Reversing : (Record no. 1849)

MARC details
000 -LEADER
fixed length control field 11843cam a22003497a 4500
001 - CONTROL NUMBER
control field 13858098
003 - CONTROL NUMBER IDENTIFIER
control field BUL
005 - DATE AND TIME OF LATEST TRANSACTION
control field 20210318120630.0
008 - FIXED-LENGTH DATA ELEMENTS--GENERAL INFORMATION
fixed length control field 050201s2005 inua f 001 0 eng d
010 ## - LIBRARY OF CONGRESS CONTROL NUMBER
LC control number 2005921595
020 ## - INTERNATIONAL STANDARD BOOK NUMBER
International Standard Book Number 0764574817 (pbk.)
020 ## - INTERNATIONAL STANDARD BOOK NUMBER
International Standard Book Number 9780764574818
035 ## - SYSTEM CONTROL NUMBER
System control number (OCoLC)ocm60359199
040 ## - CATALOGING SOURCE
Original cataloging agency BUL
Transcribing agency BUL
Modifying agency BUL
-- BUL
-- BUL
042 ## - AUTHENTICATION CODE
Authentication code lccopycat
050 00 - LIBRARY OF CONGRESS CALL NUMBER
Classification number 0764574817
Item number .E35 2005
082 04 - DEWEY DECIMAL CLASSIFICATION NUMBER
Classification number 005.1
Edition number 22
100 1# - MAIN ENTRY--PERSONAL NAME
Personal name Eilam, Eldad.
245 10 - TITLE STATEMENT
Title Reversing :
Remainder of title secrets of reverse engineering /
Statement of responsibility, etc. Eldad Eilam ; [foreword by Elliot Chikofsky].
260 ## - PUBLICATION, DISTRIBUTION, ETC.
Place of publication, distribution, etc. Indianapolis, IN :
Name of publisher, distributor, etc. Wiley,
Date of publication, distribution, etc. c2005.
300 ## - PHYSICAL DESCRIPTION
Extent xxviii, 589 p. :
Other physical details ill. ;
Dimensions 24 cm.
500 ## - GENERAL NOTE
General note Foreword vii<br/>Acknowledgments xi<br/>Introduction xxiii<br/>Part I Reversing 101 1<br/><br/>Chapter 1 Foundations 3<br/>What Is Reverse Engineering? 3<br/>Software Reverse Engineering: Reversing 4<br/>Reversing Applications 4<br/>Security-Related Reversing 5<br/>Malicious Software 5<br/>Reversing Cryptographic Algorithms 6<br/>Digital Rights Management 7<br/>Auditing Program Binaries 7<br/>Reversing in Software Development 8<br/>Achieving Interoperability with Proprietary Software 8<br/>Developing Competing Software 8<br/>Evaluating Software Quality and Robustness 9<br/>Low-Level Software 9<br/>Assembly Language 10<br/>Compilers 11<br/>Virtual Machines and Bytecodes 12<br/>Operating Systems 13<br/>Contents<br/>xiii<br/>The Reversing Process 13<br/>System-Level Reversing 14<br/>Code-Level Reversing 14<br/>The Tools 14<br/>System-Monitoring Tools 15<br/>Disassemblers 15<br/>Debuggers 15<br/>Decompilers 16<br/>Is Reversing Legal? 17<br/>Interoperability 17<br/>Competition 18<br/>Copyright Law 19<br/>Trade Secrets and Patents 20<br/>The Digital Millenium Copyright Act 20<br/>DMCACases 22<br/>License Agreement Considerations 23<br/>Code Samples & Tools 23<br/>Conclusion 23<br/><br/>Chapter 2 Low-Level Software 25<br/>High-Level Perspectives 26<br/>Program Structure 26<br/>Modules 28<br/>Common Code Constructs 28<br/>Data Management 29<br/>Variables 30<br/>User-Defined Data Structures 30<br/>Lists 31<br/>Control Flow 32<br/>High-Level Languages 33<br/>C 34<br/>C++ 35<br/>Java 36<br/>C# 36<br/>Low-Level Perspectives 37<br/>Low-Level Data Management 37<br/>Registers 39<br/>The Stack 40<br/>Heaps 42<br/>Executable Data Sections 43<br/>Control Flow 43<br/>Assembly Language 101 44<br/>Registers 44<br/>Flags 46<br/>Instruction Format 47<br/>Basic Instructions 48<br/>Moving Data 49<br/>Arithmetic 49<br/>Comparing Operands 50<br/>xiv Contents<br/>Conditional Branches 51<br/>Function Calls 51<br/>Examples 52<br/>A Primer on Compilers and Compilation 53<br/>Defining a Compiler 54<br/>Compiler Architecture 55<br/>Front End 55<br/>Intermediate Representations 55<br/>Optimizer 56<br/>Back End 57<br/>Listing Files 58<br/>Specific Compilers 