會員

Learning Linux Binary Analysis

更新時間：2021-07-16 12:57:10

開會員，本書免費讀 >

IfyouareasoftwareengineerorreverseengineerandwanttolearnmoreaboutLinuxbinaryanalysis,thisbookwillprovideyouwithallyouneedtoimplementsolutionsforbinaryanalysisinareasofsecurity,forensics,andantivirus.Thisbookisgreatforbothsecurityenthusiastsandsystemlevelengineers.SomeexperiencewiththeCprogramminglanguageandtheLinuxcommandlineisassumed.

目錄(103章)

倒序

封面
版權信息
Credits
About the Author
Acknowledgments
About the Reviewers
www.PacktPub.com
Preface
Chapter 1. The Linux Environment and Its Tools
Linux tools
Useful devices and files
Linker-related environment points
Summary
Chapter 2. The ELF Binary Format
ELF file types
ELF program headers
ELF section headers
ELF symbols
ELF relocations
ELF dynamic linking
Coding an ELF Parser
Summary
Chapter 3. Linux Process Tracing
The importance of ptrace
ptrace requests
The process register state and flags
A simple ptrace-based debugger
A simple ptrace debugger with process attach capabilities
Advanced function-tracing software
ptrace and forensic analysis
Process image reconstruction – from the memory to the executable
Code injection with ptrace
Simple examples aren't always so trivial
Demonstrating the code_inject tool
A ptrace anti-debugging trick
Summary
Chapter 4. ELF Virus Technology – Linux/Unix Viruses
ELF virus technology
ELF virus engineering challenges
ELF virus parasite infection methods
The PT_NOTE to PT_LOAD conversion infection method
Infecting control flow
Process memory viruses and rootkits – remote code injection techniques
ELF anti-debugging and packing techniques
ELF virus detection and disinfection
Summary
Chapter 5. Linux Binary Protection
ELF binary packers – dumb protectors
Stub mechanics and the userland exec
Other jobs performed by protector stubs
Existing ELF binary protectors
Downloading Maya-protected binaries
Anti-debugging for binary protection
Resistance to emulation
Obfuscation methods
Protecting control flow integrity
Other resources
Summary
Chapter 6. ELF Binary Forensics in Linux
The science of detecting entry point modification
Detecting other forms of control flow hijacking
Identifying parasite code characteristics
Checking the dynamic segment for DLL injection traces
Identifying reverse text padding infections
Identifying text segment padding infections
Identifying protected binaries
IDA Pro
Summary
Chapter 7. Process Memory Forensics
What does a process look like?
Process memory infection
Detecting the ET_DYN injection
Linux ELF core files
Summary
Chapter 8. ECFS – Extended Core File Snapshot Technology
History
The ECFS philosophy
Getting started with ECFS
libecfs – a library for parsing ECFS files
readecfs
Examining an infected process using ECFS
The ECFS reference guide
Process necromancy with ECFS
Learning more about ECFS
Summary
Chapter 9. Linux /proc/kcore Analysis
Linux kernel forensics and rootkits
stock vmlinux has no symbols
/proc/kcore and GDB exploration
Direct sys_call_table modifications
Kprobe rootkits
Debug register rootkits – DRR
VFS layer rootkits
Other kernel infection techniques
vmlinux and .altinstructions patching
Using taskverse to see hidden processes
Infected LKMs – kernel drivers
Notes on /dev/kmem and /dev/mem
/dev/mem
K-ecfs – kernel ECFS
Kernel hacking goodies
Summary
Index 更新時間：2021-07-16 12:57:10

官术网_书友最值得收藏!

Learning Linux Binary Analysis