Windows NT/2000 Native API Reference is absolutely unique. Currently, documentation on WIndows NT's native APIs can only be found through access to the source code or occasionally Web sites where people have chosen to share bits of insight gained through reverse engineering. This book provides the first complete reference to the API functions native to Windows NT and covers the set of services that are offered by Windows NT to both kernel- and user-mode programs. Ideal for the intermediate and advanced level user- and kernel-mode developers of Windows systems, this books is devoted to the NT native API and consists of documentation of the 210 routines included in the API. Also included are all the functions added in Windows 2000.

With the growing prevalence of the Internet, rootkit technology has taken center stage in the battle between White Hats and Black Hats. Adopting an approach that favors full disclosure, The Rootkit Arsenal presents the most accessible, timely, and complete coverage of rootkit technology. This book covers more topics, in greater depth, than any other currently available. In doing so, the author forges through the murky back alleys of the Internet, shedding light on material that has traditionally been poorly documented, partially documented, or intentionally undocumented.

Malware analysis is big business, and attacks can cost a company dearly. When malware breaches your defenses, you need to act quickly to cure current infections and prevent future ones from occurring. For those who want to stay ahead of the latest malware, Practical Malware Analysis will teach you the tools and techniques used by professional analysts. With this book as your guide, you'll be able to safely analyze, debug, and disassemble any malicious software that comes your way. You'll learn how to: –Set up a safe virtual environment to analyze malware –Quickly extract network signatures and host-based indicators –Use key analysis tools like IDA Pro, OllyDbg, and WinDbg –Overcome malware tricks like obfuscation, anti-disassembly, anti-debugging, and anti-virtual machine techniques –Use your newfound knowledge of Windows internals for malware analysis –Develop a methodology for unpacking malware and get practical experience with five of the most popular packers –Analyze special cases of malware with shellcode, C++, and 64-bit code Hands-on labs throughout the book challenge you to practice and synthesize your skills as you dissect real malware samples, and pages of detailed dissections offer an over-the-shoulder look at how the pros do it. You'll learn how to crack open malware to see how it really works, determine what damage it has done, thoroughly clean your network, and ensure that the malware never comes back. Malware analysis is a cat-and-mouse game with rules that are constantly changing, so make sure you have the fundamentals. Whether you're tasked with securing one network or a thousand networks, or you're making a living as a malware analyst, you'll find what you need to succeed in Practical Malware Analysis.

Anyone who uses a computer is using an operating system, although very few people appreciate what an operating system is or what it does. The most visible part of an operating system is the graphical user interface (GUI) - and yet most of what an operating system does is completely invisible. Introduction to Operating Systems: Behind the Desktop takes a unique approach to the teaching of operating systems, starting with what you will already know - the GUI desktop - before taking you behind, below and beyond the scenes to explore those 'invisible' aspects of the subject. No prerequisite knowledge is assumed other than a general knowledge of programming. Introduction to Operating Systems: Behind the Desktop features: - An in-depth coverage of the core features of modern operating systems, with a wealth of examples drawn from real systems such as Windows and Linux - A concise and non-mathematical approach that allows you to get quickly to the heart of the subject - A treatment that assumes no knowledge of computer architecture - Brief Questions and more in-depth Exercises integrated throughout each chapter to promote active involvement - Practical, in-depth Projects and end-of-chapter additional resources and references to encourage further exploration - Mini-glossaries at the end of each chapter to ensure understanding of key terms, plus a unified glossary at the end of the book for quick and easy reference - A companion website includes comprehensive teaching resources for lecturers

Beginning with a basic primer on reverse engineering-including computer internals, operating systems, and assembly language-and then discussing the various applications of reverse engineering, this book provides readers with practical, in-depth techniques for software reverse engineering. The book is broken into two parts, the first deals with security-related reverse engineering and the second explores the more practical aspects of reverse engineering. In addition, the author explains how to reverse engineer a third-party software library to improve interfacing and how to reverse engineer a competitor's software to build a better product. * The first popular book to show how software reverse engineering can help defend against security threats, speed up development, and unlock the secrets of competitive products * Helps developers plug security holes by demonstrating how hackers exploit reverse engineering techniques to crack copy-protection schemes and identify software targets for viruses and other malware * Offers a primer on advanced reverse-engineering, delving into "disassembly"-code-level reverse engineering-and explaining how to decipher assembly language

This volume contains papers presented at the 3rd International Workshop on Mathematical Methods, Models and Architectures for Computer Network - curity (MMM-ACNS 2005) held in St. Petersburg, Russia, during September 25–27, 2005. The workshop was organized by the St. Petersburg Institute for Informatics and Automation of the Russian Academy of Sciences (SPIIRAS) in cooperation with Binghamton University (SUNY, USA). The 1st and the 2nd International Workshops on Mathematical Methods, Models and Architectures for Computer Network Security (MMM-ACNS 2001 and MMM-ACNS 2003), hosted by the St. Petersburg Institute for Informatics and Automation, demonstrated the keen interest of the international research community in the subject area. It was recognized that conducting a biannual series of such workshops in St. Petersburg stimulates fruitful exchanges between the di?erent schools of thought, facilitates the dissemination of new ideas and promotesthespiritofcooperationbetweenresearchersontheinternationalscale. MMM-ACNS 2005 provided an international forum for sharing original - search results and application experiences among specialists in fundamental and applied problems of computer network security. An important distinction of the workshop was its focus on mathematical aspects of information and computer network security addressing the ever-increasing demands for secure computing and highly dependable computer networks.

The caching of code and data is a common technique used throughout the Windows Operating System in order to improve system and application performance. While System Performance is a difficult subject, this work represents a digestable look at performance by isolating the top fifteen or so ways that caching is used in the Windows 7 Operating System. A book that not only explains how performance, but gives the reader techniques to investigate on his or her own. Each of the caching techniques described and detailed, and experiments are provided that the reader may use to look further into the performance of their own systems. Even performance experts will learn something new from this book. Numerous free tools are used for these experiments, and the appendix provides an excellent guide to using these tools. This book represents the culmination of years of research and a series of presentations made by the Author in front of audiences around the world.