[逆向工程权威指南英文版]Reverse Engineering for Beginners 英文高清完整.pdf版下载

所需积分/C币:50 2017-06-11 16:20:39 8.43MB PDF
收藏 收藏 9
举报

[逆向工程权威指南英文版]Reverse Engineering for Beginners.pdf
Call for translators You may want to help me with translating this work into languages other than English and russian. Just send me any piece of translated text (no matter how short)and I'll put it into my LateX source code Read here Speed isn't important, because this is an open-source project, after all. Your name will be mentioned as a project contributor. Korean, Chinese, and persian languages are reserved by publishers. English and Russian versions I do by myself, but my English is still that horrible, so I'm very grateful for any notes about grammar, etc. Even my Russian is flawed so Im grateful for notes about Russian text as well sodonothesitatetocontactmedennis(a)yurichev.com Abridged contents 1 Code patterns 2 Important fundamentals 448 3 Slightly more advanced examples 467 4 Java 661 5 Finding important/interesting stuff in the code 700 6 OS-specific 734 7 Tools 789 8 Case studies 793 9 Examples of reversing proprietary file formats 928 10other things 9B8 11 Books/blogs worth reading 1002 12 Communities 1005 Afterword 1007 Appendix 1009 Acronyms used 1038 Glossary 1043 Index 1045 Contents 1 Code patterns 1.1 The method 1.2 Some basics 1.2.1 A short introduction to the cpu 1.2.2 Numeral systems 1.3 Empty function 1.3.1X86 1.3.2ARM 1122355666 1.3.3M|Ps 1.3.4 Empty functions in practice 1. 4 Returning value 1.4.1×86 1.4.2ARM 1.4.3M|PS 1.4.4 In practice 1.5 Hello, world! 1.5.1×86 1.5.2X86-64 1.5.3 GCC-one more thing 18 1.5,4ARM 1.5.5M|Ps 25 15. 6 Conclusion 30 1.5.7 Exercises 30 1.6 Function prologue and epilogue 30 1.6.1 Recursion 30 1.7 Stack .30 1.7.1 Why does the stack grow backwards? 31 1.7.2 What is the stack used for? 31 1.7.3 A typical stack layout 盖1 38 1.7. 4 Noise in stack 38 1.7.5 Exercises 1.8 printf() with several arguments ,42 1.8.1×86 1.8.2ARM 53 1.8.3M|Ps 59 18. 4 Conclusion 65 1.8.5 By the way 66 1.9 scant 66 1.9.1 Simple example ,,66 1.9.2 Popular mistake 1.9.3 Global variables 76 19.4 scant().. 85 1.9.5 Exercise 97 1.10 Accessing passed arguments ,98 1.10.1x86 ,,,,,,,,,,,,98 1.10.2x64 100 1.10.3ARM 103 1.10.4M|Ps 106 1.11 More about results returning 107 1.1l. 1 Attempt to use the result of a function returning void 107 1.11. 2What if we do not use the function result? ,,,,,,109 1.11.rEturning a structure 109 CONTENTS 1.12 Pointers ,110 1.12. 1 Swap input values ...110 1.12.2 Returning values 111 1.13GOTO operator 1.13. 1 Dead code ,,124 1.13.eXercise 125 1.14 Conditional jumps 11面 125 1. 14. 1 Simple example ■1 125 1.14. 2 Calculating absolute value 142 1.14.3Ternary conditional operator 144 1.14. 4 Getting minimal and maximal values .147 1.14.cOnclusion ,,,,,152 1.14.6 Exercise,,,,,,,,,,,,,,,,,,,,,,, 1■ ,,,,,,,153 1.15switchO/case/default 154 1.15. 