دسترسی نامحدود
برای کاربرانی که ثبت نام کرده اند
برای ارتباط با ما می توانید از طریق شماره موبایل زیر از طریق تماس و پیامک با ما در ارتباط باشید
در صورت عدم پاسخ گویی از طریق پیامک با پشتیبان در ارتباط باشید
برای کاربرانی که ثبت نام کرده اند
درصورت عدم همخوانی توضیحات با کتاب
از ساعت 7 صبح تا 10 شب
ویرایش:
نویسندگان: Dennis Yurichev
سری:
ناشر:
سال نشر: 2021
تعداد صفحات: [1365]
زبان: English
فرمت فایل : PDF (درصورت درخواست کاربر به PDF، EPUB یا AZW3 تبدیل می شود)
حجم فایل: 11 Mb
در صورت تبدیل فایل کتاب Reverse Engineering for Beginner به فرمت های PDF، EPUB، AZW3، MOBI و یا DJVU می توانید به پشتیبان اطلاع دهید تا فایل مورد نظر را تبدیل نمایند.
توجه داشته باشید کتاب مهندسی معکوس برای مبتدیان نسخه زبان اصلی می باشد و کتاب ترجمه شده به فارسی نمی باشد. وبسایت اینترنشنال لایبرری ارائه دهنده کتاب های زبان اصلی می باشد و هیچ گونه کتاب ترجمه شده یا نوشته شده به فارسی را ارائه نمی دهد.
Code Patterns The method Some basics A short introduction to the CPU Numeral Systems Converting From One Radix To Another An Empty Function x86 ARM MIPS Empty Functions in Practice Returning Values x86 ARM MIPS Hello, world! x86 x86-64 ARM MIPS Conclusion Exercises Function prologue and epilogue Recursion An Empty Function: redux Returning Values: redux Stack Why does the stack grow backwards? What is the stack used for? A typical stack layout Noise in stack Exercises Almost empty function printf() with several arguments x86 ARM MIPS Conclusion By the way scanf() Simple example The classic mistake Global variables scanf() Exercise Worth noting: global vs. local variables Accessing passed arguments x86 x64 ARM MIPS More about results returning Attempt to use the result of a function returning void What if we do not use the function result? Returning a structure Pointers Returning values Swap input values GOTO operator Dead code Exercise Conditional jumps Simple example Calculating absolute value Ternary conditional operator Getting minimal and maximal values Conclusion Exercise Software cracking Impossible shutdown practical joke (Windows 7) switch()/case/default Small number of cases A lot of cases When there are several case statements in one block Fall-through Exercises Loops Simple example Memory blocks copying routine Condition check Conclusion Exercises More about strings strlen() Boundaries of strings Replacing arithmetic instructions to other ones Multiplication Division Exercise Floating-point unit IEEE 754 x86 ARM, MIPS, x86/x64 SIMD C/C++ Simple example Passing floating point numbers via arguments Comparison example Some constants Copying Stack, calculators and reverse Polish notation 80 bits? x64 Exercises Arrays Simple example Buffer overflow Buffer overflow protection methods One more word about arrays Array of pointers to strings Multidimensional arrays Pack of strings as a two-dimensional array Conclusion Exercises Example: a bug in Angband Manipulating specific bit(s) Specific bit checking Setting and clearing specific bits Shifts Setting and clearing specific bits: FPU example Counting bits set to 1 Conclusion Exercises Linear congruential generator x86 x64 32-bit ARM MIPS Thread-safe version of the example Structures MSVC: SYSTEMTIME example Let's allocate space for a structure using malloc() UNIX: struct tm Fields packing in structure Nested structures Bit fields in a structure Exercises The classic struct bug Unions Pseudo-random number generator example Calculating machine epsilon FSCALE instruction replacement Fast square root calculation Pointers to functions MSVC GCC Danger of pointers to functions 64-bit values in 32-bit environment Returning of 64-bit value Arguments passing, addition, subtraction Multiplication, division Shifting right Converting 32-bit value into 64-bit one LARGE_INTEGER structure case SIMD Vectorization SIMD strlen() implementation 64 bits x86-64 ARM Float point numbers 64-bit architecture criticism Working with floating point numbers using SIMD Simple example Passing floating point number via arguments Comparison example Calculating machine epsilon: x64 and SIMD Pseudo-random