Hacker Debugging Uncovered (Uncovered series) [Paperback]

Kris Kaspersky (Author)

Book Description

Series: Uncovered series | Publication Date: June 1, 2005

Tips for the practical use of debuggers, such as NuMega SoftIce, Microsoft Visual Studio Debugger, and Microsoft Kernel Debugger, with minimum binding to a specific environment are disclosed in this debugger guide. How debuggers operate and how to overcome obstacles and repair debuggers is demonstrated. Programmers will learn how to look at what is inside a computer system, how to reconstruct the operating algorithm of a program distributed without source code, how to modify the program, and how to debug drivers. The use of debugging applications and drivers in Windows and Unix operating systems on Intel Pentium/DEC Alpha-based processors is also detailed.

Editorial Reviews

About the Author

Kris Kaspersky is the author of CD Cracking Uncovered, Code Optimization, and Hacker Disassembling Uncovered.

Product Details

• Paperback: 500 pages
• Publisher: A-List Publishing (June 1, 2005)
• Language: English
• ISBN-10: 1931769400
• ISBN-13: 978-1931769402
• Product Dimensions: 9.2 x 7.4 x 1.4 inches
• Shipping Weight: 2.3 pounds
• Average Customer Review: 2.2 out of 5 stars  See all reviews (4 customer reviews)
• Amazon Best Sellers Rank: #2,113,570 in Books (See Top 100 in Books)

Customer Reviews

Most Helpful Customer Reviews

29 of 31 people found the following review helpful:

2.0 out of 5 stars Okay introduction to debugging and antidebugging, July 31, 2005

By 

Brian E. Mitchell (Dunwoody, GA USA) - See all my reviews
(REAL NAME)   

This review is from: Hacker Debugging Uncovered (Uncovered series) (Paperback)

First, a word about the publisher, A-List. This book was delayed time and time again. So much so that I had this book preordered for over a year. This sort of thing is just unacceptable, and would make me inclined to not purchase any books from this publisher in the future, and some of the rating I gave it is because of the publisher.

This book has a much larger unix focus than the 'Hacker Disassembling Uncovered' which was largely windows based, however the author's relative unfamiliarity with unix tends to show.

For example, on page 39 the author states:

IDA Pro, the best disassembler of all times, is nw available under Linux! Users of FreeBSD and other operating systems will have to be content with the console Windows version started under the emulator or have to work on native MS-DOS, OS/2, and Windows.

Unfortunately, the author does not mention (or does not know?) that the OS2 and DOS4GW products were discontinued when the linux version was released. Additionally, FreeBSD (and OpenBSD and NetBSD) can easily run linux binaries by mapping the system calls. It's a very cheap way to run linux binaries, and it was acomplished for OpenBSD within a day or so of the 4.7 release. A much cleaner way is available now; others have managed to do the same for FreeBSD, and NetBSD is likely to be straihtforward as well.

There's also some problems with the book that confuse me. For example, on page 432 the author states the following:


The C programming language doesn't allow you to declare functions
returning pointers to functions, because this declaration is recursively
looped.

I simply do not know where he pulled this from. The following small C example demonstrates how to do just this:

#include <stdio.h>

int (*HelloWorld(void))(int,int);
int helloworld(int a, int b)
{
printf("hello world: %d %d\n", a, b);
return 0;
}

int main(void)
{
int (*foo)(int, int) = HelloWorld();
foo(1,2);
return 0;
}

int (*HelloWorld(void))(int, int)
{
return helloworld;
}

And here is it being compiled:
brian@lemon:~> gcc -ansi -std=c89 -Wall -o foo foo.c
brian@lemon:~>

and here is it being run:
brian@lemon:~> ./foo
hello world: 1 2
brian@lemon:~>

On to the actual content of the book, it's largely okay. However, if you are expecting new antidebugging ideas, or even ideas hackers are actually going to use, you are in for a rather unfortunate surprise.

When I purchased this book, I sort of expected it would keep the duplication from Hacker Disassembling Uncovered to a minimum, but I found that the amount of the book dedicated to static analysis (ie: disassembling and the line) is significant. Far more significant than it should be; nearly the first half of the book is filled with static analysis stuff, working on straightforward crackmes (similar to the previous book in the series), and so forth. This strikes me as fluff in order to boost the price the publisher can charge.

Once you get past these negative parts, you have an okay book about (mostly) antidebugging techniques, and some debugging techniques. There's also the requisite PE injection section (sorry, no elf version) along with some basic PE documentation (also no elf version of this).

There's quite a bit here if you want a broad ovrview of binary analysis using both static and dynamic analysis. There's nothing new here at all, but if you'd like a bunch of things all in one place, this book may be useful, dispite its many flaws.

3 of 3 people found the following review helpful:

2.0 out of 5 stars Disappointed, April 7, 2006

By 

cson (San Angelo, TX USA) - See all my reviews

This review is from: Hacker Debugging Uncovered (Uncovered series) (Paperback)

I did not completely read the book because I became so exasperated with the book and the author that I quit. The author's continuous praise for a certain software product and his severe criticism of other software used by the author makes one wonder about the relationship between the author and the commercial owner of the praised software. The author even alluded to the non-praised software as possibly being available in a pirated edition. Conversely, the author cautions the reader about copyright law when discussing the praised software. The author is very enamored with himself, and it detracts from the book. The book is unnecessarily verbose and poorly edited. I was very disappointed, as I was looking for a *how-to-do-it book,* and this book is not suitable for that purpose. Of more concern is the cost of the book's recommended products, which are necessary in order to follow the author. The software products used by the author are commercial and range in cost from less than $100 to a lot more than $100. The reader will spend several hundred dollars on commercial software and other products (Microsoft DDK) if the reader gets the items discussed and recommended by the author. I don't dispute the quality of the products, just the cost of them in addition to the price of the book. There are some errors. For example, the author says Microsoft DDK is free, and yet it has cost about $100 for several years. It would be very expensive to buy the author's suggested products in order to follow the author while reading the book. A CD with source code is included, but without the software its value is diminished. I am sure others will have better experiences, but I cannot recommend the book.

1 of 1 people found the following review helpful:

3.0 out of 5 stars For the desperate, July 4, 2006

By 

__maxmax - See all my reviews

This review is from: Hacker Debugging Uncovered (Uncovered series) (Paperback)

As other have pointed out, this book offers some useful and advanced knowledge - but that's not enough to make it good. Erratic editing and frequent biased ego trips by the author make it somewhat difficult to read, and leave you wondering if there are better books on that topic. The answer is yes - sadly.