Verfügbarkeit: Reversing :: THWS Bibkatalog

Reversing: secrets of reverse engineering

Gespeichert in:

Bibliographische Detailangaben
1. Verfasser:	Eilam, Eldad (VerfasserIn)
Format:	Buch
Sprache:	English
Veröffentlicht:	Indianapolis, IN Wiley 2005
Schlagworte:	Génie logiciel Rétro-ingénierie Sécurité informatique Software engineering Reverse engineering Computer security Reverse Engineering Software Engineering
Online-Zugang:	Contributor biographical information Publisher description Table of contents Inhaltsverzeichnis
Beschreibung:	Includes index.
Beschreibung:	XXVIII, 589 S. graph. Darst. 24 cm
ISBN:	0764574817 9780764574818

Internformat

MARC


LEADER	00000nam a2200000zc 4500
001	BV021627460
003	DE-604
005	20140827
007	t
008	060623s2005 xxud\|\|\| \|\|\|\| 00\|\|\| eng d
010			\|a 2005921595
020			\|a 0764574817 \|c pbk. \|9 0-7645-7481-7
020			\|a 9780764574818 \|9 978-0-7645-7481-8
035			\|a (OCoLC)60359199
035			\|a (DE-599)BVBBV021627460
040			\|a DE-604 \|b ger \|e aacr
041	0		\|a eng
044			\|a xxu \|c US
049			\|a DE-91G \|a DE-634 \|a DE-11 \|a DE-Aug4 \|a DE-706 \|a DE-29T \|a DE-1043
050		0	\|a QA76.758
082	0		\|a 005.1 \|2 22
084			\|a ST 230 \|0 (DE-625)143617: \|2 rvk
084			\|a ST 277 \|0 (DE-625)143643: \|2 rvk
084			\|a ZG 9144 \|0 (DE-625)156030: \|2 rvk
084			\|a DAT 310f \|2 stub
100	1		\|a Eilam, Eldad \|e Verfasser \|4 aut
245	1	0	\|a Reversing \|b secrets of reverse engineering \|c Eldad Eilam
264		1	\|a Indianapolis, IN \|b Wiley \|c 2005
300			\|a XXVIII, 589 S. \|b graph. Darst. \|c 24 cm
336			\|b txt \|2 rdacontent
337			\|b n \|2 rdamedia
338			\|b nc \|2 rdacarrier
500			\|a Includes index.
650		4	\|a Génie logiciel
650		4	\|a Rétro-ingénierie
650		4	\|a Sécurité informatique
650		4	\|a Software engineering
650		4	\|a Reverse engineering
650		4	\|a Computer security
650	0	7	\|a Reverse Engineering \|0 (DE-588)4391935-2 \|2 gnd \|9 rswk-swf
650	0	7	\|a Software Engineering \|0 (DE-588)4116521-4 \|2 gnd \|9 rswk-swf
689	0	0	\|a Software Engineering \|0 (DE-588)4116521-4 \|D s
689	0	1	\|a Reverse Engineering \|0 (DE-588)4391935-2 \|D s
689	0		\|5 DE-604
856	4		\|u http://www.loc.gov/catdir/enhancements/fy0628/2005921595-b.html \|3 Contributor biographical information
856	4		\|u http://www.loc.gov/catdir/enhancements/fy0628/2005921595-d.html \|3 Publisher description
856	4		\|u http://www.loc.gov/catdir/enhancements/fy0628/2005921595-t.html \|3 Table of contents
856	4	2	\|m GBV Datenaustausch \|q application/pdf \|u http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=014842419&sequence=000001&line_number=0001&func_code=DB_RECORDS&service_type=MEDIA \|3 Inhaltsverzeichnis
999			\|a oai:aleph.bib-bvb.de:BVB01-014842419