1 Small number of cases 154 1.15.2A lot of cases 167 1.15.3When there are several case statements in one block .179 1.15.4 Fall-through 183 1.15.eXercises 184 1. 16Loops 185 1.16. 1Simple example 11_ 185 1.16.2 Memory blocks copying routine 196 1.16. 3 Conclusion ,,,,,199 1.16, eXercises 200 1.17 More about strings 201 1.17.strlen() ...201 1.17.2 Boundaries of strings 212 1.18 Replacing arithmetic instructions to other ones 212 1. 18. 1 Multiplication 212 1.18.2 Division,,,,,,,,,,,,,,, 217 118, eXercise 218 1.19 Floating-point unit 218 1.19.1|EEE754 218 1.19.2×86 218 1.19.3ARM,M|PS,×86/64S|MD 219 1.19.4CC++ 219 1.19. sImple example 219 1.19. 6 Passing floating point numbers via arguments ,,,,,,,,,,,230 1.19. 7 Comparison example 3 1.19.8Some constants .267 1.19. 9 Copying 267 119.1 tack, calculators and reverse polish notation 267 1.19.1X64 267 1.19.eXercises 267 1.20Arrays 268 1. 20. 1 Simple example 1盖 268 1.20.2 Buffer overflow 275 1.20. 3 Buffer overflow protection methods ...283 1.20. 4One more word about arrays 286 1.20. aRray of pointers to strings 287 1.20.mUltidimensional arrays 293 1.20. 7 Pack of strings as a two-dimensional array 300 1.20. 8Conclusion ■1重 ,,,,,304 1.21 By the way 304 1.21. 1 Exercises 304 1. 22 Manipulating specific bit(s) ...304 1. 22.sPecific bit checking 304 1.22.sEtting and clearing specific bits 308 1.22, Shifts 317 1.22.4Setting and clearing specific bits: FPU example ,,,,,,,,,317 1. 22.5 Counting bits set to 1 322 1.22, 6 Conclusion 337 1.22.eXercises 339 1 Floating-point unit CONTENTS 1.23 Linear congruential generator 339 1.23.1x86. ...340 1.23.2×64 341 1.23.332- bit arm 341 23.4M|PS ■1■■1 ,,342 1.23. 5 Thread-safe version of the example 344 1.24 Structures 345 1.24.1MSVC: SYSTEMTIME example 345 1. 24.2Let's allocate space for a structure using malloc() 349 1.24.UNIX: struct tm .351 1. 24. 4 Fields packing in structure 360 1.25.1 Pseudo-random number generator exam∵’,`∵; 1.24. Nested structures ,,,,,367 1.24, 6Bit fields in a structure ■1 370 1.24.eXercises 377 1.25nions ..,,377 377 1. 25. 2 Calculating machine epsilon .381 1.26 FSCALE replacement 383 1. 26. 1 Fast square root calculation ....385 1.27 Pointers to functions 385 1.27.1MsVC 386 1.27,2GCC,, 393 1.27. 3 Danger of pointers to functions .,,.,,397 1.28 64-bit values in 32-bit environment 397 1.28.1 Returning of 64-bit value 397 1. 28.2Arguments passing, addition, subtraction .398 1. 28.mUltiplication, division 401 1.28. 4 Shifting right 405 1.28. 5 Converting 32-bit value into 64-bit one 406 1.29s|MD,, ,407 1.291 Vectorization 408 1.29.2SMD strlen() implementation 417 1.3064bits .421 1.30.1x86-64 421 1.30.2ARM 427 1. 30. 3 Float point numbers ,,428 1.30, 464-bit architecture criticism 428 1.31 Working with floating point numbers using SIMD ,,,428 1. 31. 1 Simple example.,..... 428 1.31.2 Passing floating point number via arguments .436 1.31.3 Comparison example 437 1.31. 