舉報 
會員
Mastering Reverse Engineering
Ifyouwanttoanalyzesoftwareinordertoexploititsweaknessesandstrengthenitsdefenses,thenyoushouldexplorereverseengineering.ReverseEngineeringisahackerfriendlytoolusedtoexposesecurityflawsandquestionableprivacypractices.Inthisbook,youwilllearnhowtoanalysesoftwareevenwithouthavingaccesstoitssourcecodeordesigndocuments.Youwillstartoffbylearningthelow-levellanguageusedtocommunicatewiththecomputerandthenmoveontocoveringreverseengineeringtechniques.Next,youwillexploreanalysistechniquesusingreal-worldtoolssuchasIDAProandx86dbg.Asyouprogressthroughthechapters,youwillwalkthroughusecasesencounteredinreverseengineering,suchasencryptionandcompression,usedtoobfuscatecode,andhowtotoidentifyandovercomeanti-debuggingandanti-analysistricks.Lastly,youwilllearnhowtoanalyseothertypesoffilesthatcontaincode.Bytheendofthisbook,youwillhavetheconfidencetoperformreverseengineering.
最新章節
- Leave a review - let other readers know what you think
- Other Books You May Enjoy
- Further reading
- Summary
- JPEXS SWF decompiler
- XXXSWF
品牌:中圖公司
上架時間:2021-06-10 18:27:22
出版社:Packt Publishing
本書數字版權由中圖公司提供,并由其授權上海閱文信息技術有限公司制作發行
- Leave a review - let other readers know what you think 更新時間:2021-06-10 19:41:16
- Other Books You May Enjoy
- Further reading
- Summary
- JPEXS SWF decompiler
- XXXSWF
- Flare
- FLASM
- SWFTools
- SWF file analysis
- PDF file analysis
- MS Office macro analysis
- Analysis of HTML scripts
- Reversing Various File Types
- Further Reading
- Summary
- Analysis summary
- The unknown image
- Debugging
- Deadlisting
- Initial file information
- Initial static analysis
- Things to prepare
- Practical Reverse Engineering of a Windows Executable
- Summary
- Anti-dumping tricks
- Anti-emulation tricks
- CPUID results
- VM devices
- Registry entries made by VMs
- Default MAC address
- Existence of VM files and directories
- VM running process names
- Anti-VM tricks
- A typical SEH setup
- Causing exceptions
- Passing code execution via SEH
- Timing tricks
- Debugger information from NtQueryInformationProcess
- Debug flags in the PEB
- IsDebuggerPresent
- Anti-debugging tricks
- Anti-analysis Tricks
- Summary
- Other file-types
- How about an executable in its unpacked state?
- Extracting the process to a file using Volatility
- Memory dumping with VirtualBox
- Dumping processes from memory
- Debugging though the packer
- The UPX tool
- Unpacking
- SFX Self-extracting archives
- Protectors
- Obfuscators
- Crypters
- Packers or compressors
- Packers crypters obfuscators protectors and SFX
- A quick review on how native executables are loaded by the OS
- Packing and Encryption
- Summary
- Use of PEB information
- Dynamic library loading
- Code obfuscation with a metamorphic engine
- Garbage code insertion
- Control flow flattening obfuscation
- Other obfuscation techniques
- Decrypting with x86dbg
- Assembly of data in other memory regions
- Simple XOR decryption
- Simple arithmetic
- Loop codes
- Encrypted data identification
- Code assembly
- Data assembly on the stack
- Binary Obfuscation Techniques
- Further Reading
- Summary
- MBR debugging with Bochs
- Linux ARM guest in QEMU
- Analysis in unfamiliar environments
- Emulators
- Emulation of Windows and Linux under an x86 host
- Emulation
- Sandboxing - Virtualization as a Component for RE
- Further reading
- Summary
- Decompilers
- Dynamic analysis with debugging
- Deadlisting
- A quick run
- Static analysis
- What is the password?
- The server
- Encrypting and decrypting a file
- processlist
- regenum
- Keylogger
- Learning about the APIs
- Hello World
- Technical requirements
- RE for Windows Platforms
- Further reading
- Summary
- Network traffic analysis
- What is the password?
- Hello World in Radare2
- Setup
- A better debugger
- Going further with debugging
- Dynamic analysis
- What have we gathered so far?
