Hacker Disassembling Uncovered: Powerful Techniques To Safeguard Your Programming [Paperback]

Kris Kaspersky (Author)

Book Description

ISBN-10: 1931769222 | ISBN-13: 978-1931769228 | Publication Date: April 1, 2003

Going beyond the issues of analyzing and optimizing programs as well as creating the means of protecting information, this guide takes on the programming problem of, once having found holes in a program, how to go about disassembling it without its source code. Covered are the hacking methods used to analyze programs using a debugger and disassembler. These methods include virtual functions, local and global variables, branching, loops, objects and their hierarchy, and mathematical operators. Also covered are methods of fighting disassemblers, self-modifying code in operating systems, and executing code in the stack. Advanced disassembler topics such as optimizing compilers and movable code are discussed as well.

Editorial Reviews

About the Author

Kris Kaspersky is the author of articles on hacking, disassembling, and code optimization. He has dealt with issues relating to security and system programming including compiler development, optimization techniques, security mechanism research, real-time OS kernel creation, and writing antivirus programs.

Product Details

• Paperback: 600 pages
• Publisher: A-List Publishing (April 1, 2003)
• Language: English
• ISBN-10: 1931769222
• ISBN-13: 978-1931769228
• Product Dimensions: 9 x 7.3 x 1.2 inches
• Shipping Weight: 2.2 pounds
• Average Customer Review: 4.4 out of 5 stars  See all reviews (17 customer reviews)
• Amazon Best Sellers Rank: #814,703 in Books (See Top 100 in Books)

Customer Reviews

Most Helpful Customer Reviews

52 of 56 people found the following review helpful:

4.0 out of 5 stars Possibly The Only Book Ever Written On Disassembly, December 31, 2003

By 

Michael Myers (Arlington, VA United States) - See all my reviews
(REAL NAME)   

This review is from: Hacker Disassembling Uncovered: Powerful Techniques To Safeguard Your Programming (Paperback)

I really can't complain about the quality of this book because it is information that until now had to be gathered from dark corners of the web and by immersing yourself in hacker communities and obtaining "zines" and newsletters which were online one day and disappeared the next. Hackers out there NEED more books like this that document reverse engineering.

The information itself, while extremely valuable, is very hard to follow (steep learning curve here) but that is not entirely the fault of the presentation, which is actually pretty good. This is just a tough subject. Disassembly is an art, it takes quite a bit of guesswork and experience in recognizing patterns. This book gives you a headstart on that, and is a great place to start learning the craft. I don't know why but he recommends some pretty outdated tools, like a DOS hex editor Hiew which I don't care for.

The book is presented as if it is one of those "uncovered"/"exposed"/"revealed" books that must sell so well. In truth, this book is of only marginal use to someone trying to defend against disassemblers. It makes gestures towards being about "safeguarding your programming" but very little of the book is devoted to that (the last 40 pages of a 580 page book). And, I really wish the book had incorporated a discussion of the executable file format and its different pieces and parts (for this I recommend the article by Matt Pietrek titled "An In-Depth Look into the Win32 Portable Executable File Format" available somewhere online) but that was glossed over.

That said, if you are doing (Intel x86) disassembly, GET this book, it is a must-have. I hope to see a second edition of this someday.

32 of 34 people found the following review helpful:

4.0 out of 5 stars solid introduction to reverse compilation techniques, September 2, 2004

By 

Brian E. Mitchell (Dunwoody, GA USA) - See all my reviews
(REAL NAME)   

This review is from: Hacker Disassembling Uncovered: Powerful Techniques To Safeguard Your Programming (Paperback)

I thought this was a pretty good book. First, to the 'reviewer' (in quotes since he didnt read the book beyond the very beginning) -- very little of the book makes any use of softice. The tool mostly used is Interactive Disassembler (a commercial tool available from datarescue) but any disassembler will do.

The book is about the code typically generated by compilers of various forms (mostly c and c++, some pascal as well). If you want to understand the disassembly, you must grok what Christina Cifuentes calls idioms (instruction sequences that have an effect different than the usual intended meaning).

This book is very much a collection of idioms. It's a good primer to the art of reverse engineering, and maybe readers can move on to general decompilation papers for further study, starting with "Reverse Compilation Techniques" by Ciguentes, and moving on to more modern papers.

18 of 19 people found the following review helpful:

5.0 out of 5 stars Just use it, November 14, 2003

By 

Prokash Sinha (Morgan Hill, CA USA) - See all my reviews

This review is from: Hacker Disassembling Uncovered: Powerful Techniques To Safeguard Your Programming (Paperback)

First the good news: Very few books give a total picture of assembler code. Usually they are text books, but this is a real hands on book to learn lot of assembler structures. How does a programs laid out(executible file format), what library functions get statically linked, and how they are resolved, how does relocation works, how does loader loads etc., etc. You would find a long lasting knowledge from this book. IF YOU ARE A SYSTEM AND/OR KERNEL MODE PROGRAMMER, IT IS A MUST. But need to go thru the exercises...

Bad news is that it seems like the examples are not tried out with MS visual studio 6.0. You will find the code generation is different, due to some inline library code (ie, strcmp() and others). It does have other mistakes in the programming, as well as in the text. Stack based code execution at the end of the book does not seem to do its job.

But still it is an excellent book to read and go thru those examples to become fairly fluent with large assembler codes, and their working. WHEN THE INFORMATION BASE IS HUGE, LOOK FOR STRUCTURE, AVOID THE DETAIL UNTIL NEEDED, this is precisely this book follows. Nothing could be worse than ignorance, so go grab one !!!