Three Roads to Kernel Space

Here we newly update our original “The Road to Kernel Space” article (Volume1, page 664). The previous update was called “Moving to Kernel Space (with an eye on security)” and published in October 2010 in Software Diagnostics Library2.

Since then, many new books mentioning kernel space and Windows device drivers were published. We realized that not only one road but three of them are available based on your needs. Of course, there are intersections. Common to all roads is Windows Internals book set (6th version at the time of this writing).

If you take device driver writer road, you need these books:

•    The Windows 2000 Device Driver Book: A Guide for Programmers, 2nd edition

•    Windows NT Device Driver Development

•    Developing Windows NT Device Drivers: A Programmer's Handbook

•    Programming the Microsoft Windows Driver Model, 2nd edition

•    Developing Drivers with the Windows Driver Foundation

If you take reversing, memory forensics, and malware analysis road you need these books:

•    Rootkits: Subverting the Windows Kernel

•    The Rootkit Arsenal: Escape and Evasion in the Dark Corners of the System, 2nd edition

•    Practical Reverse Engineering: X86, X64, Arm, Windows Kernel, Reversing Tools, and Obfuscation

•    The Art of Memory Forensics: Detecting Malware and Threats in Windows, Linux, and Mac Memory

•    Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software

•    Malware Analyst's Cookbook and DVD: Tools and Techniques for Fighting Malicious Code

•    Accelerated Windows Malware Analysis with Memory Dumps: Training Course Transcript and WinDbg Practice Exercises3

If you take software support crash and hang memory dump analysis road you need these books:

•    Accelerated Windows Memory Dump Analysis: Training Course Transcript and WinDbg Practice Exercises with Notes, Third Edition4

•    Advanced Windows Memory Dump Analysis with Data Structures: Training Course Transcript and WinDbg Practice Exercises with Notes, Second Edition5

Also, there are few optional books for any road such as:

•    Windows NT File System Internals

•    Windows NT/2000 Native API Reference


2      http://www.dumpanalysis.org/blog/index.php/2010/10/30/moving-to-kernel-space-updated-references-with-an-eye-on-security/

3 http://www.dumpanalysis.org/accelerated-windows-malware-analysis-book

4 http://www.dumpanalysis.org/accelerated-windows-memory-dump-analysis-book

5 http://www.dumpanalysis.org/advanced-windows-memory-dump-analysis-book

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.14.130.230