60,40 €*
Versandkostenfrei per Post / DHL
Lieferzeit 1-2 Wochen
LEARN THE SCIENCE AND CRAFT OF REVERSE ENGINEERING TO FIGHT HACKERS AND ROOTKITS
Criminals increasingly are using malicious software (exploits, viruses, rootkits, etc.) for fraud, denial-of-service, intrusions, and espionage operations. Reverse engineering is the only method to thoroughly dissect and understand such software. So it is no surprise that reverse engineering is one of the most important subjects in information security. Unfortunately, it is often perceived as a mysterious and complex black art. Although reverse engineering is a difficult subject, the authors believe there is a scientific approach to it. Practical Reverse Engineering aims to demystify the art and systematize the reverse-engineering process for students and professionals.
- Discover a unique, systematic approach to reverse engineering that incorporates hands-on analysis with real-world malware
- Find detailed coverage of the three most popular processor architectures: x86, x64, and ARM
- Use this concise, structured treatment of the Windows kernel and kernel-mode drivers, featuring walk-throughs and exercises with real-world rootkits
- Learn sophisticated code-obfuscation techniques, such as those used in virtual machine protections, and how to deobfuscate them using program-analysis techniques
- Discover advanced debugging techniques to automate and streamline the reverse-engineering process
- Apply newly learned concepts with complete walk-throughs and exercises using real-world malware
LEARN THE SCIENCE AND CRAFT OF REVERSE ENGINEERING TO FIGHT HACKERS AND ROOTKITS
Criminals increasingly are using malicious software (exploits, viruses, rootkits, etc.) for fraud, denial-of-service, intrusions, and espionage operations. Reverse engineering is the only method to thoroughly dissect and understand such software. So it is no surprise that reverse engineering is one of the most important subjects in information security. Unfortunately, it is often perceived as a mysterious and complex black art. Although reverse engineering is a difficult subject, the authors believe there is a scientific approach to it. Practical Reverse Engineering aims to demystify the art and systematize the reverse-engineering process for students and professionals.
- Discover a unique, systematic approach to reverse engineering that incorporates hands-on analysis with real-world malware
- Find detailed coverage of the three most popular processor architectures: x86, x64, and ARM
- Use this concise, structured treatment of the Windows kernel and kernel-mode drivers, featuring walk-throughs and exercises with real-world rootkits
- Learn sophisticated code-obfuscation techniques, such as those used in virtual machine protections, and how to deobfuscate them using program-analysis techniques
- Discover advanced debugging techniques to automate and streamline the reverse-engineering process
- Apply newly learned concepts with complete walk-throughs and exercises using real-world malware
Alexandre Gazet is a senior security researcher at QuarksLab focusing on reverse engineering and software protection.
Elias Bachaalany is a software security engineer at Microsoft.
Introduction xxiii
Chapter 1 x86 and x64 1
Register Set and Data Types 2
Instruction Set 3
Syntax 4
Data Movement 5
Exercise 11
Arithmetic Operations 11
Stack Operations and Function Invocation 13
Exercises 17
Control Flow 17
System Mechanism 25
Address Translation 26
Interrupts and Exceptions 27
Walk-Through 28
Exercises 35
x64 36
Register Set and Data Types 36
Data Movement 36
Canonical Address 37
Function Invocation 37
Exercises 38
Chapter 2 ARM 39
Basic Features 40
Data Types and Registers 43
System-Level Controls and Settings 45
