MARC details
000 -LEADER |
fixed length control field |
11843cam a22003497a 4500 |
001 - CONTROL NUMBER |
control field |
13858098 |
003 - CONTROL NUMBER IDENTIFIER |
control field |
BUL |
005 - DATE AND TIME OF LATEST TRANSACTION |
control field |
20210318120630.0 |
008 - FIXED-LENGTH DATA ELEMENTS--GENERAL INFORMATION |
fixed length control field |
050201s2005 inua f 001 0 eng d |
010 ## - LIBRARY OF CONGRESS CONTROL NUMBER |
LC control number |
2005921595 |
020 ## - INTERNATIONAL STANDARD BOOK NUMBER |
International Standard Book Number |
0764574817 (pbk.) |
020 ## - INTERNATIONAL STANDARD BOOK NUMBER |
International Standard Book Number |
9780764574818 |
035 ## - SYSTEM CONTROL NUMBER |
System control number |
(OCoLC)ocm60359199 |
040 ## - CATALOGING SOURCE |
Original cataloging agency |
BUL |
Transcribing agency |
BUL |
Modifying agency |
BUL |
-- |
BUL |
-- |
BUL |
042 ## - AUTHENTICATION CODE |
Authentication code |
lccopycat |
050 00 - LIBRARY OF CONGRESS CALL NUMBER |
Classification number |
0764574817 |
Item number |
.E35 2005 |
082 04 - DEWEY DECIMAL CLASSIFICATION NUMBER |
Classification number |
005.1 |
Edition number |
22 |
100 1# - MAIN ENTRY--PERSONAL NAME |
Personal name |
Eilam, Eldad. |
245 10 - TITLE STATEMENT |
Title |
Reversing : |
Remainder of title |
secrets of reverse engineering / |
Statement of responsibility, etc. |
Eldad Eilam ; [foreword by Elliot Chikofsky]. |
260 ## - PUBLICATION, DISTRIBUTION, ETC. |
Place of publication, distribution, etc. |
Indianapolis, IN : |
Name of publisher, distributor, etc. |
Wiley, |
Date of publication, distribution, etc. |
c2005. |
300 ## - PHYSICAL DESCRIPTION |
Extent |
xxviii, 589 p. : |
Other physical details |
ill. ; |
Dimensions |
24 cm. |
500 ## - GENERAL NOTE |
General note |
Foreword vii<br/>Acknowledgments xi<br/>Introduction xxiii<br/>Part I Reversing 101 1<br/><br/>Chapter 1 Foundations 3<br/>What Is Reverse Engineering? 3<br/>Software Reverse Engineering: Reversing 4<br/>Reversing Applications 4<br/>Security-Related Reversing 5<br/>Malicious Software 5<br/>Reversing Cryptographic Algorithms 6<br/>Digital Rights Management 7<br/>Auditing Program Binaries 7<br/>Reversing in Software Development 8<br/>Achieving Interoperability with Proprietary Software 8<br/>Developing Competing Software 8<br/>Evaluating Software Quality and Robustness 9<br/>Low-Level Software 9<br/>Assembly Language 10<br/>Compilers 11<br/>Virtual Machines and Bytecodes 12<br/>Operating Systems 13<br/>Contents<br/>xiii<br/>The Reversing Process 13<br/>System-Level Reversing 14<br/>Code-Level Reversing 14<br/>The Tools 14<br/>System-Monitoring Tools 15<br/>Disassemblers 15<br/>Debuggers 15<br/>Decompilers 16<br/>Is Reversing Legal? 17<br/>Interoperability 17<br/>Competition 18<br/>Copyright Law 19<br/>Trade Secrets and Patents 20<br/>The Digital Millenium Copyright Act 20<br/>DMCACases 22<br/>License Agreement Considerations 23<br/>Code Samples & Tools 23<br/>Conclusion 23<br/><br/>Chapter 2 Low-Level Software 25<br/>High-Level Perspectives 26<br/>Program Structure 26<br/>Modules 28<br/>Common Code Constructs 28<br/>Data Management 29<br/>Variables 30<br/>User-Defined Data Structures 30<br/>Lists 31<br/>Control Flow 32<br/>High-Level Languages 33<br/>C 34<br/>C++ 35<br/>Java 36<br/>C# 36<br/>Low-Level Perspectives 37<br/>Low-Level Data Management 37<br/>Registers 39<br/>The Stack 40<br/>Heaps 42<br/>Executable Data Sections 43<br/>Control Flow 43<br/>Assembly Language 101 44<br/>Registers 44<br/>Flags 46<br/>Instruction Format 47<br/>Basic Instructions 48<br/>Moving Data 49<br/>Arithmetic 49<br/>Comparing Operands 50<br/>xiv Contents<br/>Conditional Branches 51<br/>Function Calls 51<br/>Examples 52<br/>A Primer on Compilers and