Muutke küpsiste eelistusi

Blue Fox: Arm Assembly Internals and Reverse Engineering [Pehme köide]

4.54/5 (53 hinnangut Goodreads-ist)
  • Formaat: Paperback / softback, 480 pages, kõrgus x laius x paksus: 234x185x28 mm, kaal: 658 g
  • Ilmumisaeg: 25-Apr-2023
  • Kirjastus: John Wiley & Sons Inc
  • ISBN-10: 1119745306
  • ISBN-13: 9781119745303
Teised raamatud teemal:
  • Pehme köide
  • Hind: 42,53 €*
  • * hind on lõplik, st. muud allahindlused enam ei rakendu
  • Tavahind: 50,04 €
  • Säästad 15%
  • Raamatu kohalejõudmiseks kirjastusest kulub orienteeruvalt 2-4 nädalat
  • Kogus:
  • Lisa ostukorvi
  • Tasuta tarne
  • Tellimisaeg 2-4 nädalat
  • Lisa soovinimekirja
Blue Fox: Arm Assembly Internals and Reverse EngineeringSuurem pilt
  • Formaat: Paperback / softback, 480 pages, kõrgus x laius x paksus: 234x185x28 mm, kaal: 658 g
  • Ilmumisaeg: 25-Apr-2023
  • Kirjastus: John Wiley & Sons Inc
  • ISBN-10: 1119745306
  • ISBN-13: 9781119745303
Teised raamatud teemal:
Püsilink: https://www.kriso.ee/db/9781119745303.html
Märksõnad:

Provides readers with a solid foundation in Arm assembly internals and using reverse-engineering as the basis for analyzing and securing billions of Arm devices  

Finding and mitigating security vulnerabilities in Arm devices is the next critical internet security frontier—Arm processors are already in use by more than 90% of all mobile devices, billions of Internet of Things (IoT) devices, and a growing number of current and soon-to-arrive laptops from companies including Microsoft, Lenovo, and Apple. Written by a leading expert on Arm security, Blue Fox: Arm Assembly Internals and Binary Analysis of Mobile and IoT Devices introduces readers to modern Armv8-A instruction sets&;and the process of reverse-engineering Arm binaries for security research and defensive purposes. 

Divided into two sections, the book first provides a detailed look at the Armv8-A assembly languages, followed by OS and Arm architecture fundamentals, and a deep-dive into the A32 and A64 instruction sets. Section Two delves into the process of reverse-engineering itself: setting up an Arm environment, an introduction to static and dynamic analysis tools, and the process of extracting and emulating firmware for analysis. Throughout the book, the reader is given an extensive understanding of Arm instructions and control-flow patterns essential for reverse engineering software compiled for the Arm architecture. Providing an in-depth introduction into reverse-engineering for engineers and security researchers alike, this book: 

  • Offers an introduction to the Arm architecture, covering both AArch32 and AArch64 instruction set states, as well as ELF file format internals    
  • Presents in-depth information on Arm assembly internals for reverse engineers analyzing malware and auditing software for security vulnerabilities, as well as for developers seeking detailed knowledge of the Arm assembly language  
  • Covers the A32/T32 and A64 instruction sets supported by the Armv8-A architecture with a detailed overview of the most common instructions and control flow patterns 
  • Introduces known reverse engineering tools used for static and dynamic binary analysis 
  • Describes the process of disassembling and debugging Arm binaries on Linux, and using disassembly and debugging tools including Ghidra and GDB. 

Blue Fox: Arm Assembly Internals and Binary Analysis of Mobile and IoT Devices is a vital resource for security researchers and reverse engineers who analyze software applications for IoT and mobile devices at the assembly level. 