59<br/>Execution Environments 60<br/>Software Execution Environments (Virtual Machines) 60<br/>Bytecodes 61<br/>Interpreters 61<br/>Just-in-Time Compilers 62<br/>Reversing Strategies 62<br/>Hardware Execution Environments in Modern Processors 63<br/>Intel NetBurst 65<br/>μops (Micro-Ops) 65<br/>Pipelines 65<br/>Branch Prediction 67<br/>Conclusion 68<br/><br/>Chapter 3 Windows Fundamentals 69<br/>Components and Basic Architecture 70<br/>Brief History 70<br/>Features 70<br/>Supported Hardware 71<br/>Memory Management 71<br/>Virtual Memory and Paging 72<br/>Paging 73<br/>Page Faults 73<br/>Working Sets 74<br/>Kernel Memory and User Memory 74<br/>The Kernel Memory Space 75<br/>Section Objects 77<br/>VAD Trees 78<br/>User-Mode Allocations 78<br/>Memory Management APIs 79<br/>Objects and Handles 80<br/>Named objects 81<br/>Processes and Threads 83<br/>Processes 84<br/>Threads 84<br/>Context Switching 85<br/>Synchronization Objects 86<br/>Process Initialization Sequence 87<br/>Contents xv<br/>Application Programming Interfaces 88<br/>The Win32 API 88<br/>The Native API 90<br/>System Calling Mechanism 91<br/>Executable Formats 93<br/>Basic Concepts 93<br/>Image Sections 95<br/>Section Alignment 95<br/>Dynamically Linked Libraries 96<br/>Headers 97<br/>Imports and Exports 99<br/>Directories 99<br/>Input and Output 103<br/>The I/O System 103<br/>The Win32 Subsystem 104<br/>Object Management 105<br/>Structured Exception Handling 105<br/>Conclusion 107<br/><br/>Chapter 4 Reversing Tools 109<br/>Different Reversing Approaches 110<br/>Offline Code Analysis (Dead-Listing) 110<br/>Live Code Analysis 110<br/>Disassemblers 110<br/>IDA Pro 112<br/>ILDasm 115<br/>Debuggers 116<br/>User-Mode Debuggers 118<br/>OllyDbg 118<br/>User Debugging in WinDbg 119<br/>IDA Pro 121<br/>PEBrowse Professional Interactive 122<br/>Kernel-Mode Debuggers 122<br/>Kernel Debugging in WinDbg 123<br/>Numega SoftICE 124<br/>Kernel Debugging on Virtual Machines 127<br/>Decompilers 129<br/>System-Monitoring Tools 129<br/>Patching Tools 131<br/>Hex Workshop 131<br/>Miscellaneous Reversing Tools 133<br/>Executable-Dumping Tools 133<br/>DUMPBIN 133<br/>PEView 137<br/>PEBrowse Professional 137<br/>Conclusion 138<br/>xvi Contents<br/>Part II Applied Reversing 139<br/><br/>Chapter 5 Beyond the Documentation 141<br/>Reversing and Interoperability 142<br/>Laying the Ground Rules 142<br/>Locating Undocumented APIs 143<br/>What Are We Looking For? 144<br/>Case Study: The Generic Table API in NTDLL.DLL 145<br/>RtlInitializeGenericTable 146<br/>RtlNumberGenericTableElements 151<br/>RtlIsGenericTableEmpty 152<br/>RtlGetElementGenericTable 153<br/>Setup and Initialization 155<br/>Logic and Structure 159<br/>Search Loop 1 161<br/>Search Loop 2 163<br/>Search Loop 3 164<br/>Search Loop 4 165<br/>Reconstructing the Source Code 165<br/>RtlInsertElementGenericTable 168<br/>RtlLocateNodeGenericTable 170<br/>RtlRealInsertElementWorker 178<br/>Splay Trees 187<br/>RtlLookupElementGenericTable 188<br/>RtlDeleteElementGenericTable 193<br/>Putting the Pieces Together 194<br/>Conclusion 196<br/><br/>Chapter 6 Deciphering File Formats 199<br/>Cryptex 200<br/>Using Cryptex 201<br/>Reversing Cryptex 202<br/>The Password Verification Process 207<br/>Catching the “Bad Password” Message 207<br/>The Password Transformation Algorithm 210<br/>Hashing the Password 213<br/>The Directory Layout 218<br/>Analyzing the Directory Processing Code 218<br/>Analyzing a File Entry 223<br/>Dumping the Directory Layout 227<br/>The File Extraction Process 228<br/>Scanning the File List 234<br/>Decrypting the File 235<br/>The Floating-Point Sequence 236<br/>The Decryption Loop 238<br/>Verifying the Hash Value 239<br/>The Big Picture 239<br/>Digging Deeper 241<br/>Conclusion 242<br/>Contents xvii<br/><br/>Chapter 7 Auditing Program