Datensatz im Suchindex

_version_	1804135423210946560
adam_text	REVERSING: SECRETS OF REVERSE ENGINEERING ELDAD EILAM WILEY WILEY PUBLISHING, INC. CONTENTS FOREWORD ACKNOWLEDGMENTS INTRODUCTION PARTI CHAPTER 1 REVERSING 101 FOUNDATIONS WHAT IS REVERSE ENGINEERING? SOFTWARE REVERSE ENGINEERING: REVERSING REVERSING APPLICATIONS SECURITY-RELATED REVERSING MALICIOUS SOFTWARE REVERSING CRYPTOGRAPHIC ALGORITHMS DIGITAL RIGHTS MANAGEMENT AUDITING PROGRAM BINARIES REVERSING IN SOFTWARE DEVELOPMENT ACHIEVING INTEROPERABILITY WITH PROPRIETARY SOFTWARE DEVELOPING COMPETING SOFTWARE EVALUATING SOFTWARE QUALITY AND ROBUSTNESS LOW-LEVEL SOFTWARE ASSEMBLY LANGUAGE COMPILERS VIRTUAL MACHINES AND BYTECODES OPERATING SYSTEMS VII XI XXIII 1 3 3 4 4 5 5 6 7 7 8 8 8 9 9 10 11 12 13 XI XIV CONTENTS THE REVERSING PROCESS 13 SYSTEM-LEVEL REVERSING 14 CODE-LEVEL REVERSING 14 THE TOOLS 14 SYSTEM-MONITORING TOOLS 15 DISASSEMBLERS 15 DEBUGGERS 15 DECOMPILERS 16 IS REVERSING LEGAL? 17 INTEROPERABILITY 17 COMPETITION 18 COPYRIGHT LAW 19 TRADE SECRETS AND PATENTS 20 THE DIGITAL MILLENIUM COPYRIGHT ACT 20 DMCA CASES 22 LICENSE AGREEMENT CONSIDERATIONS 23 CODE SAMPLES & TOOLS 23 CONCLUSION 23 CHAPTER 2 LOW-LEVEL SOFTWARE 25 HIGH-LEVEL PERSPECTIVES 26 PROGRAM STRUCTURE 26 MODULES 28 COMMON CODE CONSTRUCTS 28 DATA MANAGEMENT 29 VARIABLES 30 USER-DEFINED DATA STRUCTURES 30 LISTS 31 CONTROL FLOW 32 HIGH-LEVEL LANGUAGES 33 C 34 C++ 35 JAVA 36 C# 36 LOW-LEVEL PERSPECTIVES 37 LOW-LEVEL DATA MANAGEMENT 37 REGISTERS 39 THE STACK 40 HEAPS 42 EXECUTABLE DATA SECTIONS 43 CONTROL FLOW 43 ASSEMBLY LANGUAGE 101 44 REGISTERS 44 FLAGS 46 INSTRUCTION FORMAT 47 BASIC INSTRUCTIONS 48 MOVING DATA 49 ARITHMETIC 49 COMPARING OPERANDS 50 CONTENTS XV CONDITIONAL BRANCHES 51 FUNCTION CALLS 51 EXAMPLES 52 A PRIMER ON COMPILERS AND COMPILATION 53 DEFINING A COMPILER 54 COMPILER ARCHITECTURE 55 FRONT END 55 INTERMEDIATE REPRESENTATIONS 55 OPTIMIZER 56 BACK END 57 LISTING FILES 58 SPECIFIC COMPILERS 59 EXECUTION ENVIRONMENTS 60 SOFTWARE EXECUTION ENVIRONMENTS (VIRTUAL MACHINES) 60 BYTECODES 61 INTERPRETERS 61 JUST-IN-TIME COMPILERS 62 REVERSING STRATEGIES 62 HARDWARE EXECUTION ENVIRONMENTS IN MODERN PROCESSORS 63 INTEL NETBURST 65 UOPS (MICRO-OPS) 65 PIPELINES 65 BRANCH PREDICTION 67 CONCLUSION 68 CHAPTER 3 WINDOWS FUNDAMENTALS 69 COMPONENTS AND BASIC ARCHITECTURE 70 BRIEF HISTORY 70 FEATURES 70 SUPPORTED HARDWARE 71 MEMORY MANAGEMENT 71 VIRTUAL MEMORY AND PAGING 72 PAGING 73 PAGE FAULTS 73 WORKING SETS 74 KERNEL MEMORY AND USER MEMORY 74 THE KERNEL MEMORY SPACE 75 SECTION OBJECTS 77 VAD TREES 78 USER-MODE ALLOCATIONS 78 MEMORY MANAGEMENT APIS 79 OBJECTS AND HANDIES 80 NAMED OBJECTS 81 