Introduction to the Instruction Set 46
Loading and Storing Data 47
LDR and STR 47
Other Usage for LDR 51
LDM and STM 52
PUSH and POP 56
Functions and Function Invocation 57
Arithmetic Operations 60
Branching and Conditional Execution 61
Thumb State 64
Switch-Case 65
Miscellaneous 67
Just-in-Time and Self-Modifying Code 67
Synchronization Primitives 67
System Services and Mechanisms 68
Instructions 70
Walk-Through 71
Next Steps 77
Exercises 78
Chapter 3 The Windows Kernel 87
Windows Fundamentals 88
Memory Layout 88
Processor Initialization 89
System Calls 92
Interrupt Request Level 104
Pool Memory 106
Memory Descriptor Lists 106
Processes and Threads 107
Execution Context 109
Kernel Synchronization Primitives 110
Lists 111
Implementation Details 112
Walk-Through 119
Exercises 123
Asynchronous and Ad-Hoc Execution 128
System Threads 128
Work Items 129
Asynchronous Procedure Calls 131
Deferred Procedure Calls 135
Timers 140
Process and Thread Callbacks 142
Completion Routines 143
I/O Request Packets 144
Structure of a Driver 146
Entry Points 147
Driver and Device Objects 149
IRP Handling 150
A Common Mechanism for User-Kernel Communication 150
Miscellaneous System Mechanisms 153
Walk-Throughs 155
An x86 Rootkit 156
An x64 Rootkit 172
Next Steps 178
Exercises 180
Building Confidence and Solidifying Your Knowledge 180
Investigating and Extending Your Knowledge 182
Analysis of Real-Life Drivers 184
Chapter 4 Debugging and Automation 187
The Debugging Tools and Basic Commands 188
Setting the Symbol Path 189
Debugger Windows 189
Evaluating Expressions 190
Process Control and Debut Events 194
Registers, Memory, and Symbols 198
Breakpoints 208
Inspecting Processes and Modules 211
Miscellaneous Commands 214
Scripting with the Debugging Tools 216
Pseudo-Registers 216
Aliases 219
Language 226
Script Files 240
Using Scripts Like Functions 244
Example Debug Scripts 249
Using the SDK 257
Concepts 258
Writing Debugging Tools Extensions 262
Useful Extensions, Tools, and Resources 264
Chapter 5 Obfuscation 267
A Survey of Obfuscation Techniques 269
The Nature of Obfuscation: A Motivating Example 269
Data-Based Obfuscations 273
Control-Based Obfuscation 278
Simultaneous Control-Flow and Data-Flow Obfuscation 284
Achieving Security by Obscurity 288
A Survey of Deobfuscation Techniques 289
The Nature of Deobfuscation: Transformation Inversion 289
Deobfuscation Tools 295
Practical Deobfuscation 312
Case Study 328
First Impressions 328
Analyzing Handlers Semantics 330
Symbolic Execution 333
Solving the Challenge 334
Final Thoughts 336
Exercises 336
Appendix Sample Names and Corresponding SHA1 Hashes 341
Index 343
| Erscheinungsjahr: | 2014 |
|---|---|
| Fachbereich: | Datenkommunikation, Netze & Mailboxen |
| Genre: | Importe, Informatik |
| Rubrik: | Naturwissenschaften & Technik |
| Medium: | Taschenbuch |
| Inhalt: | Introduction xxiiiChapter 1 x86 and x64 1Register Set and Data Types 2Instruction Set 3Syntax 4Data Movement 5Exercise 11Arithmetic Operations 11Stack Operations and Function Invocation 13Exercises 17Control Flow 17System Mechanism 25Address Translation |
| ISBN-13: | 9781118787311 |
| ISBN-10: | 1118787315 |
| Sprache: | Englisch |
| Einband: | Kartoniert / Broschiert |
| Autor: |
Dang, Bruce
Gazet, Alexandre Bachaalany, Elias |
| Hersteller: |
Wiley
John Wiley & Sons |
| Verantwortliche Person für die EU: | Libri GmbH, Europaallee 1, D-36244 Bad Hersfeld, gpsr@libri.de |
| Maße: | 233 x 187 x 22 mm |
| Von/Mit: | Bruce Dang (u. a.) |
| Erscheinungsdatum: | 17.02.2014 |
| Gewicht: | 0,65 kg |
Alexandre Gazet is a senior security researcher at QuarksLab focusing on reverse engineering and software protection.
Elias Bachaalany is a software security engineer at Microsoft.