- dlroW olleH
- Linux executable – hello world
- Setup
- RE in Linux Platforms
- Summary
- Online service sites
- Automated dynamic analysis
- Software forensic tools
- Automation tools
- Attack tools
- Editing tools
- Network tools
- Decompilers
- Debuggers
- Disassemblers
- Default command-line tools
- Monitoring tools
- Strings
- Hash identifying
- File type information
- Information gathering tools
- Linux
- Windows
- Virtual machines
- Analysis environments
- Tools of the Trade
- References
- Summary
- Try it yourself
- Debugging
- Post-execution differences
- Monitoring system changes
- Network traffic
- Process and thread monitoring
- Memory regions and the mapping of a process
- Dynamic analysis
- ILSpy – C# Decompiler
- Decompilers
- IDA (Interactive Disassembler)
- Deadlisting
- PE executables
- Other information
- MASTIFF
- file
- python-magic
- PEid and TrID
- Extracting useful information from file
- File types and header analysis
- Static analysis
- Assessment and static analysis
- Static and Dynamic Reversing
- Further reading
- Summary
- Debugging
- Short list of common API functions
- Common Windows API libraries
- Calling APIs
- After Hello
- Dissecting the program
- Dealing with common errors when building
- It works!
- Installation of FASM
- Hello World
- x64dbg
- Ollydebug
- WinDbg
- x86 Debuggers
- FASM
- NASM
- MASM
- Popular assemblers
- Tools – builder and debugger
- Stack manipulation
- Control flow
- Bitwise algebra
- Other signed operations
- Multiplication and division instructions
- Increment and decrement instructions
- Addition and subtraction
- Arithmetic operations
- MOV and LEA
- Copying data
- Opcode bytes
- Basic instructions
- Endianness
- Memory addressing
- Registers
- x86
- Signed numbers
- Binary arithmetic
- Converting between bases
- Bases
- Binary numbers
- Technical requirements
- The Low-Level Language
- Further reading
- Summary
- The Process explorer
- Autoruns
- Tools
- Payload – the evil within
- Malware file properties
- Software piracy
- Exploits and compromised websites
- Media storage
- The computer network
- Instant messenger
- Malware delivery
- The Image File Execution Options key
- Startup values
- Load and Run values
- Run keys
- Persistence
- Typical malware behavior
- The registry system
- Memory
- The filesystem
- The operating system environment
- Technical requirements
- Identification and Extraction of Hidden Components
- Summary
- Samples
- Our setup
- Basic analysis lab setup
- Malware handling
- Decompilers
- Monitoring tools
- Debuggers
- Disassemblers
- Binary analysis tools
- Tools
- Reporting
- Low-level analysis
- Dynamic analysis
- Static analysis
- Seeking approval
- Reverse engineering as a process
- Technical requirements
- Reverse engineering
- Preparing to Reverse
- Reviews
- Get in touch
- Conventions used
- Download the color images
- Download the example code files
- To get the most out of this book
- What this book covers
- Who this book is for
- Preface
- Packt is searching for authors like you
- About the reviewers
- About the author
- Contributors
- Packt.com
- Why subscribe?
- Packt Upsell
- Title Page
- coverpage
- coverpage
- Title Page
- Packt Upsell
- Why subscribe?
- Packt.com
- Contributors
- About the author
- About the reviewers
- Packt is searching for authors like you
- Preface
- Who this book is for
- What this book covers
- To get the most out of this book
- Download the example code files
- Download the color images
- Conventions used
- Get in touch
- Reviews
- Preparing to Reverse
- Reverse engineering
- Technical requirements
- Reverse engineering as a process
- Seeking approval
- Static analysis
- Dynamic analysis
- Low-level analysis
- Reporting
- Tools
- Binary analysis tools
- Disassemblers
- Debuggers
- Monitoring tools
- Decompilers
- Malware handling
- Basic analysis lab setup
- Our setup
- Samples
- Summary
- Identification and Extraction of Hidden Components
- Technical requirements
- The operating system environment
- The filesystem
- Memory
- The registry system
- Typical malware behavior
- Persistence
- Run keys
- Load and Run values
- Startup values
- The Image File Execution Options key
- Malware delivery
- Instant messenger
- The computer network
- Media storage
- Exploits and compromised websites
- Software piracy
- Malware file properties
- Payload – the evil within
- Tools
- Autoruns
- The Process explorer
- Summary
- Further reading
- The Low-Level Language
- Technical requirements
- Binary numbers
- Bases
- Converting between bases
- Binary arithmetic
- Signed numbers
- x86
- Registers
- Memory addressing
- Endianness
- Basic instructions
- Opcode bytes
- Copying data
- MOV and LEA
- Arithmetic operations
- Addition and subtraction
- Increment and decrement instructions
- Multiplication and division instructions
- Other signed operations
- Bitwise algebra
- Control flow
- Stack manipulation
- Tools – builder and debugger
- Popular assemblers
- MASM
- NASM
- FASM
- x86 Debuggers
- WinDbg
- Ollydebug
- x64dbg
- Hello World
- Installation of FASM
- It works!
