-
E-Book
Starting at just £37.99
-
Print
Starting at just £42.00
Download Product Flyer
Download Product Flyer
Download Product Flyer is to download PDF in new tab. This is a dummy description.
Download Product Flyer is to download PDF in new tab. This is a dummy description.
Download Product Flyer is to download PDF in new tab. This is a dummy description.
Download Product Flyer is to download PDF in new tab. This is a dummy description.
Description
Analyzing how hacks are done, so as to stop them in the future
Reverse engineering is the process of analyzing hardware or software and understanding it, without having access to the source code or design documents. Hackers are able to reverse engineer systems and exploit what they find with scary results. Now the good guys can use the same tools to thwart these threats. Practical Reverse Engineering goes under the hood of reverse engineering for security analysts, security engineers, and system programmers, so they can learn how to use these same processes to stop hackers in their tracks.
The book covers x86, x64, and ARM (the first book to cover all three); Windows kernel-mode code rootkits and drivers; virtual machine protection techniques; and much more. Best of all, it offers a systematic approach to the material, with plenty of hands-on exercises and real-world examples.
- Offers a systematic approach to understanding reverse engineering, with hands-on exercises and real-world examples
- Covers x86, x64, and advanced RISC machine (ARM) architectures as well as deobfuscation and virtual machine protection techniques
- Provides special coverage of Windows kernel-mode code (rootkits/drivers), a topic not often covered elsewhere, and explains how to analyze drivers step by step
- Demystifies topics that have a steep learning curve
- Includes a bonus chapter on reverse engineering tools
Practical Reverse Engineering: Using x86, x64, ARM, Windows Kernel, and Reversing Tools provides crucial, up-to-date guidance for a broad range of IT professionals.
About the Author
Bruce Dang is a senior security development engineering lead at Microsoft focusing on Windows kernel and reverse engineering.
Alexandre Gazet is a senior security researcher at QuarksLab focusing on reverse engineering and software protection.
Elias Bachaalany is a software security engineer at Microsoft.
Permissions
Table of contents
Introduction xxiii
Chapter 1 x86 and x64 1
Register Set and Data Types 2
Instruction Set 3
Syntax 4
Data Movement 5
Exercise 11
Arithmetic Operations 11
Stack Operations and Function Invocation 13
Exercises 17
Control Flow 17
System Mechanism 25
Address Translation 26
Interrupts and Exceptions 27
Walk-Through 28
Exercises 35
x64 36
Register Set and Data Types 36
Data Movement 36
Canonical Address 37
Function Invocation 37
Exercises 38
Chapter 2 ARM 39
Basic Features 40
Data Types and Registers 43
System-Level Controls and Settings 45
Introduction to the Instruction Set 46
Loading and Storing Data 47
LDR and STR 47
Other Usage for LDR 51
LDM and STM 52
PUSH and POP 56
Functions and Function Invocation 57
Arithmetic Operations 60
Branching and Conditional Execution 61
Thumb State 64
Switch-Case 65
Miscellaneous 67
Just-in-Time and Self-Modifying Code 67
Synchronization Primitives 67
System Services and Mechanisms 68
Instructions 70
Walk-Through 71
Next Steps 77
Exercises 78
Chapter 3 The Windows Kernel 87
Windows Fundamentals 88
Memory Layout 88
Processor Initialization 89
System Calls 92
Interrupt Request Level 104
Pool Memory 106
Memory Descriptor Lists 106
Processes and Threads 107
Execution Context 109
Kernel Synchronization Primitives 110
Lists 111
Implementation Details 112
Walk-Through 119
Exercises 123
Asynchronous and Ad-Hoc Execution 128
System Threads 128
Work Items 129
Asynchronous Procedure Calls 131
Deferred Procedure Calls 135
Timers 140
Process and Thread Callbacks 142
Completion Routines 143
I/O Request Packets 144
Structure of a Driver 146
Entry Points 147
Driver and Device Objects 149
IRP Handling 150
A Common Mechanism for User-Kernel Communication 150
Miscellaneous System Mechanisms 153
Walk-Throughs 155
An x86 Rootkit 156
An x64 Rootkit 172
Next Steps 178
Exercises 180
Building Confidence and Solidifying Your Knowledge 180
Investigating and Extending Your Knowledge 182
