Windows Internals, 5th EditionRussinovich, Solomon, Microsoft Press 2009 1231 pg, Library Congress # 98052-6399
The authoritative reference for the Windows OS internals. ‘nuff said.
The Shellcoder’s Handbook, 2cd editionAnley, Heasman, FX, Richarte, Wiley 2007 718 pg, ISBN 978-0-470-08023-8
In-depth coverage of Exploits and how to build them. Buy the book and read it quickly before this edition also becomes out-dated! Oups – too late! Actually, everything is cumulative so this book lays the foundation that the newer exploit technologies are building on.
Advanced Windows DebuggingHewardt, Pravat, Addison-Wesley 2008 809 pg, ISBN 978-0-321-37446-2
Extensive authoritative coverage of the classic Windows debugging tools. Practical coverage of Windows internals from a debugger’s standpoint. Essential skill set for malware analysis, forensics, exploit development. Authors are very Microsoft-centric in their outlook / choice of tools. Valgrind? Ollydbg?
Malware Analyst’s CookbookLigh, Adair, et al, Wiley 2011 716 pg ISBN 978-0-470-61303-0
Since I’m writing this in 2010, I must have got my copy from a time machine! …. Great book! Super practical overview of what works and how to do it. “Must read” for malware forensics work.
Fuzzing – Brute Force Vulnerability DiscoverySutton, Greene, Amini, Addison-Wesley 2007 543 pg, ISBN 0-32-144611-9
Anything Pedram Amini is involved in has to be good. This book is a solid overview of most everything fuzzing. Says it all in one place. Written in 2007, but still a good read.
Art of Software Security AssessmentDowd, McDonald, Schuh, Addison-Wesley 2007 1174 pg ISBN 0-321-44442-6
The last in the last but definitely not the least!! At 1000+ pg this is a tome, nothing less. The authors say in their preface: “You’ll get the most value if you read this book straight through at least once …” And they are right (unfortunately!) This is the authoritative reference on source code review and includes in-depth discussions of related OS internals topics both in Unix and Windows. The web-related coverage towards the end is becoming outdated but is still useful.