{"product_id":"practical-reverse-engineering-isbn-9781118787311","title":"Practical Reverse Engineering","description":"\u003cp\u003e\u003cb\u003eAnalyzing how hacks are done, so as to stop them in the future\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eReverse engineering is the process of analyzing hardware or software and understanding it, without having access to the source code or design documents. Hackers are able to reverse engineer systems and exploit what they find with scary results. Now the good guys can use the same tools to thwart these threats. \u003ci\u003ePractical Reverse Engineering\u003c\/i\u003e goes under the hood of reverse engineering for security analysts, security engineers, and system programmers, so they can learn how to use these same processes to stop hackers in their tracks.\u003c\/p\u003e \u003cp\u003eThe book covers x86, x64, and ARM (the first book to cover all three); Windows kernel-mode code rootkits and drivers; virtual machine protection techniques; and much more. Best of all, it offers a systematic approach to the material, with plenty of hands-on exercises and real-world examples.\u003c\/p\u003e \u003cul\u003e \u003cli\u003eOffers a systematic approach to understanding reverse engineering, with hands-on exercises and real-world examples\u003c\/li\u003e \u003cli\u003eCovers x86, x64, and advanced RISC machine (ARM) architectures as well as deobfuscation and virtual machine protection techniques\u003c\/li\u003e \u003cli\u003eProvides special coverage of Windows kernel-mode code (rootkits\/drivers), a topic not often covered elsewhere, and explains how to analyze drivers step by step\u003c\/li\u003e \u003cli\u003eDemystifies topics that have a steep learning curve\u003c\/li\u003e \u003cli\u003eIncludes a bonus chapter on reverse engineering tools\u003c\/li\u003e \u003c\/ul\u003e \u003cp\u003e\u003ci\u003ePractical Reverse Engineering: Using x86, x64, ARM, Windows Kernel, and Reversing Tools \u003c\/i\u003eprovides crucial, up-to-date guidance for a broad range of IT professionals.\u003c\/p\u003e \u003cp\u003eIntroduction xxiii\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 1 x86 and x64 1\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eRegister Set and Data Types 2\u003c\/p\u003e \u003cp\u003eInstruction Set 3\u003c\/p\u003e \u003cp\u003eSyntax 4\u003c\/p\u003e \u003cp\u003eData Movement 5\u003c\/p\u003e \u003cp\u003eExercise 11\u003c\/p\u003e \u003cp\u003eArithmetic Operations 11\u003c\/p\u003e \u003cp\u003eStack Operations and Function Invocation 13\u003c\/p\u003e \u003cp\u003eExercises 17\u003c\/p\u003e \u003cp\u003eControl Flow 17\u003c\/p\u003e \u003cp\u003eSystem Mechanism 25\u003c\/p\u003e \u003cp\u003eAddress Translation 26\u003c\/p\u003e \u003cp\u003eInterrupts and Exceptions 27\u003c\/p\u003e \u003cp\u003eWalk-Through 28\u003c\/p\u003e \u003cp\u003eExercises 35\u003c\/p\u003e \u003cp\u003ex64 36\u003c\/p\u003e \u003cp\u003eRegister Set and Data Types 36\u003c\/p\u003e \u003cp\u003eData Movement 36\u003c\/p\u003e \u003cp\u003eCanonical Address 37\u003c\/p\u003e \u003cp\u003eFunction Invocation 37\u003c\/p\u003e \u003cp\u003eExercises 38\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 2 ARM 39\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eBasic Features 40\u003c\/p\u003e \u003cp\u003eData Types and Registers 43\u003c\/p\u003e \u003cp\u003eSystem-Level Controls and Settings 45\u003c\/p\u003e \u003cp\u003eIntroduction to the Instruction Set 46\u003c\/p\u003e \u003cp\u003eLoading and Storing Data 47\u003c\/p\u003e \u003cp\u003eLDR and STR 47\u003c\/p\u003e \u003cp\u003eOther Usage for LDR 51\u003c\/p\u003e \u003cp\u003eLDM and STM 52\u003c\/p\u003e \u003cp\u003ePUSH and POP 56\u003c\/p\u003e \u003cp\u003eFunctions and Function Invocation 57\u003c\/p\u003e \u003cp\u003eArithmetic Operations 60\u003c\/p\u003e \u003cp\u003eBranching