- Dealing with common errors when building
- Dissecting the program
- After Hello
- Calling APIs
- Common Windows API libraries
- Short list of common API functions
- Debugging
- Summary
- Further reading
- Static and Dynamic Reversing
- Assessment and static analysis
- Static analysis
- File types and header analysis
- Extracting useful information from file
- PEid and TrID
- python-magic
- file
- MASTIFF
- Other information
- PE executables
- Deadlisting
- IDA (Interactive Disassembler)
- Decompilers
- ILSpy – C# Decompiler
- Dynamic analysis
- Memory regions and the mapping of a process
- Process and thread monitoring
- Network traffic
- Monitoring system changes
- Post-execution differences
- Debugging
- Try it yourself
- Summary
- References
- Tools of the Trade
- Analysis environments
- Virtual machines
- Windows
- Linux
- Information gathering tools
- File type information
- Hash identifying
- Strings
- Monitoring tools
- Default command-line tools
- Disassemblers
- Debuggers
- Decompilers
- Network tools
- Editing tools
- Attack tools
- Automation tools
- Software forensic tools
- Automated dynamic analysis
- Online service sites
- Summary
- RE in Linux Platforms
- Setup
- Linux executable – hello world
- dlroW olleH
- What have we gathered so far?
- Dynamic analysis
- Going further with debugging
- A better debugger
- Setup
- Hello World in Radare2
- What is the password?
- Network traffic analysis
- Summary
- Further reading
- RE for Windows Platforms
- Technical requirements
- Hello World
- Learning about the APIs
- Keylogger
- regenum
- processlist
- Encrypting and decrypting a file
- The server
- What is the password?
- Static analysis
- A quick run
- Deadlisting
- Dynamic analysis with debugging
- Decompilers
- Summary
- Further reading
- Sandboxing - Virtualization as a Component for RE
- Emulation
- Emulation of Windows and Linux under an x86 host
- Emulators
- Analysis in unfamiliar environments
- Linux ARM guest in QEMU
- MBR debugging with Bochs
- Summary
- Further Reading
- Binary Obfuscation Techniques
- Data assembly on the stack
- Code assembly
- Encrypted data identification
- Loop codes
- Simple arithmetic
- Simple XOR decryption
- Assembly of data in other memory regions
- Decrypting with x86dbg
- Other obfuscation techniques
- Control flow flattening obfuscation
- Garbage code insertion
- Code obfuscation with a metamorphic engine
- Dynamic library loading
- Use of PEB information
- Summary
- Packing and Encryption
- A quick review on how native executables are loaded by the OS
- Packers crypters obfuscators protectors and SFX
- Packers or compressors
- Crypters
- Obfuscators
- Protectors
- SFX Self-extracting archives
- Unpacking
- The UPX tool
- Debugging though the packer
- Dumping processes from memory
- Memory dumping with VirtualBox
- Extracting the process to a file using Volatility
- How about an executable in its unpacked state?
- Other file-types
- Summary
- Anti-analysis Tricks
- Anti-debugging tricks
- IsDebuggerPresent
- Debug flags in the PEB
- Debugger information from NtQueryInformationProcess
- Timing tricks
- Passing code execution via SEH
- Causing exceptions
- A typical SEH setup
- Anti-VM tricks
- VM running process names
- Existence of VM files and directories
- Default MAC address
- Registry entries made by VMs
- VM devices
- CPUID results
- Anti-emulation tricks
- Anti-dumping tricks
- Summary
- Practical Reverse Engineering of a Windows Executable
- Things to prepare
- Initial static analysis
- Initial file information
- Deadlisting
- Debugging
- The unknown image
- Analysis summary
- Summary
- Further Reading
- Reversing Various File Types
- Analysis of HTML scripts
- MS Office macro analysis
- PDF file analysis
- SWF file analysis
- SWFTools
- FLASM
- Flare
- XXXSWF
- JPEXS SWF decompiler
- Summary
- Further reading
- Other Books You May Enjoy
- Leave a review - let other readers know what you think 更新時間:2021-06-10 19:41:16