PROCESSES AND THREADS 83 PROCESSES 84 THREADS 84 CONTEXT SWITCHING 85 SYNCHRONIZATION OBJECTS 86 PROCESS INITIALIZATION SEQUENCE 87 XVI CONTENTS APPLICATION PROGRAMMING INTERFACES 88 THE WIN32 API 88 THE NATIVE API 90 SYSTEM CALLING MECHANISM 91 EXECUTABLE FORMATS 93 BASIC CONCEPTS 93 IMAGE SECTIONS 95 SECTION ALIGNMENT 95 DYNAMICALLY LINKED LIBRARIES 96 HEADERS 97 IMPORTS AND EXPORTS 99 DIRECTORIES 99 LNPUT AND OUTPUT 103 THE I/O SYSTEM 103 THE WIN32 SUBSYSTEM 104 OBJECT MANAGEMENT 105 STRUCTURED EXCEPTION HANDLING 105 CONCLUSION 107 CHAPTER 4 REVERSING TOOLS 109 DIFFERENT REVERSING APPROACHES 110 OFFLINE CODE ANALYSIS (DEAD-LISTING) 110 LIVE CODE ANALYSIS 110 DISASSEMBLERS 110 IDA PRO 112 ILDASM 115 DEBUGGERS 116 USER-MODE DEBUGGERS 118 OLLYDBG 118 USER DEBUGGING IN WINDBG 119 IDA PRO 121 PEBROWSE PROFESSIONAL INTERACTIVE 122 KERNEL-MODE DEBUGGERS 122 KERNEL DEBUGGING IN WINDBG 123 NUMEGA SOFTICE 124 KERNEL DEBUGGING ON VIRTUAL MACHINES 127 DECOMPILERS 129 SYSTEM-MONITORING TOOLS 129 PATCHING TOOLS 131 HEX WORKSHOP 131 MISCELLANEOUS REVERSING TOOLS 133 EXECUTABLE-DUMPING TOOLS 133 DUMPBIN 133 PEVIEW 137 PEBROWSE PROFESSIONAL 137 CONCLUSION 138 CONTENTS XVII PART II APPLIED REVERSING CHAPTER 5 BEYOND THE DOCUMENTATION REVERSING AND INTEROPERABILITY LAYING THE GROUND RULES LOCATING UNDOCUMENTED APIS WHAT ARE WE LOOKING FOR? CASE STUDY: THE GENERIC TABLE API IN NTDLL.DLL RTLLNITIALIZEGENERICTABLE RTLNUMBERGENERICTABLEELEMENTS RTLLSGENERICTABLEEMPTY RTLGETELEMENTGENERICTABLE SETUP AND INITIALIZATION LOGIC AND STRUCTURE SEARCH LOOP 1 SEARCH LOOP 2 SEARCH LOOP 3 SEARCH LOOP 4 RECONSTRUCTING THE SOURCE CODE RTLLNSERTELEMENTGENERICTABLE RTLLOCATENODEGENERICTABLE RTLREALLNSERTELEMENTWORKER SPLAY TREES RTLLOOKUPELEMENTGENERICTABLE RTLDELETEELEMENTGENERICTABLE PUTTING THE PIECES TOGETHER CONCLUSION CHAPTER 6 DECIPHERING FILE FORMATS CRYPTEX USING CRYPTEX REVERSING CRYPTEX THE PASSWORD VERIFICATION PROCESS CATCHING THE BAD PASSWORD MESSAGE THE PASSWORD TRANSFORMATION ALGORITHM HASHING THE PASSWORD THE DIRECTORY LAYOUT ANALYZING THE DIRECTORY PROCESSING CODE ANALYZING A FILE ENTRY DUMPING THE DIRECTORY LAYOUT THE FILE EXTRACTION PROCESS SCANNING THE FILE LIST DECRYPTING THE FILE THE FLOATING-POINT SEQUENCE THE DECRYPTION LOOP VERIFYING THE HASH VALUE THE BIG PICTURE DIGGING DEEPER CONCLUSION 139 141 142 142 143 144 145 146 151 152 153 155 159 161 163 164 165 165 168 170 178 187 188 193 194 196 199 200 201 202 207 207 210 213 218 218 223 227 228 234 235 236 238 239 239 241 242 XVIII CONTENTS CHAPTER 7 AUDITING PROGRAM BINARIES 243 DEFINING THE PROBLEM 243 VULNERABILITIES 245 STACK OVERFLOWS 245 A SIMPLE STACK VULNERABILITY 247 INTRINSIC IMPLEMENTATIONS 