Introduction xxi
Part I Arm Assembly Internals
1(304)
Chapter 1 Introduction to Reverse Engineering
3(18)
Introduction to Assembly
3(12)
Bits and Bytes
3(2)
Character Encoding
5(1)
Machine Code and Assembly
6(3)
Assembling
9(4)
Cross-Assemblers
13(2)
High-Level Languages
15(1)
Disassembling
16(1)
Decompilation
17(4)
Chapter 2 ELF File Format Internals
21(48)
Program Structure
21(1)
High-Level vs. Low-Level Languages
22(2)
The Compilation Process
24(6)
Cross-Compiling for Other Architectures
25(2)
Assembling and Linking
27(3)
The ELF File Overview
30(1)
The ELF File Header
31(3)
The ELF File Header Information Fields
32(1)
The Target Platform Fields
33(1)
The Entry Point Field
34(1)
The Table Location Fields
34(1)
ELF Program Headers
34(9)
The PHDR Program Header
36(1)
The INTERP Program Header
36(1)
The LOAD Program Headers
36(1)
The DYNAMIC Program Header
37(1)
The NOTE Program Header
37(1)
The TLS Program Header
38(1)
The GNU EH FRAME Program Header
38(1)
The GNU STACK Program Header
39(2)
The GNLLRELRO Program Header
41(2)
ELF Section Headers
43(9)
The ELF Meta-Sections
45(1)
The String Table Section
46(1)
The Symbol Table Section
46(1)
The Main ELF Sections
46(1)
The text Section
47(1)
The data Section
47(1)
The bss Section
47(1)
The rodata Section
47(1)
The tdata and tbss Sections
48(1)
Symbols
48(2)
Global vs. Local Symbols
50(1)
Weak Symbols
50(1)
Symbol Versions
51(1)
Mapping Symbols
51(1)
The Dynamic Section and Dynamic Loading
52(8)
Dependency Loading (NEEDED)
53(1)
Program Relocations
54(1)
Static Relocations
55(1)
Dynamic Relocations
56(1)
The Global Offset Table (GOT)
57(1)
The Procedure Linkage Table (PUT)
57(1)
The ELF Program Initialization and Termination Sections
58(2)
Initialization and Termination Order
60(1)
Thread-Local Storage
60(9)
The Local-Exec TLS Access Model
65(1)
The Initial-Exec TLS Access Model
65(1)
The General-Dynamic TLS Access Model
66(1)
The Local-Dynamic TLS Access Model
67(2)
Chapter 3 OS Fundamentals
69(24)
OS Architecture Overview
69(11)
User Mode vs. Kernel Mode
70(1)
Processes
70(2)
System Calls
72(5)
Objects and Handles
77(2)
Threads
79(1)
Process Memory Management
80(13)
Memory Pages
82(1)
Memory Protections
82(2)
Anonymous and Memory-Mapped Memory
84(1)
Memory-Mapped Files and Modules
84(3)
Address Space Layout Randomization
87(3)
Stack Implementations
90(1)
Shared Memory
91(2)
Chapter 4 The Arm Architecture
93(36)
Architectures and Profiles
93(2)
The Armv8-A Architecture
95(7)
Exception Levels
96(1)
Armv8-A TrustZone Extension
97(2)
Exception Level Changes
99(2)
Armv8-A Execution States
101(1)
The AArch64 Execution State
102(12)
The A64 Instruction Set
103(1)
AArch64 Registers
104(2)
The Program Counter
106(1)
The Stack Pointer
107(1)
The Zero Register
107(1)
The Link Register
108(1)
The Frame Pointer
109(1)
The Platform Register (x18)
109(1)
The Intraprocedural Call Registers
110(1)
SIMD and Floating-Point Registers
110(1)
System Registers
111(1)
PSTATE
112(2)
The AArch32 Execution State
114(15)
A32 and T32 Instruction Sets
114(1)
The A32 Instruction Set
114(1)
The T32 Instruction Set
115(1)
Switching Between Instruction Sets
115(3)
AArch32 Registers
118(1)
The Program Counter
119(1)
The Stack Pointer
120(1)
The Frame Pointer
120(1)
The Link Register
121(1)
The Intraprocedural Call Register (IP, rl2)
121(1)
The Current Program Status Register
121(1)
The Application Program Status Register
122(2)
The Execution State Registers
124(1)
The Instruction Set State Register
124(1)
The IT Block State Register (ITSTATE)
125(1)
Endianness state
126(1)
Mode and Exception Mask Bits
126(3)
Chapter 5 Data Processing Instructions
129(66)
Shift and Rotate Operations
131(22)
Logical Shift Left
132(1)
Logical Shift Right
133(1)
Arithmetic Shift Right
133(1)
Rotate Right
134(1)
Rotate Right with Extend
134(1)
Instruction Forms
135(1)
Shift by a Constant Immediate Form
136(2)
Shift by Register Form
138(2)
Bitfield Manipulation Operations
140(1)
Bitfield Move
141(4)
Sign- and Zero-Extend Operations
145(5)
Bitfield Extract and Insert
150(3)
Logical Operations
153(6)
Bitwise AND
153(1)
The TST Instruction
154(1)
Bitwise Bit Clear
155(1)
Bitwise OR
155(1)
Bitwise OR NOT
156(2)
Bitwise Exclusive OR
158(1)
The TEQ instruction
158(1)
Exclusive OR NOT
159(1)
Arithmetic Operations
159(6)
Addition and Subtraction
159(2)
Reverse Subtract
161(1)
Compare
162(1)
CMP Instruction Operation Behavior
163(2)
Multiplication Operations
165(21)
Multiplications on A64
166(1)
Multiplications on A32/T32
167(2)
