Practical reverse engineering : x86, x64, ARM, Windows Kernel, reversing tools, and obfuscation

Practical reverse engineering : x86, x64, ARM, Windows Kernel, reversing tools, and obfuscation / Bruce Dang, Alexandre Gazet, Elias Bachaalany ; with contributions from Sébastien Josse.

Shranjeno v:
Bibliografske podrobnosti
Main Authors: Dang, Bruce (Author), Gazet, Alexandre (Author), Bachaalany, Elias (Author)
Drugi avtorji: Josse, Sébastien (Contributor)
Format: eKnjiga
Jezik:English
Izdano: Indianapolis, IN : Wiley, [2014]
Teme:
Reverse engineering.
Computer security.
Disassemblers (Computer programs)
COMPUTERS > Networking > Security.
COMPUTERS > Internet > Security.
COMPUTERS > Security > General.
Computer security
Reverse engineering
Online dostop:Click for online access
Kazalo:
  • Cover; Title Page; Copyright; Contents; Chapter 1 x86 and x64; Register Set and Data Types; Instruction Set; Syntax; Data Movement; Exercise; Arithmetic Operations; Stack Operations and Function Invocation; Exercises; Control Flow; System Mechanism; Address Translation; Interrupts and Exceptions; Walk-Through; Exercises; x64; Register Set and Data Types; Data Movement; Canonical Address; Function Invocation; Exercises; Chapter 2 ARM; Basic Features; Data Types and Registers; System-Level Controls and Settings; Introduction to the Instruction Set; Loading and Storing Data; LDR and STR.
  • Other Usage for LDRLDM and STM; PUSH and POP; Functions and Function Invocation; Arithmetic Operations; Branching and Conditional Execution; Thumb State; Switch-Case; Miscellaneous; Just-in-Time and Self-Modifying Code; Synchronization Primitives; System Services and Mechanisms; Instructions; Walk-Through; Next Steps; Exercises; Chapter 3 The Windows Kernel; Windows Fundamentals; Memory Layout; Processor Initialization; System Calls; Interrupt Request Level; Pool Memory; Memory Descriptor Lists; Processes and Threads; Execution Context; Kernel Synchronization Primitives; Lists.
  • Implementation DetailsWalk-Through; Exercises; Asynchronous and Ad-Hoc Execution; System Threads; Work Items; Asynchronous Procedure Calls; Deferred Procedure Calls; Timers; Process and Thread Callbacks; Completion Routines; I/O Request Packets; Structure of a Driver; Entry Points; Driver and Device Objects; IRP Handling; A Common Mechanism for User-Kernel Communication; Miscellaneous System Mechanisms; Walk-Throughs; An x86 Rootkit; An x64 Rootkit; Next Steps; Exercises; Building Confidence and Solidifying Your Knowledge; Investigating and Extending Your Knowledge.
  • Analysis of Real-Life DriversChapter 4 Debugging and Automation; The Debugging Tools and Basic Commands; Setting the Symbol Path; Debugger Windows; Evaluating Expressions; Process Control and Debut Events; Registers, Memory, and Symbols; Breakpoints; Inspecting Processes and Modules; Miscellaneous Commands; Scripting with the Debugging Tools; Pseudo-Registers; Aliases; Language; Script Files; Using Scripts Like Functions; Example Debug Scripts; Using the SDK; Concepts; Writing Debugging Tools Extensions; Useful Extensions, Tools, and Resources; Chapter 5 Obfuscation.
  • A Survey of Obfuscation TechniquesThe Nature of Obfuscation: A Motivating Example; Data-Based Obfuscations; Control-Based Obfuscation; Simultaneous Control-Flow and Data-Flow Obfuscation; Achieving Security by Obscurity; A Survey of Deobfuscation Techniques; The Nature of Deobfuscation: Transformation Inversion; Deobfuscation Tools; Practical Deobfuscation; Case Study; First Impressions; Analyzing Handlers Semantics; Symbolic Execution; Solving the Challenge; Final Thoughts; Exercises; Appendix Sample Names and Corresponding SHA1 Hashes; Index.

Podobne knjige/članki