The bottom line is that knowledge of operating systems can be useful to
reversers at many different levels. First of all, understanding the system’s exe-
cutable file format is crucial, because executable headers often pack quite a few
hints regarding programs and their architectures. Additionally, having a basic
understanding of how the system communicates with the outside world is
helpful for effectively observing and monitoring applications using the vari-
ous system monitoring tools. Finally, understanding the basic APIs offered by
the operating system can be helpful in deciphering programs. Imagine an
application making a sequence of system API calls. The application is essen-
tially talking to the operating system, and the API is the language; if you
understand the basics of the API in question, you can tune in to that conversa-
tion and find out what the application is saying....108 Chapter 3
FURTHER READING
If you’d like to proceed to develop a better understanding of operating systems,
check out Operating System, Design and Implementationby Andrew S.
Tanenbaum and Albert S. Woodhull [Tanenbaum2] Andrew S. Tanenbaum,
Albert S. Woodhull, Operating Systems: Design and Implementation, Second
Edition, Prentice Hall, 1997 for a generic study of operating systems concepts.
For highly detailed information on the architecture of NT-based Windows
operating systems, see Microsoft Windows Internals, Fourth Edition: Microsoft
Windows Server 2003, Windows XP, and Windows 2000by Mark E. Russinovich
and David A. Solomon [Russinovich]. That book is undoubtedly theauthoritative
guide on the Windows architecture and internals.