Book Description

Analyzing how hacks are done, so as to stop them in the future

Reverse engineering is the process of analyzing hardware or software and understanding it, without having access to the source code or design documents. Hackers are able to reverse engineer systems and exploit what they find with scary results. Now the good guys can use the same tools to thwart these threats. Practical Reverse Engineering goes under the hood of reverse engineering for security analysts, security engineers, and system programmers, so they can learn how to use these same processes to stop hackers in their tracks.

The book covers x86, x64, and ARM (the first book to cover all three); Windows kernel-mode code rootkits and drivers; virtual machine protection techniques; and much more. Best of all, it offers a systematic approach to the material, with plenty of hands-on exercises and real-world examples.

  • Offers a systematic approach to understanding reverse engineering, with hands-on exercises and real-world examples

  • Covers x86, x64, and advanced RISC machine (ARM) architectures as well as deobfuscation and virtual machine protection techniques

  • Provides special coverage of Windows kernel-mode code (rootkits/drivers), a topic not often covered elsewhere, and explains how to analyze drivers step by step

  • Demystifies topics that have a steep learning curve

  • Includes a bonus chapter on reverse engineering tools

Practical Reverse Engineering: Using x86, x64, ARM, Windows Kernel, and Reversing Tools provides crucial, up-to-date guidance for a broad range of IT professionals.

Table of Contents

  1. Cover
  2. Chapter 1: x86 and x64
    1. Register Set and Data Types
    2. Instruction Set
    3. Exercise
    4. Exercises
    5. System Mechanism
    6. Walk-Through
    7. Exercises
    8. x64
    9. Exercises
  3. Chapter 2: ARM
    1. Basic Features
    2. Data Types and Registers
    3. System-Level Controls and Settings
    4. Introduction to the Instruction Set
    5. Loading and Storing Data
    6. Functions and Function Invocation
    7. Arithmetic Operations
    8. Branching and Conditional Execution
    9. Miscellaneous
    10. Walk-Through
    11. Next Steps
    12. Exercises
  4. Chapter 3: The Windows Kernel
    1. Windows Fundamentals
    2. Lists
    3. Asynchronous and Ad-Hoc Execution
    4. I/O Request Packets
    5. Structure of a Driver
    6. Walk-Throughs
    7. Next Steps
    8. Exercises
  5. Chapter 4: Debugging and Automation
    1. The Debugging Tools and Basic Commands
    2. Scripting with the Debugging Tools
    3. Using the SDK
    4. Useful Extensions, Tools, and Resources
  6. Chapter 5: Obfuscation
    1. A Survey of Obfuscation Techniques
    2. A Survey of Deobfuscation Techniques
    3. Case Study
    4. Exercises
    5. Notes
  7. Appendix: Sample Names and Corresponding SHA1 Hashes
  8. Introduction