Find a copy online
Links to this item
Find a copy in the library
Finding libraries that hold this item...
|Additional Physical Format:||Print version:
Practical reverse engineering.
Indianapolis, Indiana : Wiley, 
|Material Type:||Document, Internet resource|
|Document Type:||Internet Resource, Computer File|
|All Authors / Contributors:||
Bruce Dang; Alexandre Gazet; Elias Bachaalany; Sébastien Josse
|ISBN:||9781118787250 1118787250 9781118787397 1118787390|
|Description:||1 online resource (383 pages) : illustrations|
|Contents:||Cover; Title Page; Copyright; Contents; Chapter 1 x86 and x64; Register Set and Data Types; Instruction Set; Syntax; Data Movement; Exercise; Arithmetic Operations; Stack Operations and Function Invocation; Exercises; Control Flow; System Mechanism; Address Translation; Interrupts and Exceptions; Walk-Through; Exercises; x64; Register Set and Data Types; Data Movement; Canonical Address; Function Invocation; Exercises; Chapter 2 ARM; Basic Features; Data Types and Registers; System-Level Controls and Settings; Introduction to the Instruction Set; Loading and Storing Data; LDR and STR. Other Usage for LDRLDM and STM; PUSH and POP; Functions and Function Invocation; Arithmetic Operations; Branching and Conditional Execution; Thumb State; Switch-Case; Miscellaneous; Just-in-Time and Self-Modifying Code; Synchronization Primitives; System Services and Mechanisms; Instructions; Walk-Through; Next Steps; Exercises; Chapter 3 The Windows Kernel; Windows Fundamentals; Memory Layout; Processor Initialization; System Calls; Interrupt Request Level; Pool Memory; Memory Descriptor Lists; Processes and Threads; Execution Context; Kernel Synchronization Primitives; Lists. Implementation DetailsWalk-Through; Exercises; Asynchronous and Ad-Hoc Execution; System Threads; Work Items; Asynchronous Procedure Calls; Deferred Procedure Calls; Timers; Process and Thread Callbacks; Completion Routines; I/O Request Packets; Structure of a Driver; Entry Points; Driver and Device Objects; IRP Handling; A Common Mechanism for User-Kernel Communication; Miscellaneous System Mechanisms; Walk-Throughs; An x86 Rootkit; An x64 Rootkit; Next Steps; Exercises; Building Confidence and Solidifying Your Knowledge; Investigating and Extending Your Knowledge. Analysis of Real-Life DriversChapter 4 Debugging and Automation; The Debugging Tools and Basic Commands; Setting the Symbol Path; Debugger Windows; Evaluating Expressions; Process Control and Debut Events; Registers, Memory, and Symbols; Breakpoints; Inspecting Processes and Modules; Miscellaneous Commands; Scripting with the Debugging Tools; Pseudo-Registers; Aliases; Language; Script Files; Using Scripts Like Functions; Example Debug Scripts; Using the SDK; Concepts; Writing Debugging Tools Extensions; Useful Extensions, Tools, and Resources; Chapter 5 Obfuscation. A Survey of Obfuscation TechniquesThe Nature of Obfuscation: A Motivating Example; Data-Based Obfuscations; Control-Based Obfuscation; Simultaneous Control-Flow and Data-Flow Obfuscation; Achieving Security by Obscurity; A Survey of Deobfuscation Techniques; The Nature of Deobfuscation: Transformation Inversion; Deobfuscation Tools; Practical Deobfuscation; Case Study; First Impressions; Analyzing Handlers Semantics; Symbolic Execution; Solving the Challenge; Final Thoughts; Exercises; Appendix Sample Names and Corresponding SHA1 Hashes; Index.|
|Responsibility:||Bruce Dang, Alexandre Gazet, Elias Bachaalany ; with contributions from Sébastien Josse.|