Binaries 243<br/>Defining the Problem 243<br/>Vulnerabilities 245<br/>Stack Overflows 245<br/>A Simple Stack Vulnerability 247<br/>Intrinsic Implementations 249<br/>Stack Checking 250<br/>Nonexecutable Memory 254<br/>Heap Overflows 255<br/>String Filters 256<br/>Integer Overflows 256<br/>Arithmetic Operations on User-Supplied Integers 258<br/>Type Conversion Errors 260<br/>Case-Study: The IIS Indexing Service Vulnerability 262<br/>CVariableSet::AddExtensionControlBlock 263<br/>DecodeURLEscapes 267<br/>Conclusion 271<br/><br/>Chapter 8 Reversing Malware 273<br/>Types of Malware 274<br/>Viruses 274<br/>Worms 274<br/>Trojan Horses 275<br/>Backdoors 276<br/>Mobile Code 276<br/>Adware/Spyware 276<br/>Sticky Software 277<br/>Future Malware 278<br/>Information-Stealing Worms 278<br/>BIOS/Firmware Malware 279<br/>Uses of Malware 280<br/>Malware Vulnerability 281<br/>Polymorphism 282<br/>Metamorphism 283<br/>Establishing a Secure Environment 285<br/>The Backdoor.Hacarmy.D 285<br/>Unpacking the Executable 286<br/>Initial Impressions 290<br/>The Initial Installation 291<br/>Initializing Communications 294<br/>Connecting to the Server 296<br/>Joining the Channel 298<br/>Communicating with the Backdoor 299<br/>Running SOCKS4 Servers 303<br/>Clearing the Crime Scene 303<br/>The Backdoor.Hacarmy.D: A Command Reference 304<br/>Conclusion 306<br/>xviii Contents<br/>Part III Cracking 307<br/><br/>Chapter 9 Piracy and Copy Protection 309<br/>Copyrights in the New World 309<br/>The Social Aspect 310<br/>Software Piracy 310<br/>Defining the Problem 311<br/>Class Breaks 312<br/>Requirements 313<br/>The Theoretically Uncrackable Model 314<br/>Types of Protection 314<br/>Media-Based Protections 314<br/>Serial Numbers 315<br/>Challenge Response and Online Activations 315<br/>Hardware-Based Protections 316<br/>Software as a Service 317<br/>Advanced Protection Concepts 318<br/>Crypto-Processors 318<br/>Digital Rights Management 319<br/>DRM Models 320<br/>The Windows Media Rights Manager 321<br/>Secure Audio Path 321<br/>Watermarking 321<br/>Trusted Computing 322<br/>Attacking Copy Protection Technologies 324<br/>Conclusion 324<br/><br/>Chapter 10 Antireversing Techniques 327<br/>Why Antireversing? 327<br/>Basic Approaches to Antireversing 328<br/>Eliminating Symbolic Information 329<br/>Code Encryption 330<br/>Active Antidebugger Techniques 331<br/>Debugger Basics 331<br/>The IsDebuggerPresent API 332<br/>SystemKernelDebuggerInformation 333<br/>Detecting SoftICE Using the Single-Step Interrupt 334<br/>The Trap Flag 335<br/>Code Checksums 335<br/>Confusing Disassemblers 336<br/>Linear Sweep Disassemblers 337<br/>Recursive Traversal Disassemblers 338<br/>Applications 343<br/>Code Obfuscation 344<br/>Control Flow Transformations 346<br/>Opaque Predicates 346<br/>Confusing Decompilers 348<br/>Table Interpretation 348<br/>Contents xix<br/>Inlining and Outlining 353<br/>Interleaving Code 354<br/>Ordering Transformations 355<br/>Data Transformations 355<br/>Modifying Variable Encoding 355<br/>Restructuring Arrays 356<br/>Conclusion 356<br/><br/>Chapter 11 Breaking Protections 357<br/>Patching 358<br/>Keygenning 364<br/>Ripping Key-Generation Algorithms 365<br/>Advanced Cracking: Defender 370<br/>Reversing Defender’s Initialization Routine 377<br/>Analyzing the Decrypted Code 387<br/>SoftICE’s Disappearance 396<br/>Reversing the Secondary Thread 396<br/>Defeating the “Killer” Thread 399<br/>Loading KERNEL32.DLL 400<br/>Reencrypting the Function 401<br/>Back at the Entry Point 402<br/>Parsing the Program Parameters 404<br/>Processing the Username 406<br/>Validating User Information 407<br/>Unlocking the Code 409<br/>Brute-Forcing Your Way through Defender 409<br/>Protection Technologies in Defender 415<br/>Localized Function-Level Encryption 415<br/>Relatively Strong Cipher Block