Least Significant Word Multiplications
169(2)
Most Significant Word Multiplications
171(2)
Halfword Multiplications
173(3)
Vector (Dual) Multiplications
176(3)
Long (64-Bit) Multiplications
179(7)
Division Operations
186(1)
Move Operations
187(8)
Move Constant Immediate
188(1)
Move Immediate and MOVT on A32/T32
188(1)
Move Immediate, MOVZ, and MOVK on A64
189(1)
Move Register
190(2)
Move with NOT
192(3)
Chapter 6 Memory Access Instructions
195(48)
Instructions Overview
195(2)
Addressing Modes and Offset Forms
197(25)
Offset Addressing
200(1)
Constant Immediate Offset
201(6)
Register Offsets
207(2)
Pre-Indexed Mode
209(1)
Pre-Indexed Mode Example
210(2)
Post-Indexed Addressing
212(1)
Post-Indexed Addressing Example
213(1)
Literal (PC-Relative) Addressing
214(1)
Loading Constants
215(3)
Loading an Address into a Register
218(4)
Load and Store Instructions
222(21)
Load and Store Word or Doubleword
222(2)
Load and Store Halfword or Byte
224(2)
Example Using Load and Store
226(2)
Load and Store Multiple (A32)
228(7)
Example for STM and LDM
235(2)
A More Complicated Example Using STM and LDM
237(1)
Load and Store Pair (A64)
238(5)
Chapter 7 Conditional Execution
243(32)
Conditional Execution Overview
243(1)
Conditional Codes
244(5)
The NZCV Condition Flags
245(1)
Signed vs. Unsigned Integer Overflows
246(2)
Condition Codes
248(1)
Conditional Instructions
249(3)
The If-Then (IT) Instruction in Thumb
250(2)
Flag-Setting Instructions
252(13)
The Instruction "S" Suffix
253(1)
The S Suffix on Add and Subtract Instructions
253(3)
The S Suffix on Logical Shift Instructions
256(1)
The S Suffix on Multiply Instructions
257(1)
The S Suffix on Other Instructions
257(1)
Test and Comparison Instructions
257(1)
Compare (CMP)
258(2)
Compare Negative (CMN)
260(1)
Test Bits (TST)
261(3)
Test Equality (TEQ)
264(1)
Conditional Select Instructions
265(3)
Conditional Comparison Instructions
268(7)
Boolean AND Conditionals Using CCMP
269(3)
Boolean OR Conditionals Using CCMP
272(3)
Chapter 8 Control Flow
275(30)
Branch Instructions
275(15)
Conditional Branches and Loops
277(4)
Test and Compare Branches
281(1)
Table Branches (132)
282(2)
Branch and Exchange
284(4)
Subroutine Branches
288(2)
Functions and Subroutines "*
290(15)
The Procedure Call Standard
291(2)
Volatile vs. Nonvolatile Registers
293(1)
Arguments and Return Values
293(2)
Passing Larger Values
295(3)
Leaf and Nonleaf Functions
298(1)
Leaf Functions
298(1)
Nonleaf Functions
299(1)
Prologue and Epilogue
299(6)
Part II Reverse Engineering
305(132)
Chapter 9 Arm Environments
307(14)
Arm Boards
308(2)
Emulation with QEMU
310(11)
QEMU User-Mode Emulation
310(4)
QEMU Full-System Emulation
314(1)
Firmware Emulation
315(6)
Chapter 10 Static Analysis
321(42)
Static Analysis Tools
322(6)
Command-Line Tools
322(1)
Disassemblers and Decompilers
322(1)
Binary Ninja Cloud
323(5)
Call-By-Reference Example
328(6)
Control Flow Analysis
334(15)
Main Function
336(1)
Subroutine
336(5)
Converting to char
341(2)
If Statement
343(2)
Quotient Division
345(2)
For Loop
347(2)
Analyzing an Algorithm
349(14)
Chapter 11 Dynamic Analysis
363(42)
Command-Line Debugging
364(21)
GDB Commands
365(1)
GDB Multiuser
366(2)
GDB Extension: GEF
368(1)
Installation
369(1)
Interface
370(1)
Useful GEF Commands
370(4)
Examine Memory
374(2)
Watch Memory Regions
376(1)
Vulnerability Analyzers
377(2)
checksec
379(2)
Radare2
381(1)
Debugging
382(3)
Remote Debugging
385(5)
Radare2
386(2)
IDA Pro
388(2)
Debugging a Memory Corruption
390(8)
Debugging a Process with GDB
398(7)
Chapter 12 Reversing arm64 macOS Mai ware
405(32)
Background
406(7)
macOS arm64 Binaries
407(3)
macOS Hello World (arm64)
410(3)
Hunting for Malicious arm64 Binaries
413(6)
Analyzing arm64 Malware
419(16)
Anti-Analysis Techniques
420(1)
Anti-Debugging Logic (via ptrace)
421(4)
Anti-Debugging Logic (via sysctl)
425(4)
Anti-VM Logic (via SIP Status and the Detection of VM Artifacts)
429(6)
Conclusion
435(2)
Index 437
MARIA MARKSTEDTER is the CEO and founder of Azeria Labs, offering high-quality training courses on Arm reverse engineering and exploitation. She has an extensive educational background, holding a Bachelors degree in Corporate Security and a Masters degree in Enterprise Security, and has collaborated with Arm on exploit mitigation research. Marias outstanding contributions to the cybersecurity industry have earned her a place on Forbes 30 under 30 list for technology in Europe (2018) and the title of Forbes Person of the Year in Cybersecurity in 2020.