Author Dang, Bruce
Title Practical Reverse Engineering : X86, X64, ARM, Windows Kernel, Reversing Tools, and Obfuscation
Imprint New York : John Wiley & Sons, Incorporated, 2014
©2014
book jacket
Edition 1st ed
Descript 1 online resource (384 pages)
text txt rdacontent
computer c rdamedia
online resource cr rdacarrier
Note Cover -- Title Page -- Copyright -- About the Authors -- About the Technical Editor -- Credits -- Acknowledgments -- Contents -- Chapter 1 x86 and x64 -- Register Set and Data Types -- Instruction Set -- Syntax -- Data Movement -- Exercise -- Arithmetic Operations -- Stack Operations and Function Invocation -- Exercises -- Control Flow -- System Mechanism -- Address Translation -- Interrupts and Exceptions -- Walk-Through -- Exercises -- x64 -- Register Set and Data Types -- Data Movement -- Canonical Address -- Function Invocation -- Exercises -- Chapter 2 ARM -- Basic Features -- Data Types and Registers -- System-Level Controls and Settings -- Introduction to the Instruction Set -- Loading and Storing Data -- LDR and STR -- Other Usage for LDR -- LDM and STM -- PUSH and POP -- Functions and Function Invocation -- Arithmetic Operations -- Branching and Conditional Execution -- Thumb State -- Switch-Case -- Miscellaneous -- Just-in-Time and Self-Modifying Code -- Synchronization Primitives -- System Services and Mechanisms -- Instructions -- Walk-Through -- Next Steps -- Exercises -- Chapter 3 The Windows Kernel -- Windows Fundamentals -- Memory Layout -- Processor Initialization -- System Calls -- Interrupt Request Level -- Pool Memory -- Memory Descriptor Lists -- Processes and Threads -- Execution Context -- Kernel Synchronization Primitives -- Lists -- Implementation Details -- Walk-Through -- Exercises -- Asynchronous and Ad-Hoc Execution -- System Threads -- Work Items -- Asynchronous Procedure Calls -- Deferred Procedure Calls -- Timers -- Process and Thread Callbacks -- Completion Routines -- I/O Request Packets -- Structure of a Driver -- Entry Points -- Driver and Device Objects -- IRP Handling -- A Common Mechanism for User-Kernel Communication -- Miscellaneous System Mechanisms -- Walk-Throughs -- An x86 Rootkit -- An x64 Rootkit
Next Steps -- Exercises -- Building Confidence and Solidifying Your Knowledge -- Investigating and Extending Your Knowledge -- Analysis of Real-Life Drivers -- Chapter 4 Debugging and Automation -- The Debugging Tools and Basic Commands -- Setting the Symbol Path -- Debugger Windows -- Evaluating Expressions -- Process Control and Debut Events -- Registers, Memory, and Symbols -- Breakpoints -- Inspecting Processes and Modules -- Miscellaneous Commands -- Scripting with the Debugging Tools -- Pseudo-Registers -- Aliases -- Language -- Script Files -- Using Scripts Like Functions -- Example Debug Scripts -- Using the SDK -- Concepts -- Writing Debugging Tools Extensions -- Useful Extensions, Tools, and Resources -- Chapter 5 Obfuscation -- A Survey of Obfuscation Techniques -- The Nature of Obfuscation: A Motivating Example -- Data-Based Obfuscations -- Control-Based Obfuscation -- Simultaneous Control-Flow and Data-Flow Obfuscation -- Achieving Security by Obscurity -- A Survey of Deobfuscation Techniques -- The Nature of Deobfuscation: Transformation Inversion -- Deobfuscation Tools -- Practical Deobfuscation -- Case Study -- First Impressions -- Analyzing Handlers Semantics -- Symbolic Execution -- Solving the Challenge -- Final Thoughts -- Exercises -- Appendix Sample Names and Corresponding SHA1 Hashes -- Index -- EULA
Analyzing how hacks are done, so as to stop them in the future Reverse engineering is the process of analyzing hardware or software and understanding it, without having access to the source code or design documents. Hackers are able to reverse engineer systems and exploit what they find with scary results. Now the good guys can use the same tools to thwart these threats. Practical Reverse Engineering goes under the hood of reverse engineering for security analysts, security engineers, and system programmers, so they can learn how to use these same processes to stop hackers in their tracks. The book covers x86, x64, and ARM (the first book to cover all three); Windows kernel-mode code rootkits and drivers; virtual machine protection techniques; and much more. Best of all, it offers a systematic approach to the material, with plenty of hands-on exercises and real-world examples. Offers a systematic approach to understanding reverse engineering, with hands-on exercises and real-world examples Covers x86, x64, and advanced RISC machine (ARM) architectures as well as deobfuscation and virtual machine protection techniques Provides special coverage of Windows kernel-mode code (rootkits/drivers), a topic not often covered elsewhere, and explains how to analyze drivers step by step Demystifies topics that have a steep learning curve Includes a bonus chapter on reverse engineering tools Practical Reverse Engineering: Using x86, x64, ARM, Windows Kernel, and Reversing Tools provides crucial, up-to-date guidance for a broad range of IT professionals
Description based on publisher supplied metadata and other sources
Electronic reproduction. Ann Arbor, Michigan : ProQuest Ebook Central, 2020. Available via World Wide Web. Access may be limited to ProQuest Ebook Central affiliated libraries
Link Print version: Dang, Bruce Practical Reverse Engineering : X86, X64, ARM, Windows Kernel, Reversing Tools, and Obfuscation New York : John Wiley & Sons, Incorporated,c2014 9781118787311
Subject Reverse engineering
Electronic books
Alt Author Gazet, Alexandre
Bachaalany, Elias
Josse, Sébastien
Josse, Sebastien