Analysis of Real-Life Drivers 184
Chapter 4 Debugging and Automation 187
The Debugging Tools and Basic Commands 188
Setting the Symbol Path 189
Debugger Windows 189
Evaluating Expressions 190
Process Control and Debut Events 194
Registers, Memory, and Symbols 198
Breakpoints 208
Inspecting Processes and Modules 211
Miscellaneous Commands 214
Scripting with the Debugging Tools 216
Pseudo-Registers 216
Aliases 219
Language 226
Script Files 240
Using Scripts Like Functions 244
Example Debug Scripts 249
Using the SDK 257
Concepts 258
Writing Debugging Tools Extensions 262
Useful Extensions, Tools, and Resources 264
Chapter 5 Obfuscation 267
A Survey of Obfuscation Techniques 269
The Nature of Obfuscation: A Motivating Example 269
Data-Based Obfuscations 273
Control-Based Obfuscation 278
Simultaneous Control-Flow and Data-Flow Obfuscation 284
Achieving Security by Obscurity 288
A Survey of Deobfuscation Techniques 289
The Nature of Deobfuscation: Transformation Inversion 289
Deobfuscation Tools 295
Practical Deobfuscation 312
Case Study 328
First Impressions 328
Analyzing Handlers Semantics 330
Symbolic Execution 333
Solving the Challenge 334
Final Thoughts 336
Exercises 336
Appendix Sample Names and Corresponding SHA1 Hashes 341
Index 343
Downloads
Errata
| Chapter | Page | Details | Date | Print Run |
|---|---|---|---|---|
| 1 | 25 | Errata in code Chapter 1, page 25, Rough C code currently reads: while (ecx != 0) {
} Should read:
} |
4-May-2018 | |
|
|
||||
| 1 | 25 | Errata in text Chapter 1, page 25, the second to the last paragraph: «Line 3 … memory address EDI». It should be «Line 3 … memory address ESI» «Line 5 … memory address ESI». It should be «Line 5 … memory address EDI» |
4-May-2018 | |
|
|
||||
| 1 | 3 | Text correction: Error under Register Set and Data Types The Note in the middle of the page states «Although there are seven debug registers…» It should read «eight debug registers» |
3/4/14 | |
|
|
||||
| 1 | 36 | Correction: Error in Figure 1-6 The 8-bit register on the right-hand side of the figure, given as «PL», should be «BPL» |
3/5/14 | |
|
|
||||
| 1 | 4 | Text correction: Errors in code The block of ARM code: 01: 1B 68 LDR R3, [R3] ; read the value at address R3 02: 5A 1C ADDS R2, R3, #1 ; add 1 to it should read: 01: 1A 68 LDR R2, [R3] |
3/4/14 | |
|
|
||||
| 1 | 5 | Text correction: Error under «Syntax» the second bullet point, «AT&T adds a prefix to the instruction…» should read «AT&T adds a suffix to the instruction…» |
3/4/14 | |
|
|
||||
| 1 | 6 | Text correction: Errors in code under «Pseudo C» in «Data Movement» In the first listing on the page, lines 4 and 5:04: *(esi+34) = eax; 05: eax = *(esi+34); should read: 04: *(esi+0x34) = eax; |
3/4/14 | |
|
|
||||
| 1 | 7 | Text correction: Errors in explanation of Figure 1-2 The first sentence following the figure, «…Importance is set to 0x1 (underlined bits)…» should read: «…Importance is set to 0x1 (italicized bits)…» In the block of code following, the «C6» at the beginning of lines 5 and 6 should not be italicized. The last sentence of the paragraph following the code block, «In the example, the override prefix bytes are C6 and 66 (italicized).» should read: |
3/5/14 | |
|
|
||||
| 1 | 8 | Text correction The fourth sentence in the last paragraph, «If DF is 0, the addresses are decremented…» should read: «If DF is 1, the addresses are decremented…» |
3/5/14 | |
|
|
||||
| 1 | 9 | Text correction: Error in assembly code Line 6 of the code block under «Assembly»: ; copies 4 bytes from EDI to ESI ; increment each by 4 should read: ; copies 4 bytes from ESI to EDI ; increment each by 4 |
3/5/14 | |
|
|
||||
| 17 | 5 | Text correction: Error in Assembly code under «Data Movement» The third-to-last line of code, ; set EAX to the value at address (EAX+34) should read: ; set EAX to the value at address (ESI+0x34) |
3/4/14 | |
|
|
||||
| 2 | 50 | Errata in text «R3 is the index multiplied by 2» should be «R3 is the index multiplied by 4» |
4-Aug-17 | |
|
|
||||
| 3 | 146 | Correction: Errors in Figure 3-8 The labels on the left of the figure, «Static Port» and «Dynamic Port» should read «Static part» and Dynamic part». |
3/5/14 | |
|
|
||||
| 3 | 150 | Text correction: Error in code listing under «IRP Handling» The code listing has an extraneous «*» character. The listing should read:NTSTATUS XXX_Dispatch ( PDEVICE_OBJECT DeviceObject, PIRP Irp ); |
