Reversing : Secrets of Reverse Engineering,9780764574818

Reversing : Secrets of Reverse Engineering

by
Edition: 1st
ISBN13: 9780764574818
ISBN10: 0764574817
Format: Paperback
Pub. Date: 2005-04-15
Publisher(s): Wiley
List Price: $47.08

Buy New

Special Order. We will make every effort to obtain this item but cannot guarantee stock or timing.
$44.84
Add to Cart

Rent Book

Select for Price
Add to Cart
There was a problem. Please try again later.

Digital

Rent Digital Options
Online:1825 Days access
Downloadable:Lifetime Access
$31.20
*To support the delivery of the digital material to you, a non-refundable digital delivery fee of $3.99 will be charged on each digital item.
$31.20*
Add to Cart

Used Book

We're Sorry
Sold Out

Buy from our Marketplace starting at $4.75

How Marketplace Works:

  • This item is offered by an independent seller and not shipped from our warehouse
  • Item details like edition and cover design may differ from our description; see seller's comments before ordering.
  • Sellers much confirm and ship within two business days; otherwise, the order will be cancelled and refunded.
  • Marketplace purchases cannot be returned to eCampus.com. Contact the seller directly for inquiries; if no response within two days, contact customer service.
  • Additional shipping costs apply to Marketplace purchases. Review shipping costs at checkout.

Summary

* Offers a primer on advanced reverse-engineering, delving into "disassembly"-code-level reverse engineering-and explaining how to decipher assembly language

Author Biography

Eldad Eilam is a consultant in the field of reverse engineering. He assists clients with operating system and in-depth software reverse engineering, and has devoted several years to developing advanced reverse engineering techniques.