and Conditional Execution 61\u003c\/p\u003e \u003cp\u003eThumb State 64\u003c\/p\u003e \u003cp\u003eSwitch-Case 65\u003c\/p\u003e \u003cp\u003eMiscellaneous 67\u003c\/p\u003e \u003cp\u003eJust-in-Time and Self-Modifying Code 67\u003c\/p\u003e \u003cp\u003eSynchronization Primitives 67\u003c\/p\u003e \u003cp\u003eSystem Services and Mechanisms 68\u003c\/p\u003e \u003cp\u003eInstructions 70\u003c\/p\u003e \u003cp\u003eWalk-Through 71\u003c\/p\u003e \u003cp\u003eNext Steps 77\u003c\/p\u003e \u003cp\u003eExercises 78\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 3 The Windows Kernel 87\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eWindows Fundamentals 88\u003c\/p\u003e \u003cp\u003eMemory Layout 88\u003c\/p\u003e \u003cp\u003eProcessor Initialization 89\u003c\/p\u003e \u003cp\u003eSystem Calls 92\u003c\/p\u003e \u003cp\u003eInterrupt Request Level 104\u003c\/p\u003e \u003cp\u003ePool Memory 106\u003c\/p\u003e \u003cp\u003eMemory Descriptor Lists 106\u003c\/p\u003e \u003cp\u003eProcesses and Threads 107\u003c\/p\u003e \u003cp\u003eExecution Context 109\u003c\/p\u003e \u003cp\u003eKernel Synchronization Primitives 110\u003c\/p\u003e \u003cp\u003eLists 111\u003c\/p\u003e \u003cp\u003eImplementation Details 112\u003c\/p\u003e \u003cp\u003eWalk-Through 119\u003c\/p\u003e \u003cp\u003eExercises 123\u003c\/p\u003e \u003cp\u003eAsynchronous and Ad-Hoc Execution 128\u003c\/p\u003e \u003cp\u003eSystem Threads 128\u003c\/p\u003e \u003cp\u003eWork Items 129\u003c\/p\u003e \u003cp\u003eAsynchronous Procedure Calls 131\u003c\/p\u003e \u003cp\u003eDeferred Procedure Calls 135\u003c\/p\u003e \u003cp\u003eTimers 140\u003c\/p\u003e \u003cp\u003eProcess and Thread Callbacks 142\u003c\/p\u003e \u003cp\u003eCompletion Routines 143\u003c\/p\u003e \u003cp\u003eI\/O Request Packets 144\u003c\/p\u003e \u003cp\u003eStructure of a Driver 146\u003c\/p\u003e \u003cp\u003eEntry Points 147\u003c\/p\u003e \u003cp\u003eDriver and Device Objects 149\u003c\/p\u003e \u003cp\u003eIRP Handling 150\u003c\/p\u003e \u003cp\u003eA Common Mechanism for User-Kernel Communication 150\u003c\/p\u003e \u003cp\u003eMiscellaneous System Mechanisms 153\u003c\/p\u003e \u003cp\u003eWalk-Throughs 155\u003c\/p\u003e \u003cp\u003eAn x86 Rootkit 156\u003c\/p\u003e \u003cp\u003eAn x64 Rootkit 172\u003c\/p\u003e \u003cp\u003eNext Steps 178\u003c\/p\u003e \u003cp\u003eExercises 180\u003c\/p\u003e \u003cp\u003eBuilding Confidence and Solidifying Your Knowledge 180\u003c\/p\u003e \u003cp\u003eInvestigating and Extending Your Knowledge 182\u003c\/p\u003e \u003cp\u003eAnalysis of Real-Life Drivers 184\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 4 Debugging and Automation 187\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eThe Debugging Tools and Basic Commands 188\u003c\/p\u003e \u003cp\u003eSetting the Symbol Path 189\u003c\/p\u003e \u003cp\u003eDebugger Windows 189\u003c\/p\u003e \u003cp\u003eEvaluating Expressions 190\u003c\/p\u003e \u003cp\u003eProcess Control and Debut Events 194\u003c\/p\u003e \u003cp\u003eRegisters, Memory, and Symbols 198\u003c\/p\u003e \u003cp\u003eBreakpoints 208\u003c\/p\u003e \u003cp\u003eInspecting Processes and Modules 211\u003c\/p\u003e \u003cp\u003eMiscellaneous Commands 214\u003c\/p\u003e \u003cp\u003eScripting with the Debugging Tools 216\u003c\/p\u003e \u003cp\u003ePseudo-Registers 216\u003c\/p\u003e \u003cp\u003eAliases 219\u003c\/p\u003e \u003cp\u003eLanguage 226\u003c\/p\u003e \u003cp\u003eScript Files 240\u003c\/p\u003e \u003cp\u003eUsing Scripts Like Functions 244\u003c\/p\u003e \u003cp\u003eExample Debug Scripts 249\u003c\/p\u003e \u003cp\u003eUsing the SDK 257\u003c\/p\u003e \u003cp\u003eConcepts 258\u003c\/p\u003e \u003cp\u003eWriting Debugging Tools Extensions 262\u003c\/p\u003e \u003cp\u003eUseful Extensions, Tools, and Resources 264\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 