{"product_id":"reversing-isbn-9780764574818","title":"Reversing","description":"Beginning with a basic primer on reverse engineering-including computer internals, operating systems, and assembly language-and then discussing the various\u003cbr\u003e applications of reverse engineering, this book provides readers with practical, in-depth techniques for software reverse engineering. The book is broken into two parts, the first deals with security-related reverse engineering and the second explores the more practical aspects of reverse engineering. In addition, the author explains how to reverse engineer a third-party software library to improve interfacing and how to reverse engineer a competitor's software to build a better product.\u003cbr\u003e * The first popular book to show how software reverse engineering can help defend against security threats, speed up development, and unlock the secrets of competitive products\u003cbr\u003e * Helps developers plug security holes by demonstrating how hackers exploit reverse engineering techniques to crack copy-protection schemes and identify software targets for viruses and other malware\u003cbr\u003e * Offers a primer on advanced reverse-engineering, delving into \"disassembly\"-code-level reverse engineering-and explaining how to decipher assembly language \u003cp\u003eForeword vii\u003c\/p\u003e \u003cp\u003eAcknowledgments xi\u003c\/p\u003e \u003cp\u003eIntroduction xxiii\u003c\/p\u003e \u003cp\u003e\u003cb\u003ePart I Reversing 101 1\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 1 Foundations 3\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eWhat Is Reverse Engineering? 3\u003c\/p\u003e \u003cp\u003eSoftware Reverse Engineering: Reversing 4\u003c\/p\u003e \u003cp\u003eReversing Applications 4\u003c\/p\u003e \u003cp\u003eSecurity-Related Reversing 5\u003c\/p\u003e \u003cp\u003eMalicious Software 5\u003c\/p\u003e \u003cp\u003eReversing Cryptographic Algorithms 6\u003c\/p\u003e \u003cp\u003eDigital Rights Management 7\u003c\/p\u003e \u003cp\u003eAuditing Program Binaries 7\u003c\/p\u003e \u003cp\u003eReversing in Software Development 8\u003c\/p\u003e \u003cp\u003eAchieving Interoperability with Proprietary Software 8\u003c\/p\u003e \u003cp\u003eDeveloping Competing Software 8\u003c\/p\u003e \u003cp\u003eEvaluating Software Quality and Robustness 9\u003c\/p\u003e \u003cp\u003eLow-Level Software 9\u003c\/p\u003e \u003cp\u003eAssembly Language 10\u003c\/p\u003e \u003cp\u003eCompilers 11\u003c\/p\u003e \u003cp\u003eVirtual Machines and Bytecodes 12\u003c\/p\u003e \u003cp\u003eOperating Systems 13\u003c\/p\u003e \u003cp\u003eThe Reversing Process 13\u003c\/p\u003e \u003cp\u003eSystem-Level Reversing 14\u003c\/p\u003e \u003cp\u003eCode-Level Reversing 14\u003c\/p\u003e \u003cp\u003eThe Tools 14\u003c\/p\u003e \u003cp\u003eSystem-Monitoring Tools 15\u003c\/p\u003e \u003cp\u003eDisassemblers 15\u003c\/p\u003e \u003cp\u003eDebuggers 15\u003c\/p\u003e \u003cp\u003eDecompilers 16\u003c\/p\u003e \u003cp\u003eIs Reversing Legal? 