Table of Contents

Foreword vii
Acknowledgments xi
Introduction xxiii
Part I Reversing 101
1(138)
Foundations
3(22)
What Is Reverse Engineering?
3(1)
Software Reverse Engineering: Reversing
4(1)
Reversing Applications
4(5)
Security-Related Reversing
5(1)
Malicious Software
5(1)
Reversing Cryptographic Algorithms
6(1)
Digital Rights Management
7(1)
Auditing Program Binaries
7(1)
Reversing in Software Development
8(1)
Achieving Interoperability with Proprietary Software
8(1)
Developing Competing Software
8(1)
Evaluating Software Quality and Robustness
9(1)
Low-Level Software
9(4)
Assembly Language
10(1)
Compilers
11(1)
Virtual Machines and Bytecodes
12(1)
Operating Systems
13(1)
The Reversing Process
13(1)
System-Level Reversing
14(1)
Code-Level Reversing
14(1)
The Tools
14(3)
System-Monitoring Tools
15(1)
Disassemblers
15(1)
Debuggers
15(1)
Decompilers
16(1)
Is Reversing Legal?
17(6)
Interoperability
17(1)
Competition
18(1)
Copyright Law
19(1)
Trade Secrets and Patents
20(1)
The Digital Millenium Copyright Act
20(2)
DMCA Cases
22(1)
License Agreement Considerations
23(1)
Code Samples & Tools
23(1)
Conclusion
23(2)
Low-Level Software
25(44)
High-Level Perspectives
26(11)
Program Structure
26(2)
Modules
28(1)
Common Code Constructs
28(1)
Data Management
29(1)
Variables
30(1)
User-Defined Data Structures
30(1)
Lists
31(1)
Control Flow
32(1)
High-Level Languages
33(1)
C
34(1)
C++
35(1)
Java
36(1)
C#
36(1)
Low-Level Perspectives
37(7)
Low-Level Data Management
37(2)
Registers
39(1)
The Stack
40(2)
Heaps
42(1)
Executable Data Sections
43(1)
Control Flow
43(1)
Assembly Language 101
44(9)
Registers
44(2)
Flags
46(1)
Instruction Format
47(1)
Basic Instructions
48(1)
Moving Data
49(1)
Arithmetic
49(1)
Comparing Operands
50(1)
Conditional Branches
51(1)
Function Calls
51(1)
Examples
52(1)
A Primer on Compilers and Compilation
53(7)
Defining a Compiler
54(1)
Compiler Architecture
55(1)
Front End
55(1)
Intermediate Representations
55(1)
Optimizer
56(1)
Back End
57(1)
Listing Files
58(1)
Specific Compilers
59(1)
Execution Environments
60(8)
Software Execution Environments (Virtual Machines)
60(1)
Bytecodes
61(1)
Interpreters
61(1)
Just-in-Time Compilers
62(1)
Reversing Strategies
62(1)
Hardware Execution Environments in Modern Processors
63(2)
Intel NetBurst
65(1)
μops (Micro-Ops)
65(1)
Pipelines
65(2)
Branch Prediction
67(1)
Conclusion
68(1)
Windows Fundamentals
69(40)
Components and Basic Architecture
70(1)
Brief History
70(1)
Features
70(1)
Supported Hardware
71(1)
Memory Management
71(9)
Virtual Memory and Paging
72(1)
Paging
73(1)
Page Faults
73(1)
Working Sets
74(1)
Kernel Memory and User Memory
74(1)
The Kernel Memory Space
75(2)
Section Objects
77(1)
VAD Trees
78(1)
User-Mode Allocations
78(1)
Memory Management APIs
79(1)
Objects and Handles
80(3)
Named objects
81(2)
Processes and Threads
83(5)
Processes
84(1)
Threads
84(1)
Context Switching
85(1)
Synchronization Objects
86(1)
Process Initialization Sequence
87(1)
Application Programming Interfaces
88(5)
The Win32 API
88(2)
The Native API
90(1)
System Calling Mechanism
91(2)
Executable Formats
93(10)
Basic Concepts
93(2)
Image Sections
95(1)
Section Alignment
95(1)
Dynamically Linked Libraries
96(1)
Headers
97(2)
Imports and Exports
99(1)
Directories
99(4)
Input and Output
103(2)
The I/O System
103(1)
The Win32 Subsystem
104(1)
Object Management
105(1)
Structured Exception Handling
105(2)
Conclusion
107(2)
Reversing Tools
109(30)
Different Reversing Approaches
110(1)
Offline Code Analysis (Dead-Listing)
110(1)
Live Code Analysis
110(1)
Disassemblers
110(6)
IDA Pro
112(3)
ILDasm
115(1)
Debuggers
116(13)
User-Mode Debuggers
118(1)
OllyDbg
118(1)
User Debugging in WinDbg
119(2)
IDA Pro
121(1)
PEBrowse Professional Interactive
122(1)
Kernel-Mode Debuggers
122(1)
Kernel Debugging in WinDbg
123(1)
Numega SoftICE
124(3)
Kernel Debugging on Virtual Machines
127(2)
Decompilers
129(1)
System-Monitoring Tools
129(2)
Patching Tools
131(2)
Hex Workshop
131(2)