4 Calculating machine epsilon: 64 and SIMD 1.31.5Pseudo-random number generator example revisited 439 440 1.31. sUmmary 440 1.32ARM-specific details ,,,441 1.32. Number sign (#)before number 441 1.32. Addressing modes 441 1.32. Loading a constant into a register .442 132. 4 Relocs in aRM64 444 1.33 MIPS-specific details 445 1.33.lOading a 32-bit constant into register 445 1.33.2 Further reading about mips 447 2 Important fundamentals 448 2.1 Integral datatypes 449 2.1.1Bit 449 2.1.2 Nibble aka nybble 449 2.1.3 Byte 450 2.1.4 Wide char ,450 2.1.5 Signed integer vs unsigned 451 2.1.6 Word 451 2.1.7 Address register 452 2.1.8 Numbers ■■ 452 2.2 Signed number representations 454 CONTENTS 2.2.1 Using IMUL over MUL ,,456 2.2.2 Couple of additions about two's complement form .456 2.3 AND 45 2.3.1 Checking if a value is on 2" boundary 457 2.3.2 KOl-8R Cyrillic encoding ■1■■ ,,458 2. 4 AND and or as subtraction and addition ,459 2.4.1 ZX Spectrum ROM text strings 459 2.5 XOR(exclusive OR) ■1 461 2.5.1 Everyday speech 461 2.5.2 Encryption .461 2.5.3RAID24 .461 2.5.4 XOR swap algorith ,,,,,461 2.5.5 XOR linked list ,,,,,,,462 2.5.6 By the way 462 2.5.7 AND/OR/XOR as MOV ..,,463 2.6 Population count 463 2.7 Endianness .463 2.7.1 Big-endian 463 2.7.2 Little-endian .464 2.7.3 Example 464 2.7,4Bi- endian,,,,,,, 464 2.7.5 Converting data ,,,,,,,,,464 2.8 Memory ,,,,,,465 2.9 CPU 465 2.9.1 Branch predictors 465 2.9.2 Data dependencies .465 2.10 Hash functions 465 2. 10.1 How do one-way functions work? 466 3 Slightly more advanced examples 67 3.1 Double negation ...467 3.2 strstr(example .468 3.3 Temperature converting 468 3.3.1 Integer values 468 3.3.2 Floating-point values 470 3. 4 Fibonacci numbers ■1 ,,,,,472 3.4.1 Example #1 473 3.4.2 Example #2 476 3.4.3 Summary 480 3.5 CRC32 calculation example 481 3.6 Network address calculation example 484 3.6.1 calc network address 485 3.6.2 form IPO 485 3.6.3 print as IP( 487 3.6.4 form netmask( and set bito 488 3.6.5 Summary 489 3.7 Loops: several iterators 489 3.7.1 Three iterators 489 3.7.2 TWo iterators,,,,,,,,,,,,, 490 3.7.3 Intel c++2011 case 492 3. 8 Duff's device ,493 3.8.1 Should one use unrolled loops? 496 3. 9 Division using multiplication 496 3.9.1X86 496 3.9.2 How it works 497 3.9.3ARM 497 3.9.4M|PS 499 3.9.5 Exercise 499 3.10 String to number conversion (atoi() ,,499 3. 10. 1 Simple example 499 3.10.2A slightly advanced example .503 3.10.eXercise 505 3.11 Inline functions ■■ 506 Redundant array of Independent disks VIl CONTENTS 3. 11. 1 Strings and memory functions 506 3.12C99 restrict …514 3.13 Branchless abs( function 517 3.13. oPtimizing gcc4.9.1 X64 517 3.13.oPtimizing gcc 4.9 ARM64 ■1■■ 18 51 3.14Variadic functions 518 3.14. 1 Computing arithmetic mean 518 3. 14.2vprintfo function case 522 3.143 Pin case 523 3. 