17\u003c\/p\u003e \u003cp\u003eInteroperability 17\u003c\/p\u003e \u003cp\u003eCompetition 18\u003c\/p\u003e \u003cp\u003eCopyright Law 19\u003c\/p\u003e \u003cp\u003eTrade Secrets and Patents 20\u003c\/p\u003e \u003cp\u003eThe Digital Millenium Copyright Act 20\u003c\/p\u003e \u003cp\u003eDMCA Cases 22\u003c\/p\u003e \u003cp\u003eLicense Agreement Considerations 23\u003c\/p\u003e \u003cp\u003eCode Samples \u0026amp; Tools 23\u003c\/p\u003e \u003cp\u003eConclusion 23\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 2 Low-Level Software 25\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eHigh-Level Perspectives 26\u003c\/p\u003e \u003cp\u003eProgram Structure 26\u003c\/p\u003e \u003cp\u003eModules 28\u003c\/p\u003e \u003cp\u003eCommon Code Constructs 28\u003c\/p\u003e \u003cp\u003eData Management 29\u003c\/p\u003e \u003cp\u003eVariables 30\u003c\/p\u003e \u003cp\u003eUser-Defined Data Structures 30\u003c\/p\u003e \u003cp\u003eLists 31\u003c\/p\u003e \u003cp\u003eControl Flow 32\u003c\/p\u003e \u003cp\u003eHigh-Level Languages 33\u003c\/p\u003e \u003cp\u003eC 34\u003c\/p\u003e \u003cp\u003eC++ 35\u003c\/p\u003e \u003cp\u003eJava 36\u003c\/p\u003e \u003cp\u003eC# 36\u003c\/p\u003e \u003cp\u003eLow-Level Perspectives 37\u003c\/p\u003e \u003cp\u003eLow-Level Data Management 37\u003c\/p\u003e \u003cp\u003eRegisters 39\u003c\/p\u003e \u003cp\u003eThe Stack 40\u003c\/p\u003e \u003cp\u003eHeaps 42\u003c\/p\u003e \u003cp\u003eExecutable Data Sections 43\u003c\/p\u003e \u003cp\u003eControl Flow 43\u003c\/p\u003e \u003cp\u003eAssembly Language 101 44\u003c\/p\u003e \u003cp\u003eRegisters 44\u003c\/p\u003e \u003cp\u003eFlags 46\u003c\/p\u003e \u003cp\u003eInstruction Format 47\u003c\/p\u003e \u003cp\u003eBasic Instructions 48\u003c\/p\u003e \u003cp\u003eMoving Data 49\u003c\/p\u003e \u003cp\u003eArithmetic 49\u003c\/p\u003e \u003cp\u003eComparing Operands 50\u003c\/p\u003e \u003cp\u003eConditional Branches 51\u003c\/p\u003e \u003cp\u003eFunction Calls 51\u003c\/p\u003e \u003cp\u003eExamples 52\u003c\/p\u003e \u003cp\u003eA Primer on Compilers and Compilation 53\u003c\/p\u003e \u003cp\u003eDefining a Compiler 54\u003c\/p\u003e \u003cp\u003eCompiler Architecture 55\u003c\/p\u003e \u003cp\u003eFront End 55\u003c\/p\u003e \u003cp\u003eIntermediate Representations 55\u003c\/p\u003e \u003cp\u003eOptimizer 56\u003c\/p\u003e \u003cp\u003eBack End 57\u003c\/p\u003e \u003cp\u003eListing Files 58\u003c\/p\u003e \u003cp\u003eSpecific Compilers 59\u003c\/p\u003e \u003cp\u003eExecution Environments 60\u003c\/p\u003e \u003cp\u003eSoftware Execution Environments (Virtual Machines) 60\u003c\/p\u003e \u003cp\u003eBytecodes 61\u003c\/p\u003e \u003cp\u003eInterpreters 61\u003c\/p\u003e \u003cp\u003eJust-in-Time Compilers 62\u003c\/p\u003e \u003cp\u003eReversing Strategies 62\u003c\/p\u003e \u003cp\u003eHardware Execution Environments in Modern Processors 63\u003c\/p\u003e \u003cp\u003eIntel NetBurst 65\u003c\/p\u003e \u003cp\u003eµops (Micro-Ops) 65\u003c\/p\u003e \u003cp\u003ePipelines 65\u003c\/p\u003e \u003cp\u003eBranch Prediction 67\u003c\/p\u003e \u003cp\u003eConclusion 68\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 3 Windows Fundamentals 69\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eComponents and Basic Architecture 70\u003c\/p\u003e \u003cp\u003eBrief History 70\u003c\/p\u003e \u003cp\u003eFeatures 70\u003c\/p\u003e \u003cp\u003eSupported Hardware 71\u003c\/p\u003e \u003cp\u003eMemory Management 71\u003c\/p\u003e \u003cp\u003eVirtual Memory and Paging 72\u003c\/p\u003e \u003cp\u003ePaging 73\u003c\/p\u003e \u003cp\u003ePage Faults 73\u003c\/p\u003e \u003cp\u003eWorking Sets 74\u003c\/p\u003e \u003cp\u003eKernel Memory and User Memory 74\u003c\/p\u003e \u003cp\u003eThe Kernel Memory Space 75\u003c\/p\u003e \u003cp\u003eSection Objects 77\u003c\/p\u003e \u003cp\u003eVAD Trees 78\u003c\/p\u003e \u003cp\u003eUser-Mode Allocations 78\u003c\/p\u003e \u003cp\u003eMemory Management APIs 79\u003c\/p\u003e \u003cp\u003eObjects and Handles 80\u003c\/p\u003e \u003cp\u003eNamed objects 81\u003c\/p\u003e \u003cp\u003eProcesses and Threads 83\u003c\/p\u003e \u003cp\u003eProcesses 84\u003c\/p\u003e \u003cp\u003eThreads 84\u003c\/p\u003e \u003cp\u003eContext Switching 85\u003c\/p\u003e \u003cp\u003eSynchronization Objects 86\u003c\/p\u003e \u003cp\u003eProcess Initialization Sequence 87\u003c\/p\u003e \u003cp\u003eApplication Programming Interfaces 88\u003c\/p\u003e \u003cp\u003eThe Win32 API 88\u003c\/p\u003e \u003cp\u003eThe Native API 90\u003c\/p\u003e \u003cp\u003eSystem Calling Mechanism 91\u003c\/p\u003e \u003cp\u003eExecutable Formats 93\u003c\/p\u003e \u003cp\u003eBasic Concepts 93\u003c\/p\u003e \u003cp\u003eImage Sections 95\u003c\/p\u003e \u003cp\u003eSection Alignment 95\u003c\/p\u003e \u003cp\u003eDynamically Linked Libraries 96\u003c\/p\u003e \u003cp\u003eHeaders 97\u003c\/p\u003e \u003cp\u003eImports and Exports 99\u003c\/p\u003e \u003cp\u003eDirectories 99\u003c\/p\u003e \u003cp\u003eInput and Output 103\u003c\/p\u003e \u003cp\u003eThe I\/O System 103\u003c\/p\u003e \u003cp\u003eThe Win32 Subsystem 104\u003c\/p\u003e \u003cp\u003eObject Management 105\u003c\/p\u003e \u003cp\u003eStructured Exception Handling 105\u003c\/p\u003e \u003cp\u003eConclusion 107\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 4 Reversing Tools 109\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eDifferent Reversing Approaches 110\u003c\/p\u003e \u003cp\u003eOffline Code Analysis (Dead-Listing) 110\u003c\/p\u003e \u003cp\u003eLive Code Analysis 110\u003c\/p\u003e \u003cp\u003eDisassemblers 110\u003c\/p\u003e \u003cp\u003eIDA Pro 112\u003c\/p\u003e \u003cp\u003eILDasm 115\u003c\/p\u003e \u003cp\u003eDebuggers 116\u003c\/p\u003e \u003cp\u003eUser-Mode Debuggers 118\u003c\/p\u003e \u003cp\u003eOllyDbg 118\u003c\/p\u003e \u003cp\u003eUser Debugging in WinDbg 119\u003c\/p\u003e \u003cp\u003eIDA Pro 121\u003c\/p\u003e \u003cp\u003ePEBrowse Professional Interactive 122\u003c\/p\u003e \u003cp\u003eKernel-Mode Debuggers 122\u003c\/p\u003e \u003cp\u003eKernel Debugging in WinDbg 123\u003c\/p\u003e \u003cp\u003eNumega SoftICE 124\u003c\/p\u003e \u003cp\u003eKernel Debugging on Virtual Machines 127\u003c\/p\u003e \u003cp\u003eDecompilers 129\u003c\/p\u003e \u003cp\u003eSystem-Monitoring Tools 129\u003c\/p\u003e \u003cp\u003ePatching Tools 131\u003c\/p\u003e \u003cp\u003eHex Workshop 131\u003c\/p\u003e \u003cp\u003eMiscellaneous Reversing Tools 133\u003c\/p\u003e \u003cp\u003eExecutable-Dumping Tools 133\u003c\/p\u003e \u003cp\u003eDUMPBIN 133\u003c\/p\u003e \u003cp\u003ePEView 137\u003c\/p\u003e \u003cp\u003ePEBrowse Professional 137\u003c\/p\u003e \u003cp\u003eConclusion 138\u003c\/p\u003e \u003cp\u003e\u003cb\u003ePart II Applied Reversing 139\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 5 Beyond the Documentation 141\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eReversing and Interoperability 142\u003c\/p\u003e \u003cp\u003eLaying the Ground Rules 142\u003c\/p\u003e \u003cp\u003eLocating Undocumented APIs 143\u003c\/p\u003e \u003cp\u003eWhat Are We Looking For? 144\u003c\/p\u003e \u003cp\u003eCase Study: The Generic Table API in NTDLL.DLL 145\u003c\/p\u003e \u003cp\u003eRtlInitializeGenericTable 146\u003c\/p\u003e \u003cp\u003eRtlNumberGenericTableElements 151\u003c\/p\u003e \u003cp\u003eRtlIsGenericTableEmpty 152\u003c\/p\u003e \u003cp\u003eRtlGetElementGenericTable 153\u003c\/p\u003e \u003cp\u003eSetup and Initialization 155\u003c\/p\u003e \u003cp\u003eLogic and Structure 159\u003c\/p\u003e \u003cp\u003eSearch Loop 1 161\u003c\/p\u003e \u003cp\u003eSearch Loop 2 163\u003c\/p\u003e \u003cp\u003eSearch Loop 3 164\u003c\/p\u003e \u003cp\u003eSearch Loop 4 165\u003c\/p\u003e \u003cp\u003eReconstructing the Source Code 165\u003c\/p\u003e \u003cp\u003eRtlInsertElementGenericTable 168\u003c\/p\u003e \u003cp\u003eRtlLocateNodeGenericTable 170\u003c\/p\u003e \u003cp\u003eRtlRealInsertElementWorker 178\u003c\/p\u003e \u003cp\u003eSplay Trees 187\u003c\/p\u003e \u003cp\u003eRtlLookupElementGenericTable 188\u003c\/p\u003e \u003cp\u003eRtlDeleteElementGenericTable 193\u003c\/p\u003e \u003cp\u003ePutting the Pieces Together 194\u003c\/p\u003e \u003cp\u003eConclusion 196\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 6 Deciphering File Formats 199\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eCryptex 200\u003c\/p\u003e \u003cp\u003eUsing Cryptex 201\u003c\/p\u003e \u003cp\u003eReversing Cryptex 202\u003c\/p\u003e \u003cp\u003eThe Password Verification Process 207\u003c\/p\u003e \u003cp\u003eCatching the “Bad Password” Message 207\u003c\/p\u003e \u003cp\u003eThe Password Transformation Algorithm 210\u003c\/p\u003e \u003cp\u003eHashing the Password 213\u003c\/p\u003e \u003cp\u003eThe Directory Layout 218\u003c\/p\u003e \u003cp\u003eAnalyzing the Directory Processing Code 218\u003c\/p\u003e \u003cp\u003eAnalyzing a File Entry 223\u003c\/p\u003e \u003cp\u003eDumping the Directory Layout 227\u003c\/p\u003e \u003cp\u003eThe File Extraction Process 228\u003c\/p\u003e \u003cp\u003eScanning the File List 234\u003c\/p\u003e \u003cp\u003eDecrypting the File 235\u003c\/p\u003e \u003cp\u003eThe Floating-Point Sequence 236\u003c\/p\u003e \u003cp\u003eThe Decryption Loop 238\u003c\/p\u003e \u003cp\u003eVerifying the Hash Value 239\u003c\/p\u003e \u003cp\u003eThe Big Picture 239\u003c\/p\u003e \u003cp\u003eDigging Deeper 241\u003c\/p\u003e \u003cp\u003eConclusion 242\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 7 Auditing Program Binaries 243\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eDefining the Problem 243\u003c\/p\u003e \u003cp\u003eVulnerabilities 245\u003c\/p\u003e \u003cp\u003eStack Overflows 245\u003c\/p\u003e \u003cp\u003eA Simple Stack Vulnerability 247\u003c\/p\u003e \u003cp\u003eIntrinsic Implementations 