Miscellaneous Reversing Tools
133(5)
Executable-Dumping Tools
133(1)
DUMPBIN
133(4)
PEView
137(1)
PEBrowse Professional
137(1)
Conclusion
138(1)
Part II Applied Reversing
139(168)
Beyond the Documentation
141(58)
Reversing and Interoperability
142(1)
Laying the Ground Rules
142(1)
Locating Undocumented APIs
143(2)
What Are We Looking For?
144(1)
Case Study: The Generic Table API in NTDLL.DLL
145(51)
RtlInitializeGenericTable
146(5)
RtlNumberGenericTableElements
151(1)
RtlIsGenericTableEmpty
152(1)
RtlGetElementGenericTable
153(2)
Setup and Initialization
155(4)
Logic and Structure
159(2)
Search Loop 1
161(2)
Search Loop 2
163(1)
Search Loop 3
164(1)
Search Loop 4
165(1)
Reconstructing the Source Code
165(3)
RtlInsertElementGenericTable
168(2)
RtlLocateNodeGenericTable
170(8)
RtlRealInsertElementWorker
178(9)
Splay Trees
187(1)
RtlLookupElementGenericTable
188(5)
RtlDeleteElementGenericTable
193(1)
Putting the Pieces Together
194(2)
Conclusion
196(3)
Deciphering File Formats
199(44)
Cryptex
200(1)
Using Cryptex
201(1)
Reversing Cryptex
202(5)
The Password Verification Process
207(11)
Catching the ``Bad Password'' Message
207(3)
The Password Transformation Algorithm
210(3)
Hashing the Password
213(5)
The Directory Layout
218(9)
Analyzing the Directory Processing Code
218(5)
Analyzing a File Entry
223(4)
Dumping the Directory Layout
227(1)
The File Extraction Process
228(11)
Scanning the File List
234(1)
Decrypting the File
235(1)
The Floating-Point Sequence
236(2)
The Decryption Loop
238(1)
Verifying the Hash Value
239(1)
The Big Picture
239(2)
Digging Deeper
241(1)
Conclusion
242(1)
Auditing Program Binaries
243(30)
Defining the Problem
243(2)
Vulnerabilities
245(17)
Stack Overflows
245(2)
A Simple Stack Vulnerability
247(2)
Intrinsic Implementations
249(1)
Stack Checking
250(4)
Nonexecutable Memory
254(1)
Heap Overflows
255(1)
String Filters
256(1)
Integer Overflows
256(2)
Arithmetic Operations on User-Supplied Integers
258(2)
Type Conversion Errors
260(2)
Case-Study: The IIS Indexing Service Vulnerability
262(9)
CVariableSet::AddExtensionControlBlock
263(4)
DecodeURLEscapes
267(4)
Conclusion
271(2)
Reversing Malware
273(34)
Types of Malware
274(3)
Viruses
274(1)
Worms
274(1)
Trojan Horses
275(1)
Backdoors
276(1)
Mobile Code
276(1)
Adware/Spyware
276(1)
Sticky Software
277(1)
Future Malware
278(2)
Information-Stealing Worms
278(1)
BIOS/Firmware Malware
279(1)
Uses of Malware
280(1)
Malware Vulnerability
281(1)
Polymorphism
282(1)
Metamorphism
283(2)
Establishing a Secure Environment
285(1)
The Backdoor.Hacarmy.D
285(19)
Unpacking the Executable
286(4)
Initial Impressions
290(1)
The Initial Installation
291(3)
Initializing Communications
294(2)
Connecting to the Server
296(2)
Joining the Channel
298(1)
Communicating with the Backdoor
299(4)
Running SOCKS4 Servers
303(1)
Clearing the Crime Scene
303(1)
The Backdoor.Hacarmy.D: A Command Reference
304(2)
Conclusion
306(1)
Part III Cracking
307(114)
Piracy and Copy Protection
309(18)
Copyrights in the New World
309(1)
The Social Aspect
310(1)
Software Piracy
310(4)
Defining the Problem
311(1)
Class Breaks
312(1)
Requirements
313(1)
The Theoretically Uncrackable Model
314(1)
Types of Protection
314(4)
Media-Based Protections
314(1)
Serial Numbers
315(1)
Challenge Response and Online Activations
315(1)
Hardware-Based Protections
316(1)
Software as a Service
317(1)
Advanced Protection Concepts
318(1)
Crypto-Processors
318(1)
Digital Rights Management
319(2)
DRM Models
320(1)
The Windows Media Rights Manager
321(1)
Secure Audio Path
321(1)
Watermarking
321(1)
Trusted Computing
322(2)
Attacking Copy Protection Technologies
324(1)
Conclusion
324(3)
Antireversing Techniques
327(30)
Why Antireversing?
327(1)
Basic Approaches to Antireversing
328(1)
Eliminating Symbolic Information
329(1)
Code Encryption
330(1)
Active Antidebugger Techniques
331(5)
Debugger Basics
331(1)
The IsDebuggerPresent API
332(1)
SystemKernelDebuggerInformation
333(1)
Detecting SoftICE Using the Single-Step Interrupt