249 STACK CHECKING 250 NONEXECUTABLE MEMORY 254 HEAP OVERFLOWS 255 STRING FILTERS 256 INTEGER OVERFLOWS 256 ARITHMETIC OPERATIONS ON USER-SUPPLIED INTEGERS 258 TYPE CONVERSION ERRORS 260 CASE-STUDY: THE IIS INDEXING SERVICE VULNERABILITY 262 CVARIABLESET::ADDEXTENSIONCONTROLBLOCK 263 DECODEURLESCAPES 267 CONCLUSION 271 CHAPTER 8 REVERSING MAL WAERE 273 TYPES OF MALWARE 274 VIRUSES 274 WORMS 274 TROJAN HORSES 275 BACKDOORS 276 MOBILE CODE 276 ADWARE/SPYWARE 276 STICKY SOFTWARE 277 FUTURE MALWARE 278 INFORMATION-STEALING WORMS 278 BIOS/FIRMWARE MALWARE 279 USES OF MALWARE 280 MALWARE VULNERABILITY 281 POLYMORPHISM 282 METAMORPHISM 283 ESTABLISHING A SECURE ENVIRONMENT 285 THE BACKDOOR.HACARMY.D 285 UNPACKING THE EXECUTABLE 286 INITIAL IMPRESSIONS 290 THE INITIAL INSTALLATION 291 INITIALIZING COMMUNICATIONS 294 CONNECTING TO THE SERVER 296 JOINING THE CHANNEL 298 COMMUNICATING WITH THE BACKDOOR 299 RUNNING SOCKS4 SERVERS 303 CLEARING THE CRIME SCENE 303 THE BACKDOOR.HACARMY.D: A COMMAND REFERENCE 304 CONCLUSION 306 CONTENTS XIX PART III CHAPTER 9 CHAPTER 10 CRACKING PIRACY AND COPY PROTECTION COPYRIGHTS IN THE NEW WORLD THE SOCIAL ASPECT SOFTWARE PIRACY DEFINING THE PROBLEM CLASS BREAKS REQUIREMENTS THE THEORETICALLY UNCRACKABLE MODEL TYPES OF PROTECTION MEDIA-BASED PROTECTIONS SERIAL NUMBERS CHALLENGE RESPONSE AND ONLINE ACTIVATIONS HARDWARE-BASED PROTECTIONS SOFTWARE AS A SERVICE ADVANCED PROTECTION CONCEPTS CRYPTO-PROCESSORS DIGITAL RIGHTS MANAGEMENT DRM MODELS THE WINDOWS MEDIA RIGHTS MANAGER SECURE AUDIO PATH WATERMARKING TRUSTED COMPUTING ATTACKING COPY PROTECTION TECHNOLOGIES CONCLUSION ANTIREVERSING TECHNIQUES WHY ANTIREVERSING? BASIC APPROACHES TO ANTIREVERSING ELIMINATING SYMBOLIC INFORMATION CODE ENCRYPTION ACTIVE ANTIDEBUGGER TECHNIQUES DEBUGGER BASICS THE ISDEBUGGERPRESENT API SYSTEMKERNELDEBUGGERMFORMATION DETECTING SOFTICE USING THE SINGLE-STEP INTERRUPT THE TRAP FLAG CODE CHECKSUMS CONFUSING DISASSEMBLERS LINEAR SWEEP DISASSEMBLERS RECURSIVE TRAVERSAL DISASSEMBLERS APPLICATIONS CODE OBFUSCATION CONTROL FLOW TRANSFORMATIONS OPAQUE PREDICATES CONFUSING DECOMPILERS TABLE INTERPRETATION 307 309 309 310 310 311 312 313 314 314 314 315 315 316 317 318 318 319 320 321 321 321 322 324 324 327 327 328 329 330 331 331 332 333 334 335 335 336 337 338 343 344 346 346 348 348 XX CONTENTS INLINING AND OUTLINING 353 INTERLEAVING CODE ORDERING TRANSFORMATIONS 355 DATA TRANSFORMATIONS 355 MODIFYING VARIABLE ENCODING 355 RESTRUCTURING ARRAYS 35 CONCLUSION 356 CHAPTER 11 BREAKING PROTECTIONS 357 PATCHING 358 * %4 KEYGENNMG RIPPING KEY-GENERATION ALGORITHMS 365 ADVANCED CRACKING: DEFENDER 370 REVERSING DEFENDER S INITIALIZATION ROUTINE 377 ANALYZING