Book Image

Mastering Reverse Engineering

By : Reginald Wong
Book Image

Mastering Reverse Engineering

By: Reginald Wong

Overview of this book

If you want to analyze software in order to exploit its weaknesses and strengthen its defenses, then you should explore reverse engineering. Reverse Engineering is a hackerfriendly tool used to expose security flaws and questionable privacy practices.In this book, you will learn how to analyse software even without having access to its source code or design documents. You will start off by learning the low-level language used to communicate with the computer and then move on to covering reverse engineering techniques. Next, you will explore analysis techniques using real-world tools such as IDA Pro and x86dbg. As you progress through the chapters, you will walk through use cases encountered in reverse engineering, such as encryption and compression, used to obfuscate code, and how to to identify and overcome anti-debugging and anti-analysis tricks. Lastly, you will learn how to analyse other types of files that contain code. By the end of this book, you will have the confidence to perform reverse engineering.

Related Content you might be interested in

Current Title:

Small book image
Mastering Reverse Engineering
Reginald Wong
Oct, 2018 | 436 pages
Small book image
Mastering Assembly Programming
Alexey Lyashko
Sep, 2017 | 290 pages
Small book image
Mastering Malware Analysis
Alexey Kleymenov | Amr Thabet
Sep, 2022 | 572 pages
Small book image
Learning Malware Analysis
Monnappa K A
Jun, 2018 | 510 pages
Table of Contents (20 chapters)
Title Page
Title Page
Copyright and Credits
Copyright and Credits
Packt Upsell
Packt Upsell
Contributors
Contributors
Preface
Preface
Free Chapter
1
Preparing to Reverse
Preparing to Reverse
Reverse engineering
Technical requirements
Reverse engineering as a process
Tools
Malware handling
Basic analysis lab setup
Samples
Summary
2
Identification and Extraction of Hidden Components
Identification and Extraction of Hidden Components
Technical requirements
The operating system environment
Typical malware behavior
Tools
Summary
Further reading
3
The Low-Level Language
The Low-Level Language
Technical requirements
Binary numbers
x86
Basic instructions
Tools – builder and debugger
Hello World
After Hello
Summary
Further reading
4
Static and Dynamic Reversing
Static and Dynamic Reversing
Assessment and static analysis
Dynamic analysis
Try it yourself
Summary
References
5
Tools of the Trade
Tools of the Trade
Analysis environments
Information gathering tools
Disassemblers
Debuggers
Decompilers
Network tools
Editing tools
Attack tools
Automation tools
Software forensic tools
Automated dynamic analysis
Online service sites
Summary
6
RE in Linux Platforms
RE in Linux Platforms
Setup
Linux executable – hello world
Network traffic analysis
Summary
Further reading
7
RE for Windows Platforms
RE for Windows Platforms
Technical requirements
Hello World
What is the password?
Summary
Further reading
8
Sandboxing - Virtualization as a Component for RE
Sandboxing - Virtualization as a Component for RE
Emulation
Analysis in unfamiliar environments
Summary
Further Reading
9
Binary Obfuscation Techniques
Binary Obfuscation Techniques
Data assembly on the stack
Encrypted data identification
Assembly of data in other memory regions
Decrypting with x86dbg
Other obfuscation techniques
Summary
10
Packing and Encryption
Packing and Encryption
A quick review on how native executables are loaded by the OS
Packers, crypters, obfuscators, protectors and SFX
Unpacking
Dumping processes from memory
How about an executable in its unpacked state?
Other file-types
Summary
11
Anti-analysis Tricks
Anti-analysis Tricks
Anti-debugging tricks
Anti-VM tricks
Anti-emulation tricks
Anti-dumping tricks
Summary
12
Practical Reverse Engineering of a Windows Executable
Practical Reverse Engineering of a Windows Executable
Things to prepare
Initial static analysis
Debugging
Summary
Further Reading
13
Reversing Various File Types
Reversing Various File Types
Analysis of HTML scripts
MS Office macro analysis
PDF file analysis
SWF file analysis
Summary
Further reading
Other Books You May Enjoy
Other Books You May Enjoy
Leave a review - let other readers know what you think
Index
Index

Typical malware behavior

Malware is simply defined as malicious software. You'd expect bad things to happen to your system environment once malware has entered. Once typical malware enters the system, it does two basic things: installs itself and does its evil work. With the intent of forcing itself to be installed in the system malware does not need to notify the user at all. Instead, it directly makes changes to the system.  

 

Persistence

One of the changes malware makes in the system is to make itself resident.  Malware persistence means that the malware will still be running in background and, as much as possible, all the time. For example, malware gets executed after every boot-up of the system, or malware gets executed at a certain time of the day. The most common way for malware to achieve persistence is to drop a copy of itself in some folder in the system and make an entry in the registry.

The following view of the registry editor shows a registry entry by the GlobeImposter ransomware...

Previous Section
End of Section 4
Next Section