14.4 Format string exploit 524 3.15 Strings trimming 525 3.15.1X64: Optimizing Msvc 2013 ,,,,,525 3.15. 2X64: Non-optimizing gcc 4.9.1 ,,,,,,,527 3.15.3X64: Optimizing GCC 4.9.1 528 3.15. 4ARM64: Non-optimizing GCC (Linaro)4.9 ,,,,529 3.15.5ARM64: Optimizing GCC(Linaro)4.9 530 3.15.6ARM: Optimizing Keil 6/2013(ARM mode) .531 3.15. 7ARM: Optimizing Keil 6/2013(Thumb mode 531 3.15.8M|PS .532 3.16toupper( function 533 3.16.1×64 534 3.16.2ARM ,535 3.16.3Summary ,,,,,,537 3. obFuscation L■■ 537 3. 17.IText strings 537 3.17.2 Executable code .537 3.17.vIrtual machine / pseudo-code 539 3.17.4other things to mention 539 3.17,eXercise 539 3.18C++ 540 3.18.1 Classes 540 3.18. 2ostream 556 3.18. rEferences .557 3.18.4sTL. 558 3.18.mEmory 591 3.19 Negative array indices ,,592 3.19. 1Addressing string from the end 592 3.19.2Addressing some kind of block from the end 592 3.19. 3Arrays started at 1 593 3.20 Packing 12-bit values into array .595 3.20.1Introduction 595 3.20. 2Data structure 595 3.20.3The algorithm 596 3.20. 4The c/C++ code 596 3.20.5How it works ,,,,598 3.20. oPtimizing GCC 4.8.2 for x86-64 599 3.20. oPtimizing Keil 5.05 (Thumb mode) 601 3. 20. oPtimizing Keil 5.05(ARM mode 604 3.20.9(32-bit ARM)Comparison of code density in Thumb and ARM modes 605 3.20.oPtimizing GCC 4.9.3 for ARM64 605 3.20.optimizing GCC 4.4.5 for MIPS 607 3.20.1 Difference from the real fatl2 609 3.20.1Bxercise ■1重 610 3.20.summary 610 3.20. conclusion 610 3.21 More about pointers ...610 3.21.1 Working with addresses instead of pointers .611 3.21. 2 Passing values as pointers; tagged unions 613 3.21.3 Pointers abuse in windows kerne 614 3.21. 4Null pointers 618 3.21. 5Array as function argument 622 3.21. 6 Pointer to function 623 3.21. 7Pointer as object identificator .623 3.22 Loop optimizations 624 CONTENTS 3.22. 1 Weird loop optimization 624 3.22. 2Another loop optimization ....626 3.23 More about structures 628 3.23.1 Sometimes a C structure can be used instead of array 628 3.23.2 Unsized array in c structure ■1■■1 629 3.23,vErsion of c structure 630 3.23. 4High-score file in "Block out"game and primitive serialization............ 632 3.24 memmove()and memcpy( 636 3. 24. Anti-debugging trick 637 3.25setjmp/longjmp 638 3.26 Other weird stack hacks 640 3.26.1Accessing arguments/local variables of caller ,,,,,,,,,,,640 3.26.2 Returning string ,,,,,,,642 3.27OpenMP 643 3.27,1MsVC 645 3.27,2GCC 647 3.28 Another heisenbug 648 3.29 Windows 16-bit 649 3.29. EXample#l .650 3.29. 2 Example #2 650 3.29.3 Examp|e#3 3294 Example#4∵ 651 ,,,,,,,,,.,,,652 3.29. 5 Example #5 ,,,,,654 3.29. eXAmple #6 1■ 658 4 Java 661 4.1 Java 661 4.1.1 Introduction ,,,,,,661 4.1.2 Returning a value 661 4.1.3 Simple calculating functions 666 4.1.4 JVM memory model ......668 4.1.5 Simple function calling .669 4.1.6 Calling beep( 670 4.1.7 Linear congruential PrnG 671 4.1.8 Conditional jumps 672 4.1. 