number generator example revisited Summary ARM-specific details Number sign (#) before number Addressing modes Loading a constant into a register Relocs in ARM64 MIPS-specific details Loading a 32-bit constant into register Further reading about MIPS Important fundamentals Integral datatypes Bit Nibble AKA nybble Byte Wide char Signed integer vs unsigned Word Address register Numbers AND/OR/XOR as MOV Endianness Big-endian Little-endian Example Bi-endian Converting data Memory CPU Branch predictors Data dependencies Hash functions How do one-way functions work? Slightly more advanced examples Zero register Double negation const correctness Overlapping const strings strstr() example qsort() revisited Temperature converting Integer values Floating-point values Fibonacci numbers Example #1 Example #2 Summary CRC32 calculation example Network address calculation example calc_network_address() form_IP() print_as_IP() form_netmask() and set_bit() Summary Loops: several iterators Three iterators Two iterators Intel C++ 2011 case Duff's device Should one use unrolled loops? Division using multiplication x86 How it works ARM MIPS Exercise String to number conversion (atoi()) Simple example A slightly advanced example Exercise Inline functions Strings and memory functions C99 restrict Branchless abs() function Optimizing GCC 4.9.1 x64 Optimizing GCC 4.9 ARM64 Variadic functions Computing arithmetic mean vprintf() function case Pin case Format string exploit Strings trimming x64: Optimizing MSVC 2013 x64: Non-optimizing GCC 4.9.1 x64: Optimizing GCC 4.9.1 ARM64: Non-optimizing GCC (Linaro) 4.9 ARM64: Optimizing GCC (Linaro) 4.9 ARM: Optimizing Keil 6/2013 (ARM mode) ARM: Optimizing Keil 6/2013 (Thumb mode) MIPS toupper() function x64 ARM Using bit operations Summary Obfuscation Text strings Executable code Virtual machine / pseudo-code Other things to mention Exercise C++ Classes ostream References STL Memory Negative array indices Addressing string from the end Addressing some kind of block from the end Arrays started at 1 More about pointers Working with addresses instead of pointers Passing values as pointers; tagged unions Pointers abuse in Windows kernel Null pointers Array as function argument Pointer to a function Pointer to a function: copy protection Pointer to a function: a common bug (or typo) Pointer as object identificator Oracle RDBMS and a simple garbage collector for C/C++ Loop optimizations Weird loop optimization Another loop optimization More about structures Sometimes a C structure can be used instead of array Unsized array in C structure Version of C structure High-score file in "Block out" game and primitive serialization memmove() and memcpy() Anti-debugging trick setjmp/longjmp Other weird stack hacks Accessing arguments/local variables of caller Returning string OpenMP MSVC GCC Signed division using shifts Another heisenbug The case of forgotten return Homework: more about function pointers and unions Windows 16-bit Example#1 Example #2 Example #3 Example #4 Example #5 Example #6 Java Java Introduction Returning a value Simple calculating functions JVM memory model Simple function calling Calling beep() Linear congruential PRNG Conditional jumps Passing arguments Bitfields Loops switch() Arrays Strings Exceptions Classes Simple patching Summary Finding important/interesting stuff in the code Identification of executable files Microsoft Visual C++ GCC Intel Fortran Watcom, OpenWatcom Borland Other known DLLs Communication with outer world (function level) Communication with the outer world (win32) Often used functions in the Windows API Extending trial period Removing nag dialog box tracer: Intercepting all functions in specific module Strings Text strings Finding strings in binary Error/debug messages Suspicious magic strings Calls to assert() Constants Magic numbers Specific constants Searching for constants Finding the right instructions Suspicious code patterns XOR instructions Hand-written assembly code Using magic numbers while tracing Loops Some binary file patterns