Compilation 53<br/>Defining a Compiler 54<br/>Compiler Architecture 55<br/>Front End 55<br/>Intermediate Representations 55<br/>Optimizer 56<br/>Back End 57<br/>Listing Files 58<br/>Specific Compilers 59<br/>Execution Environments 60<br/>Software Execution Environments (Virtual Machines) 60<br/>Bytecodes 61<br/>Interpreters 61<br/>Just-in-Time Compilers 62<br/>Reversing Strategies 62<br/>Hardware Execution Environments in Modern Processors 63<br/>Intel NetBurst 65<br/>μops (Micro-Ops) 65<br/>Pipelines 65<br/>Branch Prediction 67<br/>Conclusion 68<br/><br/>Chapter 3 Windows Fundamentals 69<br/>Components and Basic Architecture 70<br/>Brief History 70<br/>Features 70<br/>Supported Hardware 71<br/>Memory Management 71<br/>Virtual Memory and Paging 72<br/>Paging 73<br/>Page Faults 73<br/>Working Sets 74<br/>Kernel Memory and User Memory 74<br/>The Kernel Memory Space 75<br/>Section Objects 77<br/>VAD Trees 78<br/>User-Mode Allocations 78<br/>Memory Management APIs 79<br/>Objects and Handles 80<br/>Named objects 81<br/>Processes and Threads 83<br/>Processes 84<br/>Threads 84<br/>Context Switching 85<br/>Synchronization Objects 86<br/>Process Initialization Sequence 87<br/>Contents xv<br/>Application Programming Interfaces 88<br/>The Win32 API 88<br/>The Native API 90<br/>System Calling Mechanism 91<br/>Executable Formats 93<br/>Basic Concepts 93<br/>Image Sections 95<br/>Section Alignment 95<br/>Dynamically Linked Libraries 96<br/>Headers 97<br/>Imports and Exports 99<br/>Directories 99<br/>Input and Output 103<br/>The I/O System 103<br/>The Win32 Subsystem 104<br/>Object Management 105<br/>Structured Exception Handling 105<br/>Conclusion 107<br/><br/>Chapter 4 Reversing Tools 109<br/>Different Reversing Approaches 110<br/>Offline Code Analysis (Dead-Listing) 110<br/>Live Code Analysis 110<br/>Disassemblers 110<br/>IDA Pro 112<br/>ILDasm 115<br/>Debuggers 116<br/>User-Mode Debuggers 118<br/>OllyDbg 118<br/>User Debugging in WinDbg 119<br/>IDA Pro 121<br/>PEBrowse Professional Interactive 122<br/>Kernel-Mode Debuggers 122<br/>Kernel Debugging in WinDbg 123<br/>Numega SoftICE 124<br/>Kernel Debugging on Virtual Machines 127<br/>Decompilers 129<br/>System-Monitoring Tools 129<br/>Patching Tools 131<br/>Hex Workshop 131<br/>Miscellaneous Reversing Tools 133<br/>Executable-Dumping Tools 133<br/>DUMPBIN 133<br/>PEView 137<br/>PEBrowse Professional 137<br/>Conclusion 138<br/>xvi Contents<br/>Part II Applied Reversing 139<br/><br/>Chapter 5 Beyond the Documentation 141<br/>Reversing and Interoperability 142<br/>Laying the Ground Rules 142<br/>Locating Undocumented APIs 143<br/>What Are We Looking For? 144<br/>Case Study: The Generic Table API in NTDLL.DLL 145<br/>RtlInitializeGenericTable 146<br/>RtlNumberGenericTableElements 151<br/>RtlIsGenericTableEmpty 152<br/>RtlGetElementGenericTable 153<br/>Setup and Initialization 155<br/>Logic and Structure 159<br/>Search Loop 1 161<br/>Search Loop 2 163<br/>Search Loop 3 164<br/>Search Loop 4 165<br/>Reconstructing the Source Code 165<br/>RtlInsertElementGenericTable 168<br/>RtlLocateNodeGenericTable 170<br/>RtlRealInsertElementWorker 178<br/>Splay Trees 187<br/>RtlLookupElementGenericTable 188<br/>RtlDeleteElementGenericTable 193<br/>Putting the Pieces Together 194<br/>Conclusion 196<br/><br/>Chapter 6 Deciphering File Formats 199<br/>Cryptex 200<br/>Using Cryptex 201<br/>Reversing Cryptex 202<br/>The Password Verification Process 207<br/>Catching the “Bad Password” Message 207<br/>The Password Transformation Algorithm 210<br/>Hashing the Password 213<br/>The Directory Layout 218<br/>Analyzing the Directory Processing Code 218<br/>Analyzing a File Entry 223<br/>Dumping the Directory Layout 227<br/>The File Extraction Process 