Chaining 415<br/>Reencrypting 416<br/>Obfuscated Application/Operating System Interface 416<br/>Processor Time-Stamp Verification Thread 417<br/>Runtime Generation of Decryption Keys 418<br/>Interdependent Keys 418<br/>User-Input-Based Decryption Keys 419<br/>Heavy Inlining 419<br/>Conclusion 419<br/>Part IV Beyond Disassembly 421<br/><br/>Chapter 12 Reversing .NET 423<br/>Ground Rules 424<br/>.NET Basics 426<br/>Managed Code 426<br/>.NET Programming Languages 428<br/>Common Type System (CTS) 428<br/>Intermediate Language (IL) 429<br/>The Evaluation Stack 430<br/>Activation Records 430<br/>xx Contents<br/>IL Instructions 430<br/>IL Code Samples 433<br/>Counting Items 433<br/>A Linked List Sample 436<br/>Decompilers 443<br/>Obfuscators 444<br/>Renaming Symbols 444<br/>Control Flow Obfuscation 444<br/>Breaking Decompilation and Disassembly 444<br/>Reversing Obfuscated Code 445<br/>XenoCode Obfuscator 446<br/>DotFuscator by Preemptive Solutions 448<br/>Remotesoft Obfuscator and Linker 451<br/>Remotesoft Protector 452<br/>Precompiled Assemblies 453<br/>Encrypted Assemblies 453<br/>Conclusion 455<br/><br/>Chapter 13 Decompilation 457<br/>Native Code Decompilation: An Unsolvable Problem? 457<br/>Typical Decompiler Architecture 459<br/>Intermediate Representations 459<br/>Expressions and Expression Trees 461<br/>Control Flow Graphs 462<br/>The Front End 463<br/>Semantic Analysis 463<br/>Generating Control Flow Graphs 464<br/>Code Analysis 466<br/>Data-Flow Analysis 466<br/>Single Static Assignment (SSA) 467<br/>Data Propagation 468<br/>Register Variable Identification 470<br/>Data Type Propagation 471<br/>Type Analysis 472<br/>Primitive Data Types 472<br/>Complex Data Types 473<br/>Control Flow Analysis 475<br/>Finding Library Functions 475<br/>The Back End 476<br/>Real-World IA-32 Decompilation 477<br/><br/>Conclusion 477
650 #0 - SUBJECT ADDED ENTRY--TOPICAL TERM
Topical term or geographic name entry element Software engineering.
650 #0 - SUBJECT ADDED ENTRY--TOPICAL TERM
Topical term or geographic name entry element Reverse engineering.
650 #0 - SUBJECT ADDED ENTRY--TOPICAL TERM
Topical term or geographic name entry element Computer security.
700 1# - ADDED ENTRY--PERSONAL NAME
Personal name Chikofsky, Elliot J.
856 42 - ELECTRONIC LOCATION AND ACCESS
Materials specified Contributor biographical information
Uniform Resource Identifier <a href="http://www.loc.gov/catdir/enhancements/fy0628/2005921595-b.html">http://www.loc.gov/catdir/enhancements/fy0628/2005921595-b.html</a>
856 42 - ELECTRONIC LOCATION AND ACCESS
Materials specified Full text E-book in PDF
Uniform Resource Identifier <a href="https://www.pdfdrive.com/reverse-engineering-d18717877.html">https://www.pdfdrive.com/reverse-engineering-d18717877.html</a>
Link text https://www.pdfdrive.com/reverse-engineering-d18717877.html
856 41 - ELECTRONIC LOCATION AND ACCESS
Materials specified Full text E-book in PDF
Uniform Resource Identifier <a href="https://www.pdfdrive.com/reverse-engineering-d18717877.html">https://www.pdfdrive.com/reverse-engineering-d18717877.html</a>
Link text https://www.pdfdrive.com/reverse-engineering-d18717877.html
942 ## - ADDED ENTRY ELEMENTS (KOHA)
Source of classification or shelving scheme Dewey Decimal Classification
Koha item type Book Open Access
Item part 1
Holdings
Withdrawn status Lost status Source of classification or shelving scheme Damaged status Not for loan Home library Current library Date acquired Source of acquisition Total Checkouts Full call number Barcode Date last seen Uniform Resource Identifier Price effective from Koha item type
    Dewey Decimal Classification     Engineering Library Engineering Library 03/18/2021 Online   005.1 0764574817 03/18/2021 https://www.pdfdrive.com/reverse-engineering-d18717877.html 03/18/2021 Book Open Access