Customer Reviews

Hacker Debugging Uncovered (Uncovered series)

5 star:		(0)
4 star:		(0)
3 star:		(1)
2 star:		(3)
1 star:		(0)

 

 

First, a word about the publisher, A-List. This book was delayed time and time again. So much so that I had this book preordered for over a year. This sort of thing is just unacceptable, and would make me inclined to not purchase any books from this publisher in the future, and some of the rating I gave it is because of the publisher.

This book has a much larger unix focus than the 'Hacker Disassembling Uncovered' which was largely windows based, however the author's relative unfamiliarity with unix tends to show.

For example, on page 39 the author states:

IDA Pro, the best disassembler of all times, is nw available under Linux! Users of FreeBSD and other operating systems will have to be content with the console Windows version started under the emulator or have to work on native MS-DOS, OS/2, and Windows.

Unfortunately, the author does not mention (or does not know?) that the OS2 and DOS4GW products were discontinued when the linux version was released. Additionally, FreeBSD (and OpenBSD and NetBSD) can easily run linux binaries by mapping the system calls. It's a very cheap way to run linux binaries, and it was acomplished for OpenBSD within a day or so of the 4.7 release. A much cleaner way is available now; others have managed to do the same for FreeBSD, and NetBSD is likely to be straihtforward as well.

There's also some problems with the book that confuse me. For example, on page 432 the author states the following:


The C programming language doesn't allow you to declare functions
returning pointers to functions, because this declaration is recursively
looped.

I simply do not know where he pulled this from. The following small C example demonstrates how to do just this:

#include <stdio.h>

int (*HelloWorld(void))(int,int);
int helloworld(int a, int b)
{
printf("hello world: %d %d\n", a, b);
return 0;
}

int main(void)
{
int (*foo)(int, int) = HelloWorld();
foo(1,2);
return 0;
}

int (*HelloWorld(void))(int, int)
{
return helloworld;
}

And here is it being compiled:
brian@lemon:~> gcc -ansi -std=c89 -Wall -o foo foo.c
brian@lemon:~>

and here is it being run:
brian@lemon:~> ./foo
hello world: 1 2
brian@lemon:~>

On to the actual content of the book, it's largely okay. However, if you are expecting new antidebugging ideas, or even ideas hackers are actually going to use, you are in for a rather unfortunate surprise.

When I purchased this book, I sort of expected it would keep the duplication from Hacker Disassembling Uncovered to a minimum, but I found that the amount of the book dedicated to static analysis (ie: disassembling and the line) is significant. Far more significant than it should be; nearly the first half of the book is filled with static analysis stuff, working on straightforward crackmes (similar to the previous book in the series), and so forth. This strikes me as fluff in order to boost the price the publisher can charge.

Once you get past these negative parts, you have an okay book about (mostly) antidebugging techniques, and some debugging techniques. There's also the requisite PE injection section (sorry, no elf version) along with some basic PE documentation (also no elf version of this).

There's quite a bit here if you want a broad ovrview of binary analysis using both static and dynamic analysis. There's nothing new here at all, but if you'd like a bunch of things all in one place, this book may be useful, dispite its many flaws.

I did not completely read the book because I became so exasperated with the book and the author that I quit. The author's continuous praise for a certain software product and his severe criticism of other software used by the author makes one wonder about the relationship between the author and the commercial owner of the praised software. The author even alluded to the non-praised software as possibly being available in a pirated edition. Conversely, the author cautions the reader about copyright law when discussing the praised software. The author is very enamored with himself, and it detracts from the book. The book is unnecessarily verbose and poorly edited. I was very disappointed, as I was looking for a *how-to-do-it book,* and this book is not suitable for that purpose. Of more concern is the cost of the book's recommended products, which are necessary in order to follow the author. The software products used by the author are commercial and range in cost from less than $100 to a lot more than $100. The reader will spend several hundred dollars on commercial software and other products (Microsoft DDK) if the reader gets the items discussed and recommended by the author. I don't dispute the quality of the products, just the cost of them in addition to the price of the book. There are some errors. For example, the author says Microsoft DDK is free, and yet it has cost about $100 for several years. It would be very expensive to buy the author's suggested products in order to follow the author while reading the book. A CD with source code is included, but without the software its value is diminished. I am sure others will have better experiences, but I cannot recommend the book.

As other have pointed out, this book offers some useful and advanced knowledge - but that's not enough to make it good. Erratic editing and frequent biased ego trips by the author make it somewhat difficult to read, and leave you wondering if there are better books on that topic. The answer is yes - sadly.

This book was evidently written by a person who speaks English as a second language. It is full of overstatements, non sequiturs, and awkward phrasing that make it quite annoying to read. Here are some excerpts from Chapter 1:

"The destiny, however, offered a surprise. This was the new operation system - Windows. Principally, new architecture has rendered all existing debuggers useless...NuMega again surprised the world with a new masterpiece. Its new debugger turned out to be beyond all possible praise...This was a triumph, which no one even dared to imitate."

"...Gradually, antidebugging techniques went out of fashion. The victorious advances of Windows made it quit the stage."(!?)

Where was the editor for this book? Does no one at ALIST speak English? I bought this book because I confused it with Hacker Disassembling (not Debugging) Uncovered, which is highly rated. I intend to return this book and replace it with the other one.

Update: I bought the Disassembling book, and (silly me) it's written by the same author. I should mention that Kris Kaspersky is a well-recognized authority in this arena. He definitely knows his stuff, and the books contain lots of useful information if you can wade through the unfortunate prose. ALIST has done Mr. Kaspersky an injustice by not providing the editing that is needed to make these books what they could and should be.