228<br/>Scanning the File List 234<br/>Decrypting the File 235<br/>The Floating-Point Sequence 236<br/>The Decryption Loop 238<br/>Verifying the Hash Value 239<br/>The Big Picture 239<br/>Digging Deeper 241<br/>Conclusion 242<br/>Contents xvii<br/><br/>Chapter 7 Auditing Program Binaries 243<br/>Defining the Problem 243<br/>Vulnerabilities 245<br/>Stack Overflows 245<br/>A Simple Stack Vulnerability 247<br/>Intrinsic Implementations 249<br/>Stack Checking 250<br/>Nonexecutable Memory 254<br/>Heap Overflows 255<br/>String Filters 256<br/>Integer Overflows 256<br/>Arithmetic Operations on User-Supplied Integers 258<br/>Type Conversion Errors 260<br/>Case-Study: The IIS Indexing Service Vulnerability 262<br/>CVariableSet::AddExtensionControlBlock 263<br/>DecodeURLEscapes 267<br/>Conclusion 271<br/><br/>Chapter 8 Reversing Malware 273<br/>Types of Malware 274<br/>Viruses 274<br/>Worms 274<br/>Trojan Horses 275<br/>Backdoors 276<br/>Mobile Code 276<br/>Adware/Spyware 276<br/>Sticky Software 277<br/>Future Malware 278<br/>Information-Stealing Worms 278<br/>BIOS/Firmware Malware 279<br/>Uses of Malware 280<br/>Malware Vulnerability 281<br/>Polymorphism 282<br/>Metamorphism 283<br/>Establishing a Secure Environment 285<br/>The Backdoor.Hacarmy.D 285<br/>Unpacking the Executable 286<br/>Initial Impressions 290<br/>The Initial Installation 291<br/>Initializing Communications 294<br/>Connecting to the Server 296<br/>Joining the Channel 298<br/>Communicating with the Backdoor 299<br/>Running SOCKS4 Servers 303<br/>Clearing the Crime Scene 303<br/>The Backdoor.Hacarmy.D: A Command Reference 304<br/>Conclusion 306<br/>xviii Contents<br/>Part III Cracking 307<br/><br/>Chapter 9 Piracy and Copy Protection 309<br/>Copyrights in the New World 309<br/>The Social Aspect 310<br/>Software Piracy 310<br/>Defining the Problem 311<br/>Class Breaks 312<br/>Requirements 313<br/>The Theoretically Uncrackable Model 314<br/>Types of Protection 314<br/>Media-Based Protections 314<br/>Serial Numbers 315<br/>Challenge Response and Online Activations 315<br/>Hardware-Based Protections 316<br/>Software as a Service 317<br/>Advanced Protection Concepts 318<br/>Crypto-Processors 318<br/>Digital Rights Management 319<br/>DRM Models 320<br/>The Windows Media Rights Manager 321<br/>Secure Audio Path 321<br/>Watermarking 321<br/>Trusted Computing 322<br/>Attacking Copy Protection Technologies 324<br/>Conclusion 324<br/><br/>Chapter 10 Antireversing Techniques 327<br/>Why Antireversing? 327<br/>Basic Approaches to Antireversing 328<br/>Eliminating Symbolic Information 329<br/>Code Encryption 330<br/>Active Antidebugger Techniques 331<br/>Debugger Basics 331<br/>The IsDebuggerPresent API 332<br/>SystemKernelDebuggerInformation 333<br/>Detecting SoftICE Using the Single-Step Interrupt 334<br/>The Trap Flag 335<br/>Code Checksums 335<br/>Confusing Disassemblers 336<br/>Linear Sweep Disassemblers 337<br/>Recursive Traversal Disassemblers 338<br/>Applications 343<br/>Code Obfuscation 344<br/>Control Flow Transformations 346<br/>Opaque Predicates 346<br/>Confusing Decompilers 348<br/>Table Interpretation 348<br/>Contents xix<br/>Inlining and Outlining 353<br/>Interleaving Code 354<br/>Ordering Transformations 355<br/>Data Transformations 355<br/>Modifying Variable Encoding 355<br/>Restructuring Arrays 356<br/>Conclusion 356<br/><br/>Chapter 11 Breaking Protections 357<br/>Patching 358<br/>Keygenning 364<br/>Ripping Key-Generation Algorithms 365<br/>Advanced Cracking: Defender 370<br/>Reversing Defender’s Initialization Routine 377<br/>Analyzing the Decrypted Code 387<br/>SoftICE’s Disappearance 396<br/>Reversing the Secondary Thread 396<br/>Defeating the “Killer” Thread 399<br/>Loading KERNEL32.DLL 400<br/>Reencrypting