Book Image

Binary Analysis Cookbook

By : Michael Born
Book Image

Binary Analysis Cookbook

By: Michael Born

Overview of this book

Binary analysis is the process of examining a binary program to determine information security actions. It is a complex, constantly evolving, and challenging topic that crosses over into several domains of information technology and security. This binary analysis book is designed to help you get started with the basics, before gradually advancing to challenging topics. Using a recipe-based approach, this book guides you through building a lab of virtual machines and installing tools to analyze binaries effectively. You'll begin by learning about the IA32 and ELF32 as well as IA64 and ELF64 specifications. The book will then guide you in developing a methodology and exploring a variety of tools for Linux binary analysis. As you advance, you'll learn how to analyze malicious 32-bit and 64-bit binaries and identify vulnerabilities. You'll even examine obfuscation and anti-analysis techniques, analyze polymorphed malicious binaries, and get a high-level overview of dynamic taint analysis and binary instrumentation concepts. By the end of the book, you'll have gained comprehensive insights into binary analysis concepts and have developed the foundational skills to confidently delve into the realm of binary analysis.
Table of Contents (12 chapters)

Setting Up the Lab

Learning how to analyze ELF binaries is by no means a simple topic to digest. Like most subjects within the world of information security, it helps to have the correct tools at the ready in order to streamline the process for any undertaking. So, before we just dive into dissecting and analyzing ELF binaries on Linux, we need to make sure we have the appropriate environment set up to do so. This means we'll need to set up the operating systems and associated tools we will use throughout this book. Since the focus of this book is on Linux and its available tools, we will make sure to only use tools that are open source or that are available natively. I could have easily skipped this chapter entirely; however, I believe it's important for you, the reader, to understand how and where to acquire the tools that will be used throughout the examples that are presented within each chapter. For the sake of simplicity, we will use Ubuntu 16.04 LTS extensively throughout this book, partly due to the fact it is still supported, but also because it is the last LTS build of Ubuntu that makes both a 32-bit and 64-bit version available for both the Desktop and Server versions.

If you're more familiar with CentOS, you are free to use that distribution if you prefer, but the examples in this book will solely use Ubuntu 16.04, and it is your responsibility to adjust the examples as necessary for CentOS. For the most part, the only examples you'll need to adjust are the recipes for installing the tools because CentOS uses a different package manager than Ubuntu. Finally, if you are well-versed in setting up VirtualBox and virtual machines, I designed this chapter so you could skip ahead to the tools installation section once you've installed VirtualBox and the Ubuntu 16.04 LTS Desktop 32-bit and 64-bit virtual machines.

In this chapter, we will cover the following recipes:

  • Installing VirtualBox on Windows
  • Installing VirtualBox on Mac
  • Installing VirtualBox on Ubuntu
  • Installing a 32-bit Ubuntu 16.04 LTS Desktop virtual machine
  • Installing a 64-bit Ubuntu 16.04 LTS Desktop virtual machine
  • Installing the dependencies and the tools
  • Installing the code examples
  • Installing the EDB debugger
  • Taking a snapshot of the virtual machines