5 Obfuscation 267\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eA Survey of Obfuscation Techniques 269\u003c\/p\u003e \u003cp\u003eThe Nature of Obfuscation: A Motivating Example 269\u003c\/p\u003e \u003cp\u003eData-Based Obfuscations 273\u003c\/p\u003e \u003cp\u003eControl-Based Obfuscation 278\u003c\/p\u003e \u003cp\u003eSimultaneous Control-Flow and Data-Flow Obfuscation 284\u003c\/p\u003e \u003cp\u003eAchieving Security by Obscurity 288\u003c\/p\u003e \u003cp\u003eA Survey of Deobfuscation Techniques 289\u003c\/p\u003e \u003cp\u003eThe Nature of Deobfuscation: Transformation Inversion 289\u003c\/p\u003e \u003cp\u003eDeobfuscation Tools 295\u003c\/p\u003e \u003cp\u003ePractical Deobfuscation 312\u003c\/p\u003e \u003cp\u003eCase Study 328\u003c\/p\u003e \u003cp\u003eFirst Impressions 328\u003c\/p\u003e \u003cp\u003eAnalyzing Handlers Semantics 330\u003c\/p\u003e \u003cp\u003eSymbolic Execution 333\u003c\/p\u003e \u003cp\u003eSolving the Challenge 334\u003c\/p\u003e \u003cp\u003eFinal Thoughts 336\u003c\/p\u003e \u003cp\u003eExercises 336\u003c\/p\u003e \u003cp\u003eAppendix Sample Names and Corresponding SHA1 Hashes 341\u003c\/p\u003e \u003cp\u003eIndex 343\u003c\/p\u003e \u003cb\u003eBruce Dang\u003c\/b\u003e is a senior security development engineering lead at Microsoft focusing on Windows kernel and reverse engineering. \u003cp\u003e\u003cb\u003eAlexandre Gazet\u003c\/b\u003e is a senior security researcher at QuarksLab focusing on reverse engineering and software protection.\u003c\/p\u003e \u003cp\u003e\u003cb\u003eElias Bachaalany\u003c\/b\u003e is a software security engineer at Microsoft.\u003c\/p\u003e  \u003cp\u003e\u003cb\u003eLEARN THE SCIENCE AND CRAFT OF REVERSE ENGINEERING TO FIGHT HACKERS AND ROOTKITS\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eCriminals increasingly are using malicious software (exploits, viruses, rootkits, etc.) for fraud, denial-of-service, intrusions, and espionage operations. Reverse engineering is the only method to thoroughly dissect and understand such software. So it is no surprise that reverse engineering is one of the most important subjects in information security. Unfortunately, it is often perceived as a mysterious and complex black art. Although reverse engineering is a difficult subject, the authors believe there is a scientific approach to it. \u003ci\u003ePractical Reverse Engineering\u003c\/i\u003e aims to demystify the art and systematize the reverse-engineering process for students and professionals.\u003c\/p\u003e \u003cul\u003e \u003cli\u003eDiscover a unique, systematic approach to reverse engineering that incorporates hands-on analysis with real-world malware\u003c\/li\u003e \u003cli\u003eFind detailed coverage of the three most popular processor architectures: x86, x64, and ARM\u003c\/li\u003e \u003cli\u003eUse this concise, structured treatment of the Windows kernel and kernel-mode drivers, featuring walk-throughs and exercises with real-world rootkits\u003c\/li\u003e \u003cli\u003eLearn sophisticated code-obfuscation techniques, such as those used in virtual machine protections, and how to deobfuscate them using program-analysis techniques\u003c\/li\u003e \u003cli\u003eDiscover advanced debugging techniques to automate and streamline the reverse-engineering process\u003c\/li\u003e \u003cli\u003eApply newly learned concepts with complete walk-throughs and exercises using real-world malware\u003c\/li\u003e \u003c\/ul\u003e","brand":"Wiley","offers":[{"title":"Default Title","offer_id":47989835825381,"sku":"NP9781118787311","price":55.0,"currency_code":"USD","in_stock":false}],"thumbnail_url":"\/\/cdn.shopify.com\/s\/files\/1\/1842\/7735\/files\/9781118787311.jpg?v=1761785626","url":"https:\/\/k12savings.com\/es\/products\/practical-reverse-engineering-isbn-9781118787311","provider":"K12savings","version":"1.0","type":"link"}