1. 1997年Mark Russinovich与Bryce Cogswell在dr.dobb’s发表的文章:
Windows NT System-Call Hooking
http://www.drdobbs.com/windows/184410109
2.依旧是Mark Russinovich的技术性博文Pushing the Limits of Windows: Handles:
http://blogs.technet.com/b/markrussinovich/archive/2009/09/29/3283844.aspx
下一步可以继续看看Pushing系列的其它几篇:
Pushing the Limits of Windows: Physical Memory
Pushing the Limits of Windows: Virtual Memory
Pushing the Limits of Windows: Paged and Nonpaged Pool
Pushing the Limits of Windows: Processes and Threads
Pushing the Limits of Windows: Handles
Pushing the Limits of Windows: USER and GDI Objects – Part 1
Pushing the Limits of Windows: USER and GDI Objects – Part 2
http://blog.csdn.net/armylau/article/details/60760
4.Application Verifier使用指南
http://support.microsoft.com/kb/286568
5.http://technet.microsoft.com/zh-cn/sysinternals,可以monitor sysinternal的一些动态
6.Inside Windows 7: The Mark Russinovich Interview
http://www.winsupersite.com/article/win7/inside-windows-7-the-mark-russinovich-interview
7.hook技术总览:
Windows下Hook API技术小结
http://www.cnblogs.com/heavenwater/articles/1527446.html
8.hook技术总览2
http://www.cnblogs.com/heavenwater/articles/1527446.html
9.找个时间玩一下AppVerf