// Comparison

Practical Reverse Engineering vs Rootkits and Bootkits: Which Should You Read?

Two cybersecurity books on Reverse Engineering, compared honestly: who each is for, what each does best, and which to read first.

Advanced

4/52014

Practical Reverse Engineering

x86, x64, ARM, Windows Kernel, Reversing Tools, and Obfuscation

Bruce Dang, Alexandre Gazet, Elias Bachaalany

A working reverser's textbook from three Microsoft / Quarkslab veterans, covering the architectures and toolchain you'll actually meet on real targets, including the Windows kernel and modern obfuscation patterns.

Advanced

4/52019

Rootkits and Bootkits

Reversing Modern Malware and Next Generation Threats

Alex Matrosov, Eugene Rodionov, Sergey Bratus

Matrosov, Rodionov and Bratus on persistent, deeply-embedded malware: kernel rootkits, MBR/UEFI bootkits, and the forensic techniques that surface them. Strongly Windows-internals oriented.

Read this if

Reverse engineers transitioning from "I can read disassembly" to "I can audit a Windows kernel driver." The architecture-first companion to Practical Malware Analysis.

Malware analysts who need to handle below-the-OS persistence: kernel rootkits, MBR/UEFI bootkits, hypervisor-based threats. The deep specialist text in this corner of the field.

Skip this if

Beginners with no assembly background, or readers focused exclusively on Linux/userland. The book is heavy on Windows internals and assumes you'll do the exercises in WinDbg.

Generalist malware analysts, or anyone whose work doesn't touch firmware-level threats. The book is dense and assumes Windows internals fluency; readers without that background will struggle.

Key takeaways

x86, x64, ARM, kernel-mode debugging, and anti-RE techniques in a single coherent volume; nothing else competes for breadth.
The kernel debugging chapters are the practical introduction the official Windows Internals book never quite delivers for security audiences.
Anti-RE coverage (obfuscation, packing, anti-debug, virtualization-based protection) is the bridge to modern malware analysis that PMA consciously skips.

Bootkits and UEFI rootkits are not theoretical; the book documents real samples (LoJax, MoonBounce, BlackLotus-class) and the techniques that make them detectable.
Secure Boot is necessary but not sufficient; the chapters on UEFI variables and SMM trust are required reading for anyone designing platform security.
Forensic detection of below-the-OS threats requires platform-specific tooling; the book's coverage of memory-acquisition pitfalls and integrity verification is the practical core.

How they compare

Practical Reverse Engineering and Rootkits and Bootkits are both rated 4/5 in our catalog. Pick by topic preference and reading style rather than by rating.

Both books target advanced-level readers, so the choice is about topic, not difficulty.

Practical Reverse Engineering and Rootkits and Bootkits both cover Reverse Engineering, Malware, Windows Internals, so reading them in sequence reinforces the same material from different angles.

Keep reading