Rootkits: Subverting the Windows Kernel (Addison-Wesley Software Security Series)

Rootkits are a hot topic in Windows security this year. You cannot go to a computer security conference anymore without at least two talks on the topic, either about improving the ways to subvert the operating system or about the newest methods for detecting this behavior. The research on both sides is a fast-changing body of knowledge. Butler and Hoglund's book captures the state-of-the-art in this field. The information is very fresh, and delivers thorough coverage on what's out there to date.

Kernel programming -- and more specifically, hacking the undocumented internals of a closed source OS's kernel -- is one of the most challenging tasks in programming. The authors handle this well, walking the fine line between assuming too much of their reader and wasting time on fundamental concepts. The intended audience will have good knowledge of Intel x86 architecture and experience with C programming. But, if this is your first experience with rootkits, the book is an excellent resource and will get you up to speed. Likewise, if you have already experimented with rootkits of your own, this book is the perfect reference material. Indeed it's the only book that has yet been written on the topic.

As computer security gains in importance, skills that were previously black arts (reverse engineering, disassembling, shellcode authoring, kernel hacking, etc) are finally moving above-ground, and I think this is a good thing. This book is part of that movement.

This book should have broad appeal. I recommend it to device driver developers, blackhat hackers that need to cover their tracks, security researchers, and anyone wanting a better understanding of the Windows kernel.