Introduction xxiii
Chapter 1 x86 and x64 1
Register Set and Data Types 2
Instruction Set 3
Syntax 4
Data Movement 5
Exercise 11
Arithmetic Operations 11
Stack Operations and Function Invocation 13
Exercises 17
Control Flow 17
System Mechanism 25
Address Translation 26
Interrupts and Exceptions 27
Walk-Through 28
Exercises 35
x64 36
Register Set and Data Types 36
Data Movement 36
Canonical Address 37
Function Invocation 37
Exercises 38
Chapter 2 ARM 39
Basic Features 40
Data Types and Registers 43
System-Level Controls and Settings 45
Introduction to the Instruction Set 46
Loading and Storing Data 47
LDR and STR 47
Other Usage for LDR 51
LDM and STM 52
PUSH and POP 56
Functions and Function Invocation 57
Arithmetic Operations 60
Branching and Conditional Execution 61
Thumb State 64
Switch-Case 65
Miscellaneous 67
Just-in-Time and Self-Modifying Code 67
Synchronization Primitives 67
System Services and Mechanisms 68
Instructions 70
Walk-Through 71
Next Steps 77
Exercises 78
Chapter 3 The Windows Kernel 87
Windows Fundamentals 88
Memory Layout 88
Processor Initialization 89
System Calls 92
Interrupt Request Level 104
Pool Memory 106
Memory Descriptor Lists 106
Processes and Threads 107
Execution Context 109
Kernel Synchronization Primitives 110
Lists 111
Implementation Details 112
Walk-Through 119
Exercises 123
Asynchronous and Ad-Hoc Execution 128
System Threads 128
Work Items 129
Asynchronous Procedure Calls 131
Deferred Procedure Calls 135
Timers 140
Process and Thread Callbacks 142
Completion Routines 143
I/O Request Packets 144
Structure of a Driver 146
Entry Points 147
Driver and Device Objects 149
IRP Handling 150
A Common Mechanism for User-Kernel Communication 150
Miscellaneous System Mechanisms 153
Walk-Throughs 155
An x86 Rootkit 156
An x64 Rootkit 172
Next Steps 178
Exercises 180
Building Confidence and Solidifying Your Knowledge 180
Investigating and Extending Your Knowledge 182
Analysis of Real-Life Drivers 184
Chapter 4 Debugging and Automation 187
The Debugging Tools and Basic Commands 188
Setting the Symbol Path 189
Debugger Windows 189
Evaluating Expressions 190
Process Control and Debut Events 194
Registers, Memory, and Symbols 198
Breakpoints 208
Inspecting Processes and Modules 211
Miscellaneous Commands 214
Scripting with the Debugging Tools 216
Pseudo-Registers 216
Aliases 219
Language 226
Script Files 240
Using Scripts Like Functions 244
Example Debug Scripts 249
Using the SDK 257
Concepts 258
Writing Debugging Tools Extensions 262
Useful Extensions, Tools, and Resources 264
Chapter 5 Obfuscation 267
A Survey of Obfuscation Techniques 269
The Nature of Obfuscation: A Motivating Example 269
Data-Based Obfuscations 273
Control-Based Obfuscation 278
Simultaneous Control-Flow and Data-Flow Obfuscation 284
Achieving Security by Obscurity 288
A Survey of Deobfuscation Techniques 289
The Nature of Deobfuscation: Transformation Inversion 289
Deobfuscation Tools 295
Practical Deobfuscation 312
Case Study 328
First Impressions 328
Analyzing Handlers Semantics 330
Symbolic Execution 333
Solving the Challenge 334
Final Thoughts 336
Exercises 336
Appendix Sample Names and Corresponding SHA1 Hashes 341
Index 343
| Erscheinungsjahr: | 2014 |
|---|---|
| Fachbereich: | Datenkommunikation, Netze & Mailboxen |
| Genre: | Importe, Informatik |
| Rubrik: | Naturwissenschaften & Technik |
| Medium: | Taschenbuch |
| Inhalt: | Introduction xxiiiChapter 1 x86 and x64 1Register Set and Data Types 2Instruction Set 3Syntax 4Data Movement 5Exercise 11Arithmetic Operations 11Stack Operations and Function Invocation 13Exercises 17Control Flow 17System Mechanism 25Address Translation |
| ISBN-13: | 9781118787311 |
| ISBN-10: | 1118787315 |
| Sprache: | Englisch |
| Einband: | Kartoniert / Broschiert |
| Autor: |
Dang, Bruce
Gazet, Alexandre Bachaalany, Elias |
| Hersteller: |
Wiley
John Wiley & Sons |
| Verantwortliche Person für die EU: | Libri GmbH, Europaallee 1, D-36244 Bad Hersfeld, gpsr@libri.de |
| Maße: | 233 x 187 x 22 mm |
| Von/Mit: | Bruce Dang (u. a.) |
| Erscheinungsdatum: | 17.02.2014 |
| Gewicht: | 0,65 kg |
Ähnliche Produkte
Lieferzeit 1-2 Wochen
Lieferzeit 1-2 Werktage
Lieferzeit 1-2 Werktage
Lieferzeit 1-2 Wochen
Lieferzeit 1-2 Werktage
Lieferzeit 1-2 Werktage
Lieferzeit 1-2 Wochen