Muutke küpsiste eelistusi

Practical Reverse Engineering: x86, x64, ARM, Windows Kernel, Reversing Tools, and Obfuscation [Pehme köide]

4.05/5 (285 hinnangut Goodreads-ist)
, , Contributions by ,
  • Formaat: Paperback / softback, 384 pages, kõrgus x laius x paksus: 226x185x23 mm, kaal: 544 g
  • Ilmumisaeg: 11-Apr-2014
  • Kirjastus: John Wiley & Sons Inc
  • ISBN-10: 1118787315
  • ISBN-13: 9781118787311
Teised raamatud teemal:
Practical Reverse Engineering: x86, x64, ARM, Windows Kernel, Reversing Tools, and ObfuscationSuurem pilt
  • Formaat: Paperback / softback, 384 pages, kõrgus x laius x paksus: 226x185x23 mm, kaal: 544 g
  • Ilmumisaeg: 11-Apr-2014
  • Kirjastus: John Wiley & Sons Inc
  • ISBN-10: 1118787315
  • ISBN-13: 9781118787311
Teised raamatud teemal:
Püsilink: https://www.kriso.ee/db/9781118787311.html
Märksõnad:

Analyzing how hacks are done, so as to stop them in the future

Reverse engineering is the process of analyzing hardware or software and understanding it, without having access to the source code or design documents. Hackers are able to reverse engineer systems and exploit what they find with scary results. Now the good guys can use the same tools to thwart these threats. Practical Reverse Engineering goes under the hood of reverse engineering for security analysts, security engineers, and system programmers, so they can learn how to use these same processes to stop hackers in their tracks.

The book covers x86, x64, and ARM (the first book to cover all three); Windows kernel-mode code rootkits and drivers; virtual machine protection techniques; and much more. Best of all, it offers a systematic approach to the material, with plenty of hands-on exercises and real-world examples.

  • Offers a systematic approach to understanding reverse engineering, with hands-on exercises and real-world examples
  • Covers x86, x64, and advanced RISC machine (ARM) architectures as well as deobfuscation and virtual machine protection techniques
  • Provides special coverage of Windows kernel-mode code (rootkits/drivers), a topic not often covered elsewhere, and explains how to analyze drivers step by step
  • Demystifies topics that have a steep learning curve
  • Includes a bonus chapter on reverse engineering tools

Practical Reverse Engineering: Using x86, x64, ARM, Windows Kernel, and Reversing Tools provides crucial, up-to-date guidance for a broad range of IT professionals.

Introduction xxiii
Chapter 1 x86 and x64
1(38)
Register Set and Data Types
2(1)
Instruction Set
3(8)
Syntax
4(1)
Data Movement
5(6)
Exercise
11(6)
Arithmetic Operations
11(2)
Stack Operations and Function Invocation
13(4)
Exercises
17(8)
Control Flow
17(8)
System Mechanism
25(3)
Address Translation
26(1)
Interrupts and Exceptions
27(1)
Walk-Through
28(7)
Exercises
35(1)
x64
36(2)
Register Set and Data Types
36(1)
Data Movement
36(1)
Canonical Address
37(1)
Function Invocation
37(1)
Exercises
38(1)
Chapter 2 ARM
39(48)
Basic Features
40(3)
Data Types and Registers
43(2)
System-Level Controls and Settings
45(1)
Introduction to the Instruction Set
46(1)
Loading and Storing Data
47(10)
LDR and STR
47(4)
Other Usage for LDR
51(1)
LDM and STM
52(4)
PUSH and POP
56(1)
Functions and Function Invocation
57(3)
Arithmetic Operations
60(1)
Branching and Conditional Execution
61(6)
Thumb State
64(1)
Switch-Case
65(2)
Miscellaneous
67(4)
Just-in-Time and Self-Modifying Code
67(1)
Synchronization Primitives
67(1)
System Services and Mechanisms
68(2)
Instructions
70(1)
Walk-Through
71(6)
Next Steps
77(1)
Exercises
78(9)
Chapter 3 The Windows Kernel
87(100)
Windows Fundamentals
88(23)
Memory Layout
88(1)
Processor Initialization
89(3)
System Calls
92(12)
Interrupt Request Level
104(2)
Pool Memory
106(1)
Memory Descriptor Lists
106(1)
Processes and Threads
107(2)
Execution Context
109(1)
Kernel Synchronization Primitives
110(1)
Lists
111(17)
Implementation Details
112(7)
Walk-Through
119(4)
Exercises
123(5)
Asynchronous and Ad-Hoc Execution
128(16)
System Threads
128(1)
Work Items
129(2)
Asynchronous Procedure Calls
131(4)
Deferred Procedure Calls
135(5)
Timers
140(2)
Process and Thread Callbacks
142(1)
Completion Routines
143(1)
I/O Request Packets
144(2)
Structure of a Driver
146(9)
Entry Points
147(2)
Driver and Device Objects
149(1)
IRP Handling
150(1)
A Common Mechanism for User-Kernel Communication
150(3)
Miscellaneous System Mechanisms
153(2)
Walk-Throughs
155(23)
An x86 Rootkit
156(16)
An x64 Rootkit
172(6)
Next Steps
178(2)
Exercises
180(7)
Building Confidence and Solidifying Your Knowledge
180(2)
Investigating and Extending Your Knowledge
182(2)
Analysis of Real-Life Drivers
184(3)
Chapter 4 Debugging and Automation
187(80)
The Debugging Tools and Basic Commands
188(28)
Setting the Symbol Path
189(1)
Debugger Windows
189(1)
Evaluating Expressions
190(4)
Process Control and Debut Events
194(4)
Registers, Memory, and Symbols
198(10)
Breakpoints
208(3)
Inspecting Processes and Modules
211(3)
Miscellaneous Commands
214(2)
Scripting with the Debugging Tools
216(41)
Pseudo-Registers
216(3)
Aliases
219(7)
Language
226(14)
Script Files
240(4)
Using Scripts Like Functions
244(5)
Example Debug Scripts
249(8)
Using the SDK
257(7)
Concepts
258(4)
Writing Debugging Tools Extensions
262(2)
Useful Extensions, Tools, and Resources
264(3)
Chapter 5 Obfuscation
267(74)
A Survey of Obfuscation Techniques
269(20)
The Nature of Obfuscation: A Motivating Example
269(4)
Data-Based Obfuscations
273(5)
Control-Based Obfuscation
278(6)
Simultaneous Control-Flow and Data-Flow Obfuscation
284(4)
Achieving Security by Obscurity
288(1)
A Survey of Deobfuscation Techniques
289(39)
The Nature of Deobfuscation: Transformation Inversion
289(6)
Deobfuscation Tools
295(17)
Practical Deobfuscation
312(16)
Case Study
328(8)
First Impressions
328(2)
Analyzing Handlers Semantics
330(3)
Symbolic Execution
333(1)
Solving the Challenge
334(2)
Final Thoughts
336(1)
Exercises
336(5)
Appendix Sample Names and Corresponding SHA1 Hashes 341(2)
Index 343
Bruce Dang is a senior security development engineering lead at Microsoft focusing on Windows kernel and reverse engineering. Alexandre Gazet is a senior security researcher at QuarksLab focusing on reverse engineering and software protection.

Elias Bachaalany is a software security engineer at Microsoft.