249\u003c\/p\u003e \u003cp\u003eStack Checking 250\u003c\/p\u003e \u003cp\u003eNonexecutable Memory 254\u003c\/p\u003e \u003cp\u003eHeap Overflows 255\u003c\/p\u003e \u003cp\u003eString Filters 256\u003c\/p\u003e \u003cp\u003eInteger Overflows 256\u003c\/p\u003e \u003cp\u003eArithmetic Operations on User-Supplied Integers 258\u003c\/p\u003e \u003cp\u003eType Conversion Errors 260\u003c\/p\u003e \u003cp\u003eCase-Study: The IIS Indexing Service Vulnerability 262\u003c\/p\u003e \u003cp\u003eCVariableSet::AddExtensionControlBlock 263\u003c\/p\u003e \u003cp\u003eDecodeURLEscapes 267\u003c\/p\u003e \u003cp\u003eConclusion 271\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 8 Reversing Malware 273\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eTypes of Malware 274\u003c\/p\u003e \u003cp\u003eViruses 274\u003c\/p\u003e \u003cp\u003eWorms 274\u003c\/p\u003e \u003cp\u003eTrojan Horses 275\u003c\/p\u003e \u003cp\u003eBackdoors 276\u003c\/p\u003e \u003cp\u003eMobile Code 276\u003c\/p\u003e \u003cp\u003eAdware\/Spyware 276\u003c\/p\u003e \u003cp\u003eSticky Software 277\u003c\/p\u003e \u003cp\u003eFuture Malware 278\u003c\/p\u003e \u003cp\u003eInformation-Stealing Worms 278\u003c\/p\u003e \u003cp\u003eBIOS\/Firmware Malware 279\u003c\/p\u003e \u003cp\u003eUses of Malware 280\u003c\/p\u003e \u003cp\u003eMalware Vulnerability 281\u003c\/p\u003e \u003cp\u003ePolymorphism 282\u003c\/p\u003e \u003cp\u003eMetamorphism 283\u003c\/p\u003e \u003cp\u003eEstablishing a Secure Environment 285\u003c\/p\u003e \u003cp\u003eThe Backdoor.Hacarmy.D 285\u003c\/p\u003e \u003cp\u003eUnpacking the Executable 286\u003c\/p\u003e \u003cp\u003eInitial Impressions 290\u003c\/p\u003e \u003cp\u003eThe Initial Installation 291\u003c\/p\u003e \u003cp\u003eInitializing Communications 294\u003c\/p\u003e \u003cp\u003eConnecting to the Server 296\u003c\/p\u003e \u003cp\u003eJoining the Channel 298\u003c\/p\u003e \u003cp\u003eCommunicating with the Backdoor 299\u003c\/p\u003e \u003cp\u003eRunning SOCKS4 Servers 303\u003c\/p\u003e \u003cp\u003eClearing the Crime Scene 303\u003c\/p\u003e \u003cp\u003eThe Backdoor.Hacarmy.D: A Command Reference 304\u003c\/p\u003e \u003cp\u003eConclusion 306\u003c\/p\u003e \u003cp\u003e\u003cb\u003ePart III Cracking 307\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 9 Piracy and Copy Protection 309\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eCopyrights in the New World 309\u003c\/p\u003e \u003cp\u003eThe Social Aspect 310\u003c\/p\u003e \u003cp\u003eSoftware Piracy 310\u003c\/p\u003e \u003cp\u003eDefining the Problem 311\u003c\/p\u003e \u003cp\u003eClass Breaks 312\u003c\/p\u003e \u003cp\u003eRequirements 313\u003c\/p\u003e \u003cp\u003eThe Theoretically Uncrackable Model 314\u003c\/p\u003e \u003cp\u003eTypes of Protection 314\u003c\/p\u003e \u003cp\u003eMedia-Based Protections 314\u003c\/p\u003e \u003cp\u003eSerial Numbers 315\u003c\/p\u003e \u003cp\u003eChallenge Response and Online Activations 315\u003c\/p\u003e \u003cp\u003eHardware-Based Protections 316\u003c\/p\u003e \u003cp\u003eSoftware as a Service 317\u003c\/p\u003e \u003cp\u003eAdvanced Protection Concepts 318\u003c\/p\u003e \u003cp\u003eCrypto-Processors 318\u003c\/p\u003e \u003cp\u003eDigital Rights Management 319\u003c\/p\u003e \u003cp\u003eDRM Models 320\u003c\/p\u003e \u003cp\u003eThe Windows Media Rights Manager 321\u003c\/p\u003e \u003cp\u003eSecure Audio Path 321\u003c\/p\u003e \u003cp\u003eWatermarking 321\u003c\/p\u003e \u003cp\u003eTrusted Computing 322\u003c\/p\u003e \u003cp\u003eAttacking Copy Protection Technologies 324\u003c\/p\u003e \u003cp\u003eConclusion 324\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 10 Antireversing Techniques 327\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eWhy Antireversing? 327\u003c\/p\u003e \u003cp\u003eBasic Approaches to Antireversing 328\u003c\/p\u003e \u003cp\u003eEliminating Symbolic Information 329\u003c\/p\u003e \u003cp\u003eCode Encryption 330\u003c\/p\u003e \u003cp\u003eActive Antidebugger Techniques 331\u003c\/p\u003e \u003cp\u003eDebugger Basics 331\u003c\/p\u003e \u003cp\u003eThe IsDebuggerPresent API 332\u003c\/p\u003e \u003cp\u003eSystemKernelDebuggerInformation 333\u003c\/p\u003e \u003cp\u003eDetecting SoftICE Using the Single-Step Interrupt 334\u003c\/p\u003e \u003cp\u003eThe Trap Flag 335\u003c\/p\u003e \u003cp\u003eCode Checksums 335\u003c\/p\u003e \u003cp\u003eConfusing Disassemblers 336\u003c\/p\u003e \u003cp\u003eLinear Sweep Disassemblers 337\u003c\/p\u003e \u003cp\u003eRecursive Traversal Disassemblers 338\u003c\/p\u003e \u003cp\u003eApplications 343\u003c\/p\u003e \u003cp\u003eCode Obfuscation 344\u003c\/p\u003e \u003cp\u003eControl Flow Transformations 346\u003c\/p\u003e \u003cp\u003eOpaque Predicates 346\u003c\/p\u003e \u003cp\u003eConfusing Decompilers 348\u003c\/p\u003e \u003cp\u003eTable Interpretation 348\u003c\/p\u003e \u003cp\u003eInlining and Outlining 353\u003c\/p\u003e \u003cp\u003eInterleaving Code 354\u003c\/p\u003e \u003cp\u003eOrdering Transformations 355\u003c\/p\u003e \u003cp\u003eData Transformations 355\u003c\/p\u003e \u003cp\u003eModifying Variable Encoding 355\u003c\/p\u003e \u003cp\u003eRestructuring Arrays 356\u003c\/p\u003e \u003cp\u003eConclusion 356\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 11 Breaking Protections 357\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003ePatching 358\u003c\/p\u003e \u003cp\u003eKeygenning 364\u003c\/p\u003e \u003cp\u003eRipping Key-Generation Algorithms 365\u003c\/p\u003e \u003cp\u003eAdvanced Cracking: Defender 370\u003c\/p\u003e \u003cp\u003eReversing Defender’s Initialization Routine 377\u003c\/p\u003e \u003cp\u003eAnalyzing the Decrypted Code 387\u003c\/p\u003e \u003cp\u003eSoftICE’s Disappearance 396\u003c\/p\u003e \u003cp\u003eReversing the Secondary Thread 396\u003c\/p\u003e \u003cp\u003eDefeating the “Killer” Thread 399\u003c\/p\u003e \u003cp\u003eLoading KERNEL32.DLL 400\u003c\/p\u003e \u003cp\u003eReencrypting the Function 401\u003c\/p\u003e \u003cp\u003eBack at the Entry Point 402\u003c\/p\u003e \u003cp\u003eParsing the Program Parameters 404\u003c\/p\u003e \u003cp\u003eProcessing the Username 406\u003c\/p\u003e \u003cp\u003eValidating User Information 407\u003c\/p\u003e \u003cp\u003eUnlocking the Code 409\u003c\/p\u003e \u003cp\u003eBrute-Forcing Your Way through Defender 409\u003c\/p\u003e \u003cp\u003eProtection Technologies in Defender 415\u003c\/p\u003e \u003cp\u003eLocalized Function-Level Encryption 415\u003c\/p\u003e \u003cp\u003eRelatively Strong Cipher Block Chaining 415\u003c\/p\u003e \u003cp\u003eReencrypting 416\u003c\/p\u003e \u003cp\u003eObfuscated Application\/Operating System Interface 416\u003c\/p\u003e \u003cp\u003eProcessor Time-Stamp Verification Thread 417\u003c\/p\u003e \u003cp\u003eRuntime Generation of Decryption Keys 418\u003c\/p\u003e \u003cp\u003eInterdependent Keys 418\u003c\/p\u003e \u003cp\u003eUser-Input-Based Decryption Keys 419\u003c\/p\u003e \u003cp\u003eHeavy Inlining 419\u003c\/p\u003e \u003cp\u003eConclusion 419\u003c\/p\u003e \u003cp\u003e\u003cb\u003ePart IV Beyond Disassembly 421\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 12 Reversing .NET 423\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eGround Rules 424\u003c\/p\u003e \u003cp\u003e.NET Basics 426\u003c\/p\u003e \u003cp\u003eManaged Code 426\u003c\/p\u003e \u003cp\u003e.NET Programming Languages 428\u003c\/p\u003e \u003cp\u003eCommon Type System (CTS) 428\u003c\/p\u003e \u003cp\u003eIntermediate Language (IL) 429\u003c\/p\u003e \u003cp\u003eThe Evaluation Stack 430\u003c\/p\u003e \u003cp\u003eActivation Records 430\u003c\/p\u003e \u003cp\u003eIL Instructions 430\u003c\/p\u003e \u003cp\u003eIL Code Samples 433\u003c\/p\u003e \u003cp\u003eCounting Items 433\u003c\/p\u003e \u003cp\u003eA Linked List Sample 436\u003c\/p\u003e \u003cp\u003eDecompilers 443\u003c\/p\u003e \u003cp\u003eObfuscators 444\u003c\/p\u003e \u003cp\u003eRenaming Symbols 444\u003c\/p\u003e \u003cp\u003eControl Flow Obfuscation 444\u003c\/p\u003e \u003cp\u003eBreaking Decompilation and Disassembly 444\u003c\/p\u003e \u003cp\u003eReversing Obfuscated Code 445\u003c\/p\u003e \u003cp\u003eXenoCode Obfuscator 446\u003c\/p\u003e \u003cp\u003eDotFuscator by Preemptive Solutions 448\u003c\/p\u003e \u003cp\u003eRemotesoft Obfuscator and Linker 451\u003c\/p\u003e \u003cp\u003eRemotesoft Protector 452\u003c\/p\u003e \u003cp\u003ePrecompiled Assemblies 453\u003c\/p\u003e \u003cp\u003eEncrypted Assemblies 453\u003c\/p\u003e \u003cp\u003eConclusion 455\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 13 Decompilation 457\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eNative Code Decompilation: An Unsolvable Problem? 457\u003c\/p\u003e \u003cp\u003eTypical Decompiler Architecture 459\u003c\/p\u003e \u003cp\u003eIntermediate Representations 459\u003c\/p\u003e \u003cp\u003eExpressions and Expression Trees 461\u003c\/p\u003e \u003cp\u003eControl Flow Graphs 462\u003c\/p\u003e \u003cp\u003eThe Front End 463\u003c\/p\u003e \u003cp\u003eSemantic Analysis 463\u003c\/p\u003e \u003cp\u003eGenerating Control Flow Graphs 464\u003c\/p\u003e \u003cp\u003eCode Analysis 466\u003c\/p\u003e \u003cp\u003eData-Flow Analysis 466\u003c\/p\u003e \u003cp\u003eSingle Static Assignment (SSA) 467\u003c\/p\u003e \u003cp\u003eData Propagation 468\u003c\/p\u003e \u003cp\u003eRegister Variable Identification 470\u003c\/p\u003e \u003cp\u003eData Type Propagation 471\u003c\/p\u003e \u003cp\u003eType Analysis 472\u003c\/p\u003e \u003cp\u003ePrimitive Data Types 472\u003c\/p\u003e \u003cp\u003eComplex Data Types 473\u003c\/p\u003e \u003cp\u003eControl Flow Analysis 