the Function 401<br/>Back at the Entry Point 402<br/>Parsing the Program Parameters 404<br/>Processing the Username 406<br/>Validating User Information 407<br/>Unlocking the Code 409<br/>Brute-Forcing Your Way through Defender 409<br/>Protection Technologies in Defender 415<br/>Localized Function-Level Encryption 415<br/>Relatively Strong Cipher Block Chaining 415<br/>Reencrypting 416<br/>Obfuscated Application/Operating System Interface 416<br/>Processor Time-Stamp Verification Thread 417<br/>Runtime Generation of Decryption Keys 418<br/>Interdependent Keys 418<br/>User-Input-Based Decryption Keys 419<br/>Heavy Inlining 419<br/>Conclusion 419<br/>Part IV Beyond Disassembly 421<br/><br/>Chapter 12 Reversing .NET 423<br/>Ground Rules 424<br/>.NET Basics 426<br/>Managed Code 426<br/>.NET Programming Languages 428<br/>Common Type System (CTS) 428<br/>Intermediate Language (IL) 429<br/>The Evaluation Stack 430<br/>Activation Records 430<br/>xx Contents<br/>IL Instructions 430<br/>IL Code Samples 433<br/>Counting Items 433<br/>A Linked List Sample 436<br/>Decompilers 443<br/>Obfuscators 444<br/>Renaming Symbols 444<br/>Control Flow Obfuscation 444<br/>Breaking Decompilation and Disassembly 444<br/>Reversing Obfuscated Code 445<br/>XenoCode Obfuscator 446<br/>DotFuscator by Preemptive Solutions 448<br/>Remotesoft Obfuscator and Linker 451<br/>Remotesoft Protector 452<br/>Precompiled Assemblies 453<br/>Encrypted Assemblies 453<br/>Conclusion 455<br/><br/>Chapter 13 Decompilation 457<br/>Native Code Decompilation: An Unsolvable Problem? 457<br/>Typical Decompiler Architecture 459<br/>Intermediate Representations 459<br/>Expressions and Expression Trees 461<br/>Control Flow Graphs 462<br/>The Front End 463<br/>Semantic Analysis 463<br/>Generating Control Flow Graphs 464<br/>Code Analysis 466<br/>Data-Flow Analysis 466<br/>Single Static Assignment (SSA) 467<br/>Data Propagation 468<br/>Register Variable Identification 470<br/>Data Type Propagation 471<br/>Type Analysis 472<br/>Primitive Data Types 472<br/>Complex Data Types 473<br/>Control Flow Analysis 475<br/>Finding Library Functions 475<br/>The Back End 476<br/>Real-World IA-32 Decompilation 477<br/><br/>Conclusion 477 |
650 #0 - SUBJECT ADDED ENTRY--TOPICAL TERM |
Topical term or geographic name entry element |
Software engineering. |
650 #0 - SUBJECT ADDED ENTRY--TOPICAL TERM |
Topical term or geographic name entry element |
Reverse engineering. |
650 #0 - SUBJECT ADDED ENTRY--TOPICAL TERM |
Topical term or geographic name entry element |
Computer security. |
700 1# - ADDED ENTRY--PERSONAL NAME |
Personal name |
Chikofsky, Elliot J. |
856 42 - ELECTRONIC LOCATION AND ACCESS |
Materials specified |
Contributor biographical information |
Uniform Resource Identifier |
<a href="http://www.loc.gov/catdir/enhancements/fy0628/2005921595-b.html">http://www.loc.gov/catdir/enhancements/fy0628/2005921595-b.html</a> |
856 42 - ELECTRONIC LOCATION AND ACCESS |
Materials specified |
Full text E-book in PDF |
Uniform Resource Identifier |
<a href="https://www.pdfdrive.com/reverse-engineering-d18717877.html">https://www.pdfdrive.com/reverse-engineering-d18717877.html</a> |
Link text |
https://www.pdfdrive.com/reverse-engineering-d18717877.html |
856 41 - ELECTRONIC LOCATION AND ACCESS |
Materials specified |
Full text E-book in PDF |
Uniform Resource Identifier |
<a href="https://www.pdfdrive.com/reverse-engineering-d18717877.html">https://www.pdfdrive.com/reverse-engineering-d18717877.html</a> |
Link text |
https://www.pdfdrive.com/reverse-engineering-d18717877.html |
942 ## - ADDED ENTRY ELEMENTS (KOHA) |
Source of classification or shelving scheme |
Dewey Decimal Classification |
Koha item type |
Book Open Access |
Item part |
1 |