Software Generalist

Comments in italics are mine and express my own views, thoughts and opinions

Windows Internals by M. Russinovich, D. Solomon and A. Ionescu:

TxF <-> KTM <-> TxR (pp. 240 - 241) - how to use files transactionally (CreateFileTransacted): http://msdn.microsoft.com/en-us/library/aa365008(VS.85).aspx

hotpatching is actually 7 bytes: 2 from mov edi, edi and 5 from the previous function (p. 243)  - impressive combination of near and far jumps

KPP (PatchGuard) (pp. 244 - 246)

DKOM, direct kernel object modification (p. 245) - looks like subclassing in kernel

Bugcheck 109 - CRITICAL_STRUCTURE_CORRUPTION (p. 245) - used to be not very frequent but increased in frequency since the time of this post: http://www.dumpanalysis.org/blog/index.php/2008/03/12/bug-check-frequencies/

Enhanced process notifications since Vista SP1 to block process launch (p. 246)

Two driver signing policies (KMCS and PnP) (p. 247)

Protected Media Path (p. 247) - more information is here: http://msdn.microsoft.com/en-us/library/aa376846(VS.85).aspx

Per-page image authentication (p. 247)

- Dmitry Vostokov @ SoftwareGeneralist.com -

           

Announcements

Coming Soon:

Resume and CV: As a Book

Fundamentals of Complete Crash and Hang Memory Dump Analysis

Management Bits: An Anthology from Reductionist Manager

Crash Dump Analysis: Practical Foundations (Windows Edition, Systematic Software Fault Analysis Series)

Crash Dump Analysis for System Administrators and Support Engineers

New Magazines:

Debugged! MZ/PE: MagaZine for/from Practicing Engineers

New Books:

Advanced Windows Memory Dump Analysis with Data Structures: Training Course Transcript and WinDbg Practice Exercises with Notes

Accelerated .NET Memory Dump Analysis: Training Course Transcript and WinDbg Practice Exercises with Notes

Accelerated Windows Memory Dump Analysis: Training Course Transcript and WinDbg Practice Exercises with Notes

Introduction to Pattern-Driven Software Problem Solving

Memory Dump Analysis Anthology: Color Supplement for Volumes 4-5

Windows Debugging Notebook: Essential User Space WinDbg Commands

Memory Dump Analysis Anthology, Volume 5

Memory Dump Analysis Anthology, Volume 4

Memory Dump Analysis Anthology: Color Supplement for Volumes 1-3

Memory Dump Analysis Anthology, Volume 3

First Fault Software Problem Solving: A Guide for Engineers, Managers and Users

x64 Windows Debugging: Practical Foundations

Also available:

Windows Debugging: Practical Foundations

DLL List Landscape: The Art from Computer Memory Space

Dumps, Bugs and Debugging Forensics: The Adventures of Dr. Debugalov

WinDbg: A Reference Poster and Learning Cards

Memory Dump Analysis Anthology, Volume 2

Memory Dump Analysis Anthology, Volume 1

New Children's Book:

Baby Turing

This entry was posted on Thursday, October 15th, 2009 at 4:16 pm and is filed under Notes on Windows Internals, Reading Notebook. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.