475\u003c\/p\u003e \u003cp\u003eFinding Library Functions 475\u003c\/p\u003e \u003cp\u003eThe Back End 476\u003c\/p\u003e \u003cp\u003eReal-World IA-32 Decompilation 477\u003c\/p\u003e \u003cp\u003eConclusion 477\u003c\/p\u003e \u003cp\u003eAppendix A Deciphering Code Structures 479\u003c\/p\u003e \u003cp\u003eAppendix B Understanding Compiled Arithmetic 519\u003c\/p\u003e \u003cp\u003eAppendix C Deciphering Program Data 537\u003c\/p\u003e \u003cp\u003eAppendix D Citations 561\u003c\/p\u003e \u003cp\u003eIndex 567\u003c\/p\u003e   \u003cp\u003e\u003cb\u003eEldad Eilam\u003c\/b\u003e is a consultant in the field of reverse engineering. He assists clients with operating system and in-depth software reverse engineering, and has devoted several years to developing advanced reverse engineering techniques.     \u003c\/p\u003e\u003cp\u003e\u003cb\u003eSometimes, the best way to advance\u003c\/b\u003e\u003ci\u003e is in reverse\u003c\/i\u003e \u003c\/p\u003e\u003cp\u003eIf you want to know how something works, you take it apart very carefully. That's exactly what this book shows you—how to deconstruct software in a way that reveals design and implementation details, sometimes even source code. Why? Because reversing reveals weak spots, so you can target your security efforts. Because you can reverse- engineer malicious code in order to neutralize it. Because understanding what makes a program work lets you build a better one. You'll learn how here. \u003c\/p\u003e\u003cul\u003e \u003cli\u003e\u003cb\u003eLearn to read compiler-generated assembly language code for IA-32 compatible processors\u003c\/b\u003e\u003c\/li\u003e \u003cli\u003e\u003cb\u003eDecipher an undocumented file format or network protocol\u003c\/b\u003e\u003c\/li\u003e \u003cli\u003e\u003cb\u003eUnderstand when reverse engineering is legal, and when —and why—it may not be\u003c\/b\u003e\u003c\/li\u003e \u003cli\u003e\u003cb\u003eSee how hackers use reversing to defeat copy protection technology\u003c\/b\u003e\u003c\/li\u003e \u003cli\u003e\u003cb\u003eFind out how to pull the plug on malicious code\u003c\/b\u003e\u003c\/li\u003e \u003cli\u003e\u003cb\u003eDetermine how to prevent others from reversing your code, and find out how effective such steps can be\u003c\/b\u003e\u003c\/li\u003e \u003cli\u003e\u003cb\u003eExplore reverse engineering on the .NET platform and its assembly language, MSIL\u003c\/b\u003e\u003c\/li\u003e \u003cli\u003e\u003cb\u003eObserve the dissection of a real-world malicious program and see how the attacker used it to control infected systems\u003c\/b\u003e\u003c\/li\u003e \u003c\/ul\u003e  \u003cp\u003e\u003cb\u003eCompanion Web site\u003c\/b\u003e Visit www.wiley.com\/go\/eeilam for a complete list of the sample programs in the book and links to valuable papers and products.\u003c\/p\u003e","brand":"Wiley","offers":[{"title":"Default Title","offer_id":47989959950565,"sku":"NP9780764574818","price":44.0,"currency_code":"USD","in_stock":false}],"thumbnail_url":"\/\/cdn.shopify.com\/s\/files\/1\/1842\/7735\/files\/9780764574818.jpg?v=1761786034","url":"https:\/\/k12savings.com\/es\/products\/reversing-isbn-9780764574818","provider":"K12savings","version":"1.0","type":"link"}