A couple of weeks ago while flying to and from Microsoft in Redmond, I read most of this book (still finishing it between bits of spare time on my current projects):
Rootkits: Subverting the Windows Kernel by Greg Hoglund and Jamie Butler.
Ted Neward has a very
good review of the book I suggest you read, and I agree with his evaluation as well -- this really helped me dig into some untouched areas for me such as how to build device drivers and many of the techniques used by rootkits to avoid detection and remain after reboot. This is a great security book, and highly recommended.