9 Passing arguments ■ ,,,,,674 41.10Bitfields 675 4.1.loOps 676 4.1. 12switchO ...678 4.1.13Arrays 679 4.1. 14Strings 1 .687 4.1. EXceptions ..... 689 4.1.16 Classe5,,, ,,,,,,692 4.1.17Simple patching 694 4.1.18Summary 699 5 Finding important/interesting stuff in the code 700 5.1 dentification of executable files ■1面1 1■1 700 5.1.1 Microsoft Visual c++ 700 5.1.2GCC ,,,,,,,,,,,,,,,701 5.1.3 Intel fortran .701 5.1.4 Watcom, OpenWatcom 701 5.1.5 Borland 702 5.1.6 Other known dlls ,,,,,,703 5.3 Communication with the outer world(win vel) 5.2 Communication with outer world (function le ,,703 703 5.3.1 Often used functions in the windows ap ,,704 5.3.2 EXtending trial period 704 5.3.3 Removing nag dialog box 704 5.3.4 tracer: Intercepting all functions in specific module 704 5. 4 Strings 705 5. 4.1 Text strings ,,,,,,,705 JAva virtual machine PSeudorandom number generator

...展开详情
试读 127P [逆向工程权威指南英文版]Reverse Engineering for Beginners 英文高清完整.pdf版下载
立即下载 低至0.43元/次 身份认证VIP会员低至7折
    一个资源只可评论一次,评论内容不能少于5个字
    haigems 好东西啊, 找了好久才找到, 多谢楼主分享……
    2018-07-27
    回复
    thenextforever 非常不错的书 5分
    2018-03-21
    回复
    最老程序员闫涛 正是要找的资源
    2017-11-17
    回复
    binarystar2006 非常不错的书 5分 确实是高清不是扫描的
    2017-10-25
    回复
    weiqutu5848 非常不错的书 5分
    2017-09-05
    回复
    bluesea_235 good very nice
    2017-08-03
    回复
    gqtang 很不错的资源
    2017-06-17
    回复
    关注 私信 TA的资源
    上传资源赚积分,得勋章
    最新推荐
    [逆向工程权威指南英文版]Reverse Engineering for Beginners 英文高清完整.pdf版下载 50积分/C币 立即下载
    1/127
    [逆向工程权威指南英文版]Reverse Engineering for Beginners 英文高清完整.pdf版下载第1页
    [逆向工程权威指南英文版]Reverse Engineering for Beginners 英文高清完整.pdf版下载第2页
    [逆向工程权威指南英文版]Reverse Engineering for Beginners 英文高清完整.pdf版下载第3页
    [逆向工程权威指南英文版]Reverse Engineering for Beginners 英文高清完整.pdf版下载第4页
    [逆向工程权威指南英文版]Reverse Engineering for Beginners 英文高清完整.pdf版下载第5页
    [逆向工程权威指南英文版]Reverse Engineering for Beginners 英文高清完整.pdf版下载第6页
    [逆向工程权威指南英文版]Reverse Engineering for Beginners 英文高清完整.pdf版下载第7页
    [逆向工程权威指南英文版]Reverse Engineering for Beginners 英文高清完整.pdf版下载第8页
    [逆向工程权威指南英文版]Reverse Engineering for Beginners 英文高清完整.pdf版下载第9页
    [逆向工程权威指南英文版]Reverse Engineering for Beginners 英文高清完整.pdf版下载第10页
    [逆向工程权威指南英文版]Reverse Engineering for Beginners 英文高清完整.pdf版下载第11页
    [逆向工程权威指南英文版]Reverse Engineering for Beginners 英文高清完整.pdf版下载第12页
    [逆向工程权威指南英文版]Reverse Engineering for Beginners 英文高清完整.pdf版下载第13页
    [逆向工程权威指南英文版]Reverse Engineering for Beginners 英文高清完整.pdf版下载第14页
    [逆向工程权威指南英文版]Reverse Engineering for Beginners 英文高清完整.pdf版下载第15页
    [逆向工程权威指南英文版]Reverse Engineering for Beginners 英文高清完整.pdf版下载第16页
    [逆向工程权威指南英文版]Reverse Engineering for Beginners 英文高清完整.pdf版下载第17页
    [逆向工程权威指南英文版]Reverse Engineering for Beginners 英文高清完整.pdf版下载第18页
    [逆向工程权威指南英文版]Reverse Engineering for Beginners 英文高清完整.pdf版下载第19页
    [逆向工程权威指南英文版]Reverse Engineering for Beginners 英文高清完整.pdf版下载第20页

    试读已结束,剩余107页未读...

    50积分/C币 立即下载 >