THE DECRYPTED CODE 387 SOFTICE S DISAPPEARANCE 39 REVERSING THE SECONDARY THREAD 396 DEFEATING THE KILLER THREAD 3 LOADING KERNEL32.DLL 400 4.01 REENCRYPTING THE FUNCTION ^ UL BACK AT THE ENTRY POINT 402 PARSING THE PROGRAM PARAMETERS 404 PROCESSING THE USERNAME 406 VALIDATING USER INFORMATION 407 UNLOCKING THE CODE 409 BRUTE-FORCING YOUR WAY THROUGH DEFENDER 4 09 PROTECTION TECHNOLOGIES IN DEFENDER 4I5 LOCALIZED FUNCTION-LEVEL ENCRYPTION 4I5 RELATIVELY STRONG CIPHER BLOCK CHAINING 4 15 41 F) REENCRYPTING OBFUSCATED APPLICATION/OPERATING SYSTEM INTERFACE 416 PROCESSOR TIME-STAMP VERIFICATION THREAD 4I7 RUNTIME GENERATION OF DECRYPTION KEYS 418 4.18 INTERDEPENDENT KEYS USER-INPUT-BASED DECRYPTION KEYS 419 HEAVY INLINING CONCLUSION PART IV BEYOND DISASSEMBLY 421 CHAPTER 12 REVERSING.NET ^ GROUND RULES 424 .NET BASICS 426 MANAGED CODE .NET PROGRAMMING LANGUAGES 428 COMMON TYPE SYSTEM (CTS) 428 INTERMEDIATE LANGUAGE (IL) THE EVALUATION STACK 430 ACTIVATION RECORDS 430 CONTENTS XXI CHAPTER 13 APPENDIX A APPENDIX B APPENDIX C INDEX IL INSTRUCTIONS IL CODE SAMPLES COUNTING ITEMS A LINKED LIST SAMPLE DECOMPILERS OBFUSCATORS RENAMING SYMBOLS CONTROL FLOW OBFUSCATION BREAKING DECOMPILATION AND DISASSEMBLY REVERSING OBFUSCATED CODE XENOCODE OBFUSCATOR DOTFUSCATOR BY PREEMPTIVE SOLUTIONS REMOTESOFT OBFUSCATOR AND LINKER REMOTESOFT PROTECTOR PRECOMPILED ASSEMBLIES ENCRYPTED ASSEMBLIES CONCLUSION DECOMPILATION NATIVE CODE DECOMPILATION: AN UNSOLVABLE PROBLEM? TYPICAL DECOMPILER ARCHITECTURE INTERMEDIATE REPRESENTATIONS EXPRESSIONS AND EXPRESSION TREES CONTROL FLOW GRAPHS THE FRONT END SEMANTIC ANALYSIS GENERATING CONTROL FLOW GRAPHS CODE ANALYSIS DATA-FLOW ANALYSIS SINGLE STATIC ASSIGNMENT (SSA) DATA PROPAGATION REGISTER VARIABLE IDENTIFICATION DATA TYPE PROPAGATION TYPE ANALYSIS PRIMITIVE DATA TYPES COMPLEX DATA TYPES CONTROL FLOW ANALYSIS FINDING LIBRARY FUNCTIONS THE BACK END REAL-WORLD IA-32 DECOMPILATION CONCLUSION DECIPHERING CODE STRUCTURES UNDERSTANDING COMPILED ARITHMETIC DECIPHERING PROGRAM DATA 430 433 433 436 443 444 444 444 444 445 446 448 451 452 453 453 455 457 457 459 459 461 462 463 463 464 466 466 467 468 470 471 472 472 473 475 475 476 477 477 479 519 537 561
adam_txt	REVERSING: SECRETS OF REVERSE ENGINEERING ELDAD EILAM WILEY WILEY PUBLISHING, INC. CONTENTS FOREWORD ACKNOWLEDGMENTS INTRODUCTION PARTI CHAPTER 1 REVERSING 101 FOUNDATIONS WHAT IS REVERSE ENGINEERING? SOFTWARE REVERSE ENGINEERING: REVERSING REVERSING APPLICATIONS SECURITY-RELATED REVERSING MALICIOUS SOFTWARE REVERSING CRYPTOGRAPHIC ALGORITHMS DIGITAL RIGHTS MANAGEMENT AUDITING PROGRAM BINARIES REVERSING IN SOFTWARE DEVELOPMENT ACHIEVING INTEROPERABILITY WITH PROPRIETARY