DescriptionBeginning with a basic primer on reverse engineering-including computer internals, operating systems, and assembly language-and then discussing the various
applications of reverse engineering, this book provides readers with practical, in-depth techniques for software reverse engineering. The book is broken into two parts, the first deals with security-related reverse engineering and the second explores the more practical aspects of reverse engineering. In addition, the author explains how to reverse engineer a third-party software library to improve interfacing and how to reverse engineer a competitor's software to build a better product.
* The first popular book to show how software reverse engineering can help defend against security threats, speed up development, and unlock the secrets of competitive products
* Helps developers plug security holes by demonstrating how hackers exploit reverse engineering techniques to crack copy-protection schemes and identify software targets for viruses and other malware
* Offers a primer on advanced reverse-engineering, delving into "disassembly"-code-level reverse engineering-and explaining how to decipher assembly language
Part I Reversing 101 1
Chapter 1 Foundations 3
Chapter 2 Low-Level Software 25
Chapter 3 Windows Fundamentals 69
Chapter 4 Reversing Tools 109
Part II Applied Reversing 139
Chapter 5 Beyond the Documentation 141
Chapter 6 Deciphering File Formats 199
Chapter 7 Auditing Program Binaries 243
Part III Cracking 307
Chapter 9 Piracy and Copy Protection 309
Chapter 10 Antireversing Techniques 327
Chapter 11 Breaking Protections 357
Part IV Beyond Disassembly 421
Chapter 12 Reversing .NET 423
Chapter 13 Decompilation 457
Appendix A Deciphering Code Structures 479
Appendix B Understanding Compiled Arithmetic 519
Appendix C Deciphering Program Data 537
Appendix D Citations 561
|Please read before downloading the code|
Backdoor.Hacarmy.D: This is a trojan/backdoor type malware program that was distributed in 2004. It is non-contagious, but it connects to a central server through which an attacker could theoretically connect to the infected system and control or damage it. The central servers have been taken down long ago, so in its current state the program should be nonetheless harmless. It is not advisable to install the program on a system unless that system was specifically installed for testing purposes and is detached from the network. Because of security restrictions regarding this file, the complete zip file for this download has been moved and may now be accessed here. Limit of Liability/Disclaimer of Warranty: The publisher and the author make no representations or warranties with respect to the accuracy or completeness of the contents of this work or the nature or effect of the program and specifically disclaim all warranties, including without limitation warranties of fitness for a particular purpose. No warranty may be created or extended by sales or promotional materials. The advice and strategies contained herein may not be suitable for every situation. This work is sold with the understanding that the publisher is not engaged in rendering legal, accounting, or other professional services. If professional assistance is required, the services of a competent professional person should be sought. Neither the publisher nor the author shall be liable for damages arising herefrom. The fact that an organization or Website is referred to in this work as a citation and/or a potential source of further information does not mean that the author or the publisher endorses the information the organization or Website may provide or recommendations it may make. Further, readers should be aware that Internet Websites listed in this work may have changed or disappeared between when this work was written and when it is read. For general information on our other products and services or to obtain technical support, please contact our Customer Care Department within the U.S. at (800) 762-2974, outside the U.S. at (317) 572-3993 or fax (317) 572-4002. Wiley also publishes its books in a variety of electronic formats. Some content that appears in print may not be available in electronic books. Library of Congress Cataloging-in-Publication Data Trademarks: Wiley, the Wiley Publishing logo and related trade dress are trademarks or registered trademarks of John Wiley & Sons, Inc. and/or its affiliates, in the United States and other countries, and may not be used without written permission. All other trademarks are the property of their respective owners. Wiley Publishing, Inc., is not associated with any product or vendor mentioned in this book.
|Download the final Bibliography|
Requires Microsoft Word Viewer to view file.
|Appendix C Correx|
There were errors in Appendix C, pages 540-1, that this download corrects.
|43||Error in Code,char szWelcome = This string will be stored in the executable's preinitialized data section ;|
char szWelcome = This string will be stored in the executable's preinitialized data section ;
|164, 165||Error in Text,Heading: Search Loop 3|
It says that it is using EDI as a counter.
*This error also occurs at top of page 165
|185||Error in Code,MOV EAX, ECX|
SHR ECX, 2 <--- right shift
A right shift by 2 will divide by 4 and not multiply by 4 as the text says:
This code..., ECX with ElementSize*4,..
|217||Typo in Text,In the last paragraph on the page: |
|540-541||Errors in Text,Error on page 540: |
the book states that in cdecl calling convection The first parameter is pushed onto the stack first, and the last parameter is pushed last.
Error on page 541:
it states that stdcall functions receive parameters in the reverse order compared to cdecl, meaning that the last parameter an stdcall function takes is pushed to the stack first.
CORRECTION:Stdcall takes the parameters in same order as cdecl, pascal is the inverse of cdecl in parameter pushing order.
SEE NEW APPENDIX C IN DOWNLOADS