Book Image

Mastering Reverse Engineering

By : Reginald Wong
Book Image

Mastering Reverse Engineering

By: Reginald Wong

Overview of this book

If you want to analyze software in order to exploit its weaknesses and strengthen its defenses, then you should explore reverse engineering. Reverse Engineering is a hackerfriendly tool used to expose security flaws and questionable privacy practices.In this book, you will learn how to analyse software even without having access to its source code or design documents. You will start off by learning the low-level language used to communicate with the computer and then move on to covering reverse engineering techniques. Next, you will explore analysis techniques using real-world tools such as IDA Pro and x86dbg. As you progress through the chapters, you will walk through use cases encountered in reverse engineering, such as encryption and compression, used to obfuscate code, and how to to identify and overcome anti-debugging and anti-analysis tricks. Lastly, you will learn how to analyse other types of files that contain code. By the end of this book, you will have the confidence to perform reverse engineering.

Related Content you might be interested in

Current Title:

Small book image
Mastering Reverse Engineering
Reginald Wong
Oct, 2018 | 436 pages
Small book image
Mastering Assembly Programming
Alexey Lyashko
Sep, 2017 | 290 pages
Small book image
Mastering Malware Analysis
Alexey Kleymenov | Amr Thabet
Sep, 2022 | 572 pages
Small book image
Learning Malware Analysis
Monnappa K A
Jun, 2018 | 510 pages
Table of Contents (20 chapters)
Title Page
Title Page
Copyright and Credits
Copyright and Credits
Packt Upsell
Packt Upsell
Contributors
Contributors
Preface
Preface
Free Chapter
1
Preparing to Reverse
Preparing to Reverse
Reverse engineering
Technical requirements
Reverse engineering as a process
Tools
Malware handling
Basic analysis lab setup
Samples
Summary
2
Identification and Extraction of Hidden Components
Identification and Extraction of Hidden Components
Technical requirements
The operating system environment
Typical malware behavior
Tools
Summary
Further reading
3
The Low-Level Language
The Low-Level Language
Technical requirements
Binary numbers
x86
Basic instructions
Tools – builder and debugger
Hello World
After Hello
Summary
Further reading
4
Static and Dynamic Reversing
Static and Dynamic Reversing
Assessment and static analysis
Dynamic analysis
Try it yourself
Summary
References
5
Tools of the Trade
Tools of the Trade
Analysis environments
Information gathering tools
Disassemblers
Debuggers
Decompilers
Network tools
Editing tools
Attack tools
Automation tools
Software forensic tools
Automated dynamic analysis
Online service sites
Summary
6
RE in Linux Platforms
RE in Linux Platforms
Setup
Linux executable – hello world
Network traffic analysis
Summary
Further reading
7
RE for Windows Platforms
RE for Windows Platforms
Technical requirements
Hello World
What is the password?
Summary
Further reading
8
Sandboxing - Virtualization as a Component for RE
Sandboxing - Virtualization as a Component for RE
Emulation
Analysis in unfamiliar environments
Summary
Further Reading
9
Binary Obfuscation Techniques
Binary Obfuscation Techniques
Data assembly on the stack
Encrypted data identification
Assembly of data in other memory regions
Decrypting with x86dbg
Other obfuscation techniques
Summary
10
Packing and Encryption
Packing and Encryption
A quick review on how native executables are loaded by the OS
Packers, crypters, obfuscators, protectors and SFX
Unpacking
Dumping processes from memory
How about an executable in its unpacked state?
Other file-types
Summary
11
Anti-analysis Tricks
Anti-analysis Tricks
Anti-debugging tricks
Anti-VM tricks
Anti-emulation tricks
Anti-dumping tricks
Summary
12
Practical Reverse Engineering of a Windows Executable
Practical Reverse Engineering of a Windows Executable
Things to prepare
Initial static analysis
Debugging
Summary
Further Reading
13
Reversing Various File Types
Reversing Various File Types
Analysis of HTML scripts
MS Office macro analysis
PDF file analysis
SWF file analysis
Summary
Further reading
Other Books You May Enjoy
Other Books You May Enjoy
Leave a review - let other readers know what you think
Index
Index

Summary

In the first chapter, we learned about reverse engineering and its importance when analyzing malware. To begin with our reverse engineering adventures, we have to learn the system we are analyzing. We discussed the three main areas in the Windows operating system environment: memory, disk, and the registry.  In this chapter, we aimed to find malware from a compromised Windows system by extracting suspected files. To do that, we listed common startup areas in the system that we can search into. These areas include the registry, task schedules, and startup folder.  

We learned that typical malware behaves by installing itself and runnng code that harms the system. Malware installs itself basically for persistence which results in the malware file triggering most of the time the system is online. We then listed a few behaviors as to why malware was called malicious. This malicious code consisted of anything to do with crime entailing monetary or political gain, such as ransom and backdoor...

Previous Section
End of Section 6
Next Section