Memory "snapshots" comparing ISA detection Incorrectly disassembled code Correctly disassembled code Other things General idea Order of functions in binary code Tiny functions C++ Crash on purpose OS-specific Arguments passing methods (calling conventions) cdecl stdcall fastcall thiscall x86-64 Return values of float and double type Modifying arguments Taking a pointer to function argument Python ctypes problem (x86 assembly homework) Cdecl example: a DLL Thread Local Storage Linear congruential generator revisited System calls (syscall-s) Linux Windows Linux Position-independent code LD_PRELOAD hack in Linux Windows NT CRT (win32) Win32 PE Windows SEH Windows NT: Critical section Tools Binary analysis Disassemblers Decompilers Patch comparison/diffing Live analysis Debuggers Library calls tracing System calls tracing Network sniffing Sysinternals Valgrind Emulators Other tools SMT solvers Calculators Do You Think Something Is Missing Here? Case studies Mahjong solitaire prank (Windows 7) Task manager practical joke (Windows Vista) Using LEA to load values Color Lines game practical joke Minesweeper (Windows XP) Finding grid automatically Exercises Hacking Windows clock (Windows 7) Solitaire: practical jokes 51 cards 53 cards FreeCell prank (Windows 7) Part I Part II: breaking the Select Game submenu Dongles Example #1: MacOS Classic and PowerPC Example #2: SCO OpenServer Example #3: MS-DOS Encrypted database case #1 Base64 and entropy Is data compressed? Is data encrypted? CryptoPP Cipher Feedback mode Initializing Vector Structure of the buffer Noise at the end Conclusion Post Scriptum: brute-forcing IV Overclocking Cointerra Bitcoin miner Breaking simple executable code encryptor Other ideas to consider SAP About SAP client network traffic compression SAP 6.0 password checking functions Oracle RDBMS V$VERSION table in the Oracle RDBMS X$KSMLRU table in Oracle RDBMS V$TIMER table in Oracle RDBMS Handwritten assembly code EICAR test file Demos 10 PRINT CHR$(205.5+RND(1)); : GOTO 10 Mandelbrot set A nasty bug in MSVCRT.DLL Other examples Examples of reversing proprietary file formats Primitive XOR-encryption Simplest ever XOR encryption Norton Guide: simplest possible 1-byte XOR encryption Simplest possible 4-byte XOR encryption Simple encryption using XOR mask Simple encryption using XOR mask, case II Homework Information entropy Analyzing entropy in Mathematica Conclusion Tools A word about primitive encryption like XORing More about entropy of executable code PRNG More examples Entropy of various files Making lower level of entropy Millenium game save file fortune program indexing file Hacking The files Oracle RDBMS: .SYM-files Oracle RDBMS: .MSB-files Summary Exercises Further reading Dynamic binary instrumentation Using PIN DBI for XOR interception Cracking Minesweeper with PIN Intercepting all rand() calls Replacing rand() calls with our function Peeking into placement of mines Exercise Building Intel Pin Why ``instrumentation''? Other things Using IMUL over MUL MulDiv() function in Windows Executable files patching x86 code Function arguments number statistics Compiler intrinsic Compiler's anomalies Oracle RDBMS 11.2 and Intel C++ 10.1 MSVC 6.0 ftol2() in MSVC 2012 Summary Itanium 8086 memory model Basic blocks reordering Profile-guided optimization My experience with Hex-Rays 2.2.0 Bugs Odd peculiarities Silence Comma Data types Long and messed expressions De Morgan's laws and decompilation My plan Summary Cyclomatic complexity Books/blogs worth reading Books and other materials Reverse Engineering Windows C/C++ x86 / x86-64 ARM Assembly language Java UNIX Programming in general Cryptography Something even easier Communities Afterword Questions? Appendix x86 Terminology General purpose registers FPU registers SIMD registers Debugging registers Instructions npad ARM Terminology Versions 32-bit ARM (AArch32) 64-bit ARM (AArch64) Instructions MIPS Registers Instructions Some GCC library functions Some MSVC library functions Cheatsheets IDA OllyDbg MSVC GCC GDB Acronyms Used Glossary Index