3/5/14 | |
|
|
||||
| 3 | 159 | Errata in Text The text reads: It supports IRP_MJ_READ, IRP_MJ_WRITE, and IRP_MJ_DEVICE_CONTROL operations, and sub_10300 is the handler (renamed to IRP_ReadCloseDeviceIo). Should be: It supports IRP_MJ_CREATE, IRP_MJ_CLOSE, and IRP_MJ_DEVICE_CONTROL operations, and sub_10300 is the handler (renamed to IRP_ReadCloseDeviceIo). |
02-May-17 | |
|
|
||||
| 3 | 159 | Text correction: Error in code The first code listingafter the bullet list contains an extraneous «*» character. The code should read:VOID Unload( PDRIVER_OBJECT DriverObject ); |
3/5/14 | |
|
|
Book description
Analyzing how hacks are done, so as to stop them in the future
Reverse engineering is the process of analyzing hardware or software and understanding it, without having access to the source code or design documents. Hackers are able to reverse engineer systems and exploit what they find with scary results. Now the good guys can use the same tools to thwart these threats. Practical Reverse Engineering goes under the hood of reverse engineering for security analysts, security engineers, and system programmers, so they can learn how to use these same processes to stop hackers in their tracks.
The book covers x86, x64, and ARM (the first book to cover all three); Windows kernel-mode code rootkits and drivers; virtual machine protection techniques; and much more. Best of all, it offers a systematic approach to the material, with plenty of hands-on exercises and real-world examples.
-
Offers a systematic approach to understanding reverse engineering, with hands-on exercises and real-world examples
-
Covers x86, x64, and advanced RISC machine (ARM) architectures as well as deobfuscation and virtual machine protection techniques
-
Provides special coverage of Windows kernel-mode code (rootkits/drivers), a topic not often covered elsewhere, and explains how to analyze drivers step by step
-
Demystifies topics that have a steep learning curve
-
Includes a bonus chapter on reverse engineering tools
Practical Reverse Engineering: Using x86, x64, ARM, Windows Kernel, and Reversing Tools provides crucial, up-to-date guidance for a broad range of IT professionals.
| Author | : |
| Publisher | : John Wiley & Sons |
| Total Pages | : 384 |
| Release | : 2014-02-03 |
| ISBN-10 | : 9781118787397 |
| ISBN-13 | : 1118787390 |
| Rating | : 4/5 (390 Downloads) |
Book Synopsis Practical Reverse Engineering by : Bruce Dang
Download or read book Practical Reverse Engineering written by Bruce Dang and published by John Wiley & Sons. This book was released on 2014-02-03 with total page 384 pages. Available in PDF, EPUB and Kindle. Book excerpt: Analyzing how hacks are done, so as to stop them in thefuture Reverse engineering is the process of analyzing hardware orsoftware and understanding it, without having access to the sourcecode or design documents. Hackers are able to reverse engineersystems and exploit what they find with scary results. Now the goodguys can use the same tools to thwart these threats. PracticalReverse Engineering goes under the hood of reverse engineeringfor security analysts, security engineers, and system programmers,so they can learn how to use these same processes to stop hackersin their tracks. The book covers x86, x64, and ARM (the first book to cover allthree); Windows kernel-mode code rootkits and drivers; virtualmachine protection techniques; and much more. Best of all, itoffers a systematic approach to the material, with plenty ofhands-on exercises and real-world examples. Offers a systematic approach to understanding reverseengineering, with hands-on exercises and real-world examples Covers x86, x64, and advanced RISC machine (ARM) architecturesas well as deobfuscation and virtual machine protectiontechniques Provides special coverage of Windows kernel-mode code(rootkits/drivers), a topic not often covered elsewhere, andexplains how to analyze drivers step by step Demystifies topics that have a steep learning curve Includes a bonus chapter on reverse engineering tools Practical Reverse Engineering: Using x86, x64, ARM, WindowsKernel, and Reversing Tools provides crucial, up-to-dateguidance for a broad range of IT professionals.
