Book Image

Mastering Reverse Engineering

By : Reginald Wong
Book Image

Mastering Reverse Engineering

By: Reginald Wong

Overview of this book

If you want to analyze software in order to exploit its weaknesses and strengthen its defenses, then you should explore reverse engineering. Reverse Engineering is a hackerfriendly tool used to expose security flaws and questionable privacy practices.In this book, you will learn how to analyse software even without having access to its source code or design documents. You will start off by learning the low-level language used to communicate with the computer and then move on to covering reverse engineering techniques. Next, you will explore analysis techniques using real-world tools such as IDA Pro and x86dbg. As you progress through the chapters, you will walk through use cases encountered in reverse engineering, such as encryption and compression, used to obfuscate code, and how to to identify and overcome anti-debugging and anti-analysis tricks. Lastly, you will learn how to analyse other types of files that contain code. By the end of this book, you will have the confidence to perform reverse engineering.

Related Content you might be interested in

Current Title:

Small book image
Mastering Reverse Engineering
Reginald Wong
Oct, 2018 | 436 pages
Small book image
Mastering Assembly Programming
Alexey Lyashko
Sep, 2017 | 290 pages
Small book image
Mastering Malware Analysis,
Amr Thabet | Alexey Kleymenov
Sep, 2022 | 572 pages
Small book image
Learning Malware Analysis
Monnappa K A
Jun, 2018 | 510 pages
Table of Contents (20 chapters)
Title Page
Title Page
Copyright and Credits
Copyright and Credits
Packt Upsell
Packt Upsell
Contributors
Contributors
Preface
Preface
Free Chapter
1
Preparing to Reverse
Preparing to Reverse
Reverse engineering
Technical requirements
Reverse engineering as a process
Tools
Malware handling
Basic analysis lab setup
Samples
Summary
2
Identification and Extraction of Hidden Components
Identification and Extraction of Hidden Components
Technical requirements
The operating system environment
Typical malware behavior
Tools
Summary
Further reading
3
The Low-Level Language
The Low-Level Language
Technical requirements
Binary numbers
x86
Basic instructions
Tools – builder and debugger
Hello World
After Hello
Summary
Further reading
4
Static and Dynamic Reversing
Static and Dynamic Reversing
Assessment and static analysis
Dynamic analysis
Try it yourself
Summary
References
5
Tools of the Trade
Tools of the Trade
Analysis environments
Information gathering tools
Disassemblers
Debuggers
Decompilers
Network tools
Editing tools
Attack tools
Automation tools
Software forensic tools
Automated dynamic analysis
Online service sites
Summary
6
RE in Linux Platforms
RE in Linux Platforms
Setup
Linux executable – hello world
Network traffic analysis
Summary
Further reading
7
RE for Windows Platforms
RE for Windows Platforms
Technical requirements
Hello World
What is the password?
Summary
Further reading
8
Sandboxing - Virtualization as a Component for RE
Sandboxing - Virtualization as a Component for RE
Emulation
Analysis in unfamiliar environments
Summary
Further Reading
9
Binary Obfuscation Techniques
Binary Obfuscation Techniques
Data assembly on the stack
Encrypted data identification
Assembly of data in other memory regions
Decrypting with x86dbg
Other obfuscation techniques
Summary
10
Packing and Encryption
Packing and Encryption
A quick review on how native executables are loaded by the OS
Packers, crypters, obfuscators, protectors and SFX
Unpacking
Dumping processes from memory
How about an executable in its unpacked state?
Other file-types
Summary
11
Anti-analysis Tricks
Anti-analysis Tricks
Anti-debugging tricks
Anti-VM tricks
Anti-emulation tricks
Anti-dumping tricks
Summary
12
Practical Reverse Engineering of a Windows Executable
Practical Reverse Engineering of a Windows Executable
Things to prepare
Initial static analysis
Debugging
Summary
Further Reading
13
Reversing Various File Types
Reversing Various File Types
Analysis of HTML scripts
MS Office macro analysis
PDF file analysis
SWF file analysis
Summary
Further reading
Other Books You May Enjoy
Other Books You May Enjoy
Leave a review - let other readers know what you think
Index
Index

Dynamic analysis

Dynamic analysis is a type of analysis that requires live execution of the code. In static analysis, the farthest we can go is with deadlisting. If, for example, we encounter a code that decrypts or decompresses to a huge amount of data, and if we want to see the contents of the decoded data, then the fastest option would be to do dynamic analysis. We can run a debug session and let that area of code run for us. Both static analysis and dynamic analysis work hand in hand. Static analysis helps us identify points in the code where we need a deeper understanding and some actual interaction with the system. By following static analysis with dynamic analysis, we can also see actual data, such as file handles, randomly generated numbers, network socket and packet data, and API function results.

There are existing tools that can carry out an automated analysis, which runs the program in a sandbox environment. These tools either log the changes during runtime, or in between snapshots...

Previous Section
End of Section 3
Next Section