Book Image

Mastering Reverse Engineering

By : Reginald Wong
Book Image

Mastering Reverse Engineering

By: Reginald Wong

Overview of this book

If you want to analyze software in order to exploit its weaknesses and strengthen its defenses, then you should explore reverse engineering. Reverse Engineering is a hackerfriendly tool used to expose security flaws and questionable privacy practices.In this book, you will learn how to analyse software even without having access to its source code or design documents. You will start off by learning the low-level language used to communicate with the computer and then move on to covering reverse engineering techniques. Next, you will explore analysis techniques using real-world tools such as IDA Pro and x86dbg. As you progress through the chapters, you will walk through use cases encountered in reverse engineering, such as encryption and compression, used to obfuscate code, and how to to identify and overcome anti-debugging and anti-analysis tricks. Lastly, you will learn how to analyse other types of files that contain code. By the end of this book, you will have the confidence to perform reverse engineering.

Related Content you might be interested in

Current Title:

Small book image
Mastering Reverse Engineering
Reginald Wong
Oct, 2018 | 436 pages
Small book image
Mastering Assembly Programming
Alexey Lyashko
Sep, 2017 | 290 pages
Small book image
Mastering Malware Analysis
Alexey Kleymenov | Amr Thabet
Sep, 2022 | 572 pages
Small book image
Learning Malware Analysis
Monnappa K A
Jun, 2018 | 510 pages
Table of Contents (20 chapters)
Title Page
Title Page
Copyright and Credits
Copyright and Credits
Packt Upsell
Packt Upsell
Contributors
Contributors
Preface
Preface
Free Chapter
1
Preparing to Reverse
Preparing to Reverse
Reverse engineering
Technical requirements
Reverse engineering as a process
Tools
Malware handling
Basic analysis lab setup
Samples
Summary
2
Identification and Extraction of Hidden Components
Identification and Extraction of Hidden Components
Technical requirements
The operating system environment
Typical malware behavior
Tools
Summary
Further reading
3
The Low-Level Language
The Low-Level Language
Technical requirements
Binary numbers
x86
Basic instructions
Tools – builder and debugger
Hello World
After Hello
Summary
Further reading
4
Static and Dynamic Reversing
Static and Dynamic Reversing
Assessment and static analysis
Dynamic analysis
Try it yourself
Summary
References
5
Tools of the Trade
Tools of the Trade
Analysis environments
Information gathering tools
Disassemblers
Debuggers
Decompilers
Network tools
Editing tools
Attack tools
Automation tools
Software forensic tools
Automated dynamic analysis
Online service sites
Summary
6
RE in Linux Platforms
RE in Linux Platforms
Setup
Linux executable – hello world
Network traffic analysis
Summary
Further reading
7
RE for Windows Platforms
RE for Windows Platforms
Technical requirements
Hello World
What is the password?
Summary
Further reading
8
Sandboxing - Virtualization as a Component for RE
Sandboxing - Virtualization as a Component for RE
Emulation
Analysis in unfamiliar environments
Summary
Further Reading
9
Binary Obfuscation Techniques
Binary Obfuscation Techniques
Data assembly on the stack
Encrypted data identification
Assembly of data in other memory regions
Decrypting with x86dbg
Other obfuscation techniques
Summary
10
Packing and Encryption
Packing and Encryption
A quick review on how native executables are loaded by the OS
Packers, crypters, obfuscators, protectors and SFX
Unpacking
Dumping processes from memory
How about an executable in its unpacked state?
Other file-types
Summary
11
Anti-analysis Tricks
Anti-analysis Tricks
Anti-debugging tricks
Anti-VM tricks
Anti-emulation tricks
Anti-dumping tricks
Summary
12
Practical Reverse Engineering of a Windows Executable
Practical Reverse Engineering of a Windows Executable
Things to prepare
Initial static analysis
Debugging
Summary
Further Reading
13
Reversing Various File Types
Reversing Various File Types
Analysis of HTML scripts
MS Office macro analysis
PDF file analysis
SWF file analysis
Summary
Further reading
Other Books You May Enjoy
Other Books You May Enjoy
Leave a review - let other readers know what you think
Index
Index

Automated dynamic analysis

These are tools used to automatically gather information by running the program in an enclosed sandbox.

  • Cuckoo: This is a piece of Python-codedsoftwaredeployed in Debian-based operating systems. Usually, Cuckoo is installed in the hosting Ubuntu system, andsendsfiles to be analyzed in the VMWare or VirtualBox sandbox clients. Its development is community-driven, and as such, a lot of open source plugins are available for download.
  • ThreatAnalyzer: Sold commercially, ThreatAnalyzer, previously known as CWSandbox, has been popular in the anti-virus community for its ability to analyze malware and return very useful information. And because users are able to develop their own rules, ThreatAnalyzer, as a backend system, can be used to determine if a submitted file contains malicious behaviors or not.
  • Joe Sandbox: This is another commercial tool that shows meaningful information about the activities that a submitted program carries out when executed.
  • Buster Sandbox Analyzer...
Previous Section
End of Section 12
Next Section