334(1)
The Trap Flag
335(1)
Code Checksums
335(1)
Confusing Disassemblers
336(8)
Linear Sweep Disassemblers
337(1)
Recursive Traversal Disassemblers
338(5)
Applications
343(1)
Code Obfuscation
344(2)
Control Flow Transformations
346(9)
Opaque Predicates
346(2)
Confusing Decompilers
348(1)
Table Interpretation
348(5)
Inlining and Outlining
353(1)
Interleaving Code
354(1)
Ordering Transformations
355(1)
Data Transformations
355(1)
Modifying Variable Encoding
355(1)
Restructuring Arrays
356(1)
Conclusion
356(1)
Breaking Protections
357(64)
Patching
358(6)
Keygenning
364(1)
Ripping Key-Generation Algorithms
365(5)
Advanced Cracking: Defender
370(45)
Reversing Defender's Initialization Routine
377(10)
Analyzing the Decrypted Code
387(9)
SoftICE's Disappearance
396(1)
Reversing the Secondary Thread
396(3)
Defeating the ``Killer'' Thread
399(1)
Loading KERNEL32.DLL
400(1)
Reencrypting the Function
401(1)
Back at the Entry Point
402(2)
Parsing the Program Parameters
404(2)
Processing the Username
406(1)
Validating User Information
407(2)
Unlocking the Code
409(1)
Brute-Forcing Your Way through Defender
409(6)
Protection Technologies in Defender
415(4)
Localized Function-Level Encryption
415(1)
Relatively Strong Cipher Block Chaining
415(1)
Reencrypting
416(1)
Obfuscated Application/Operating System Interface
416(1)
Processor Time-Stamp Verification Thread
417(1)
Runtime Generation of Decryption Keys
418(1)
Interdependent Keys
418(1)
User-Input-Based Decryption Keys
419(1)
Heavy Inlining
419(1)
Conclusion
419(2)
Part IV Beyond Disassembly
421(58)
Reversing .NET
423(34)
Ground Rules
424(2)
.NET Basics
426(3)
Managed Code
426(2)
.NET Programming Languages
428(1)
Common Type System (CTS)
428(1)
Intermediate Language (IL)
429(14)
The Evaluation Stack
430(1)
Activation Records
430(1)
IL Instructions
430(3)
IL Code Samples
433(1)
Counting Items
433(3)
A Linked List Sample
436(7)
Decompilers
443(1)
Obfuscators
444(1)
Renaming Symbols
444(1)
Control Flow Obfuscation
444(1)
Breaking Decompilation and Disassembly
444(1)
Reversing Obfuscated Code
445(10)
XenoCode Obfuscator
446(2)
DotFuscator by Preemptive Solutions
448(3)
Remotesoft Obfuscator and Linker
451(1)
Remotesoft Protector
452(1)
Precompiled Assemblies
453(1)
Encrypted Assemblies
453(2)
Conclusion
455(2)
Decompilation
457(22)
Native Code Decompilation: An Unsolvable Problem?
457(2)
Typical Decompiler Architecture
459(1)
Intermediate Representations
459(4)
Expressions and Expression Trees
461(1)
Control Flow Graphs
462(1)
The Front End
463(3)
Semantic Analysis
463(1)
Generating Control Flow Graphs
464(2)
Code Analysis
466(10)
Data-Flow Analysis
466(1)
Single Static Assignment (SSA)
467(1)
Data Propagation
468(2)
Register Variable Identification
470(1)
Data Type Propagation
471(1)
Type Analysis
472(1)
Primitive Data Types
472(1)
Complex Data Types
473(2)
Control Flow Analysis
475(1)
Finding Library Functions
475(1)
The Back End
476(1)
Real-World IA-32 Decompilation
477(1)
Conclusion
477(2)
Appendix A Deciphering Code Structures 479(40)
Appendix B Understanding Compiled Arithmetic 519(18)
Appendix C Deciphering Program Data 537(24)
Index 561

An electronic version of this book is available through VitalSource.

This book is viewable on PC, Mac, iPhone, iPad, iPod Touch, and most smartphones.

By purchasing, you will be able to view this book online, as well as download it, for the chosen number of days.

Digital License

You are licensing a digital product for a set duration. Durations are set forth in the product description, with "Lifetime" typically meaning five (5) years of online access and permanent download to a supported device. All licenses are non-transferable.

More details can be found here.

A downloadable version of this book is available through the eCampus Reader or compatible Adobe readers.

Applications are available on iOS, Android, PC, Mac, and Windows Mobile platforms.

Please view the compatibility matrix prior to purchase.