Practical Reverse Engineering: x86, x64, ARM, Windows Kernel, Reversing Tools, and Obfuscation
 |
| Practical Reverse Engineering: x86, x64, ARM, Windows Kernel, Reversing Tools, and Obfuscation |
Reading how hacks are accomplished, for you to forestall them inside the destiny
opposite engineering is the system of studying hardware or software and know-how it, without gaining access to the source code or layout documents. Hackers are capable of opposing engineering systems and exploiting what they locate with scary outcomes. Now the best guys can use the same tools to thwart those threats. Practical opposite engineering is going beneath the hood of opposite engineering for security analysts, safety engineers, and machine programmers so that they will discover ways to use these identical approaches to stop hackers in their tracks. The e-book covers x86, x64, and arm (the first e-book to cowl all three); Windows kernel-mode code rootkits and drivers; digital machine safety techniques; and lots more. Satisfactory of all, it gives a systematic technique to the fabric, with lots of arms-on physical games and actual-international examples.
- Offers a systematic approach to understanding reverse engineering, with hands-on exercises and real-world examples
- Covers x86, x64, and advanced RISC machine (ARM) architectures as well as deobfuscation and virtual machine protection techniques
- Provides special coverage of Windows kernel-mode code (rootkits/drivers), a topic not often covered elsewhere, and explains how to analyze drivers step by step
- Demystifies topics that have a steep learning curve
- Includes a bonus chapter on reverse engineering tools
Practical Reverse Engineering: Using x86, x64, ARM, Windows Kernel, and Reversing Tools provides crucial, up-to-date guidance for a broad range of IT professionals.
ABOUT THE AUTHOR (Credit to Author)
Bruce Dang is a senior security development engineering lead at Microsoft focusing on Windows kernel and reverse engineering.
Alexandre Gazet is a senior security researcher at QuarksLab focusing on reverse engineering and software protection.
Elias Bachaalany is a software security engineer at Microsoft.
Download Link:- Userupload
Название: Practical Reverse Engineering: x86, x64, ARM, Windows Kernel, Reversing Tools, and Obfuscation
Издательство: wiley
Автор:Bruce Dang, Alexandre Gazet, Elias Bachaalany, Sebastien Josse
Год:2014
Количество страниц:384
Язык:English
Формат: pdf
Размер:9,6 Mb
Analyzing how hacks are done, so as to stop them in the future
Reverse engineering is the process of analyzing hardware or software and understanding it, without having access to the source code or design documents. Hackers are able to reverse engineer systems and exploit what they find with scary results. Now the good guys can use the same tools to thwart these threats. Practical Reverse Engineering goes under the hood of reverse engineering for security analysts, security engineers, and system programmers, so they can learn how to use these same processes to stop hackers in their tracks.
The book covers x86, x64, and ARM (the first book to cover all three); Windows kernel-mode code rootkits and drivers; virtual machine protection techniques; and much more. Best of all, it offers a systematic approach to the material, with plenty of hands-on exercises and real-world examples.
Offers a systematic approach to understanding reverse engineering, with hands-on exercises and real-world examples
Covers x86, x64, and advanced RISC machine (ARM) architectures as well as deobfuscation and virtual machine protection techniques
Provides special coverage of Windows kernel-mode code (rootkits/drivers), a topic not often covered elsewhere, and explains how to analyze drivers step by step
Demystifies topics that have a steep learning curve
Includes a bonus chapter on reverse engineering tools
Practical Reverse Engineering: Using x86, x64, ARM, Windows Kernel, and Reversing Tools provides crucial, up-to-date guidance for a broad range of IT professionals
depositfiles.com
turbobit.net
| Рейтинг: |
4.8 баллов / 2537 оценок |
| Формат: | Книга |
| Уже скачали: | 12820 раз |