepts, WinDbg Commands and Tools
Crash Dump Analysis for System Administrators and Support Engineers
New Magazines:
Debugged! MZ/PE: MagaZine for/from Practicing Engineers
New Books:
Memory Dump Analysis Anthology: Color Supplement for Volumes 1-3
Memory Dump Analysis Anthology, Volume 3
First Fault Software Problem Solving: A Guide for Engineers, Managers and Users
x64 Windows Debugging: Practical Foundations
Also available:
Windows Debugging: Practical Foundations
DLL List Landscape: The Art from Computer Memory Space
Dumps, Bugs and Debugging Forensics: The Adventures of Dr. Debugalov
WinDbg: A Reference Poster and Learning Cards
Memory Dump Analysis Anthology, Volume 2
Memory Dump Analysis Anthology, Volume 1
New Children's Book:
