- Paperback: 384 pages
- Publisher: Wiley; 1 edition (February 17, 2014)
- Language: English
- ISBN-10: 1118787315
- ISBN-13: 978-1118787311
- Product Dimensions: 7.4 x 0.7 x 9.3 inches
- Shipping Weight: 1.3 pounds (View shipping rates and policies)
- Average Customer Review: 31 customer reviews
- Amazon Best Sellers Rank: #105,400 in Books (See Top 100 in Books)
Enter your mobile number or email address below and we'll send you a link to download the free Kindle App. Then you can start reading Kindle books on your smartphone, tablet, or computer - no Kindle device required.
To get the free app, enter your mobile phone number.
Practical Reverse Engineering: x86, x64, ARM, Windows Kernel, Reversing Tools, and Obfuscation 1st Edition
Use the Amazon App to scan ISBNs and compare prices.
The Amazon Book Review
Author interviews, book reviews, editors picks, and more. Read it now
Frequently bought together
Customers who bought this item also bought
From the Back Cover
LEARN THE SCIENCE AND CRAFT OF REVERSE ENGINEERING TO FIGHT HACKERS AND ROOTKITS
Criminals increasingly are using malicious software (exploits, viruses, rootkits, etc.) for fraud, denial-of-service, intrusions, and espionage operations. Reverse engineering is the only method to thoroughly dissect and understand such software. So it is no surprise that reverse engineering is one of the most important subjects in information security. Unfortunately, it is often perceived as a mysterious and complex black art. Although reverse engineering is a difficult subject, the authors believe there is a scientific approach to it. Practical Reverse Engineering aims to demystify the art and systematize the reverse-engineering process for students and professionals.
- Discover a unique, systematic approach to reverse engineering that incorporates hands-on analysis with real-world malware
- Find detailed coverage of the three most popular processor architectures: x86, x64, and ARM
- Use this concise, structured treatment of the Windows kernel and kernel-mode drivers, featuring walk-throughs and exercises with real-world rootkits
- Learn sophisticated code-obfuscation techniques, such as those used in virtual machine protections, and how to deobfuscate them using program-analysis techniques
- Discover advanced debugging techniques to automate and streamline the reverse-engineering process
- Apply newly learned concepts with complete walk-throughs and exercises using real-world malware
About the Author
Bruce Dang is a senior security development engineering lead at Microsoft focusing on Windows kernel and reverse engineering.
Alexandre Gazet is a senior security researcher at QuarksLab focusing on reverse engineering and software protection.
Elias Bachaalany is a software security engineer at Microsoft.
Top customer reviews
There was a problem filtering reviews right now. Please try again later.
First the positive. This book does indeed contain densely packed information you will not find in other books. I especially liked the x64 and ARM primers as well as the chapter on "Debugging and Automation" (WinDbg tips and tricks).
The "Windows Kernel" chapter had a lot of useful tidbits, however there was no context to what was being explained beyond some WinDbg command output. There was no working example to pull it all (or some of it) together. The Windows Internals reference books actually have better hands-on material than this particular chapter. The obfuscation chapter mostly read like an academic journal which was not only too dry for my taste, but it was more discussion on theory than seemingly practical information.
The majority of book exercises were worthless to me because there was no way to check your work. The authors claim you are supposed to check your exercises at an URL they mention and the promise that they will post "answers" with whatever the rest of the community blogs about. In short, you will find that despite learning from these exercises (on your own), you will have no idea how close you were to what the author intended that you were supposed to learn because this internet material they speak of simply is not available. Because most of the exercises are so time intensive, you might come to the conclusion (as I did) that its not worth the effort since there is literally no way to to check your work for the majority of them. The authors provides their personal e-mail addresses in what appears to be a friendly gesture, however Bruce did not respond to an e-mail I sent him with a typo I noticed in chapter #1 as well as a question about where to find resources for the chapter exercises. -1 star because Bruce never responded.
The book ended up being one of the most dull reverse engineering books I have ever read. Because the author(s) managed to present what is normally a highly interesting a fun topic in the most boring way possible, I had to force myself to get through it.
This book is fairly small for a technical book at only 340 pages, but it is very dense. Every sentence is important.
You need to have used IDA and windbg before you start reading this book.
Very helpful to translate your knowledge from x86 to ARM and explaining how Windows kernel code works. I really like it's line "If the process of reverse engineering Windows drivers could be modeled as a discrete task, 90% would be understanding how Windows works and 10% would be understanding assembly code."
I do kernel and windbg very often (my daily work) so I started from these two chapters. It's very interesting to understand the kernel and windbg through this way. If you're not familiar with kernel and windbg, I suggest you read Windows Internals along with this book. Windows Internals tell you how the kernel works but without showing the code. With this book, you can actually use windbg to know how it works (dump or live debugging). This is very important for engineers because we need something to play with.
There are a lot of exercises in this book. I suggest the readers should do the exercises. The authors are very responsive and we can also find the answers/discussion on the internet. The authors also answer the questions on reddit. If you have hard time working on the exercises you can always send the mail to the authors.
Chapter 3: The Windows Kernel is my favorite chapter so far. If you're trying to learn more about the kernel from a security prospective, this is what you must read. I wasn't looking for a reverse engineering guide on it, instead fundamentals and concepts with a security perspective, but instead I got both. There's nothing else out there like this book.
Most recent customer reviews
to a medium of...Read more