So this book has been getting mentioned around by a lot of reputable contacts internally so my teammate picked up a couple copies and I’ve been browsing it since. Browsing? Like all books in this category (Windows Internals, C++ Programming, etc) I don’t read it cover to cover, if you do you should earn a merit badge.
I’ve noticed that when I run into a situation, like a memory leak or server hung and have exhausted all I can think of, I picked up this book and learned a few new tricks which came in handy (!address -summary). This happened a few times and then the book became the first place I checked when running into a situation I had not debugged very often or ever.
For example one "trick" they tell you about early on is when you have a usermode debug session piped to kernel (ntsd -d), but for whatever reason you cant use .breakin to get into the kernel from the user mode debug session. They mention using .sleep 1000 to sleep the user mode debugger and then you can use ctrl+c to break into kernel and snoop around, when you’re done snooping around, g the remote and then sleep command will complete and you’ll fall back into the user mode remote. (If this doesn’t make sense well get this book then!).
It’s tidbits of information like this and solid debugging skills that come from years on the job and can be found in this book. If you want to get into debugging, or have been been debugging for a while and want to learn new techniques, this is a great find. All in all if you debug either user mode or kernel mode, you’re going to find some great information in this book.
The only other book I use frequently on the job is the Windows Internals book that most of you know and love (excluding the debugger.chm file).
I get no kick backs for my recommendation, I just like the book and I’m sure to fine more gems as I continue to run into issues.