Название: Accelerated Windows API for Software Diagnostics: With Category Theory in ViewАвтор: Dmitry Vostokov
Издательство: OpenTask
Год: December 2022 (Revision 1.01)
Страниц: 305
Язык: английский
Формат: pdf (true)
Размер: 13.4 MB
The book contains the full transcript of Software Diagnostics Services training with 10 hands-on exercises on various topics related to Windows API.
Our primary goal is to learn Windows API in an accelerated fashion. So, first, we review Windows API fundamentals necessary for software diagnostics. Then we learn various analysis techniques for Windows API exploration. And finally, we see examples of how the knowledge of Windows API helps in diagnostics and debugging.
The rough coverage or schedule includes general API aspects that can also be applicable to other operating systems. We also take a radical detour and introduce category theory in the API context. Our coverage is not only theoretical. We also take a tour through different API subsets and classes. An integral part of this training is practical exercises.
I started thinking about this training when security professionals mentioned the need for Windows API knowledge. Later, some attendees of my memory dump analysis training courses asked questions, and I realized they would have benefitted if they had this training. In addition, this training may also fill some gaps between different training courses. And finally, I recalled that I developed Reading Windows-based Code training in the past (see links to it in the References part of this training) for software technical support and escalation engineers and that the new training would benefit from some aspects of it.
This training also includes an API formalization via Category Theory. We start with a brief overview of categories, functors, and other aspects using Windows API examples. We also cover the basics of how Windows API is used in languages other than C/C++ with template examples. If you are unfamiliar with C or C++, a header is a textual file referenced in source code and inserted during compilation. It can contain anything but most likely some programming language source code such as function declarations, in our context, for example, declarations of Windows API functions and types. Initially, there were very few headers, but now there are many more, and Microsoft reorganized Windows API help information along the many-to-many relationship between headers and the so-called technologies. So, for example, if we are interested in creating threads, the CreateThread API function is declared in the processthreadsapi.h header file, which is used by several technologies, including System Services. But if we look at System Services, we see that it uses many other header files.
To get most of this training, you are expected to have basic development experience and optional basic memory dump analysis experience. I assume you know what types, functions, and their parameters are. If you don’t have a memory dump analysis experience, then you also learn some basics too because we use the Microsoft debugger, WinDbg from Debugging Tools for Windows, or WinDbg Preview app for some exercises. If you haven’t got the Practical Foundations of Windows Debugging, Disassembling, and Reversing book, which also uses WinDbg, or haven’t had a chance to read it, I explain some concepts when necessary during the course.
Knowledge of Windows API is necessary for:
Development
Malware analysis
Vulnerability analysis and exploitation
Reversing
Diagnostics
Debugging
Memory forensics
Crash and hang analysis
Secure coding
Static code analysis
Trace and log analysis
The training uses a unique and innovative pattern-oriented analysis approach and provides:
Overview
Classification
Patterns
Internals
Development examples
Analysis examples
Скачать Accelerated Windows API for Software Diagnostics : With Category Theory in View