Practical Reverse Engineering: x86, x64, ARM, Windows Kernel, Reversing Tools, and ObfuscationJohn Wiley & Sons, 2014 M02 3 - 384 pages Analyzing how hacks are done, so as to stop them in the future Reverse engineering is the process of analyzing hardware or software and understanding it, without having access to the source code or design documents. Hackers are able to reverse engineer systems and exploit what they find with scary results. Now the good guys can use the same tools to thwart these threats. Practical Reverse Engineering goes under the hood of reverse engineering for security analysts, security engineers, and system programmers, so they can learn how to use these same processes to stop hackers in their tracks. The book covers x86, x64, and ARM (the first book to cover all three); Windows kernel-mode code rootkits and drivers; virtual machine protection techniques; and much more. Best of all, it offers a systematic approach to the material, with plenty of hands-on exercises and real-world examples.
Practical Reverse Engineering: Using x86, x64, ARM, Windows Kernel, and Reversing Tools provides crucial, up-to-date guidance for a broad range of IT professionals. |
From inside the book
Results 1-5 of 37
... dword ptr [eax] ; directly increment value at address EAX Another important characteristic is that x86 uses variable ... mov ecx, AABBCCDDh mov ecx, [eax] mov ecx, eax. AT&T. movl $0xAABBCCDD, %ecx movl (%eax), %ecx movl %eax, %ecx It is ...
... MOV. The simplest usage is to move a register or immediate to register. For example: 01: BE 3F 00 0F 00 mov esi ... dword ptr [eax], 1 ; set the memory at address EAX to 1 02: 8B 08 mov ecx, [eax] ; set ECX to the value at address EAX 03 ...
... mov 1C 00 and 0C mov 10 mov 13 01 00+ mov 10 mov [ecx+10h], eax = NULL; p->DeferredRoutine = ...; *(int *)p = 0x113 ... dword ptr [ecx+0Ch], eax eax, [ebp+10h] dword ptr [ecx], 113h 0 The Type field is set to 0x13 (bold bits), Importance.
... mov eax, [ebp+0Ch] 02: 83 61 1C 00 and dword ptr [ecx+1Ch], 0 03: 89 41 0C mov [ecx+0Ch], eax 04: 8B 45 10 mov eax, [ebp+10h] 05: C6 01 13 mov byte ptr [ecx],13h 06: C6 41 01 01 mov byte ptr [ecx+1],1 07: 66 C7 41 02 00+ mov word ptr [ecx+2] ...
... dword ptr [esi+4 ) ; EDX: EAX = EAX * dword at (ESI+4) 03: F6 E1 mul cl ; AX = AL * CL 04 : 66 F7 E2 mul dx ; DX: AX = AX * DX Consider a few other concrete examples: 01: B8 03 00 00 00 mov eax, 3 ; set EAX=3 02: B9 22 22 22 22 mov ecx ...