SOFTWARE DEVELOPING COMPETING SOFTWARE EVALUATING SOFTWARE QUALITY AND ROBUSTNESS LOW-LEVEL SOFTWARE ASSEMBLY LANGUAGE COMPILERS VIRTUAL MACHINES AND BYTECODES OPERATING SYSTEMS VII XI XXIII 1 3 3 4 4 5 5 6 7 7 8 8 8 9 9 10 11 12 13 XI XIV CONTENTS THE REVERSING PROCESS 13 SYSTEM-LEVEL REVERSING 14 CODE-LEVEL REVERSING 14 THE TOOLS 14 SYSTEM-MONITORING TOOLS 15 DISASSEMBLERS 15 DEBUGGERS 15 DECOMPILERS 16 IS REVERSING LEGAL? 17 INTEROPERABILITY 17 COMPETITION 18 COPYRIGHT LAW 19 TRADE SECRETS AND PATENTS 20 THE DIGITAL MILLENIUM COPYRIGHT ACT 20 DMCA CASES 22 LICENSE AGREEMENT CONSIDERATIONS 23 CODE SAMPLES & TOOLS 23 CONCLUSION 23 CHAPTER 2 LOW-LEVEL SOFTWARE 25 HIGH-LEVEL PERSPECTIVES 26 PROGRAM STRUCTURE 26 MODULES 28 COMMON CODE CONSTRUCTS 28 DATA MANAGEMENT 29 VARIABLES 30 USER-DEFINED DATA STRUCTURES 30 LISTS 31 CONTROL FLOW 32 HIGH-LEVEL LANGUAGES 33 C 34 C++ 35 JAVA 36 C# 36 LOW-LEVEL PERSPECTIVES 37 LOW-LEVEL DATA MANAGEMENT 37 REGISTERS 39 THE STACK 40 HEAPS 42 EXECUTABLE DATA SECTIONS 43 CONTROL FLOW 43 ASSEMBLY LANGUAGE 101 44 REGISTERS 44 FLAGS 46 INSTRUCTION FORMAT 47 BASIC INSTRUCTIONS 48 MOVING DATA 49 ARITHMETIC 49 COMPARING OPERANDS 50 CONTENTS XV CONDITIONAL BRANCHES 51 FUNCTION CALLS 51 EXAMPLES 52 A PRIMER ON COMPILERS AND COMPILATION 53 DEFINING A COMPILER 54 COMPILER ARCHITECTURE 55 FRONT END 55 INTERMEDIATE REPRESENTATIONS 55 OPTIMIZER 56 BACK END 57 LISTING FILES 58 SPECIFIC COMPILERS 59 EXECUTION ENVIRONMENTS 60 SOFTWARE EXECUTION ENVIRONMENTS (VIRTUAL MACHINES) 60 BYTECODES 61 INTERPRETERS 61 JUST-IN-TIME COMPILERS 62 REVERSING STRATEGIES 62 HARDWARE EXECUTION ENVIRONMENTS IN MODERN PROCESSORS 63 INTEL NETBURST 65 UOPS (MICRO-OPS) 65 PIPELINES 65 BRANCH PREDICTION 67 CONCLUSION 68 CHAPTER 3 WINDOWS FUNDAMENTALS 69 COMPONENTS AND BASIC ARCHITECTURE 70 BRIEF HISTORY 70 FEATURES 70 SUPPORTED HARDWARE 71 MEMORY MANAGEMENT 71 VIRTUAL MEMORY AND PAGING 72 PAGING 73 PAGE FAULTS 73 WORKING SETS 74 KERNEL MEMORY AND USER MEMORY 74 THE KERNEL MEMORY SPACE 75 SECTION OBJECTS 77 VAD TREES 78 USER-MODE ALLOCATIONS 78 MEMORY MANAGEMENT APIS 79 OBJECTS AND HANDIES 80 NAMED OBJECTS 81 PROCESSES AND THREADS 83 PROCESSES 84 THREADS 84 CONTEXT SWITCHING 85 SYNCHRONIZATION OBJECTS 86 PROCESS INITIALIZATION SEQUENCE 87 XVI CONTENTS APPLICATION PROGRAMMING INTERFACES 88 THE WIN32 API 88 THE NATIVE API 90 SYSTEM CALLING MECHANISM 91 EXECUTABLE FORMATS 93 BASIC CONCEPTS 93 IMAGE SECTIONS 95 SECTION ALIGNMENT 95 DYNAMICALLY LINKED LIBRARIES 96 HEADERS 97 IMPORTS AND EXPORTS 99 DIRECTORIES 99 LNPUT AND OUTPUT 103 THE I/O SYSTEM 103 THE WIN32 SUBSYSTEM 104 OBJECT MANAGEMENT 105 STRUCTURED EXCEPTION HANDLING 105 CONCLUSION 107 CHAPTER 4 REVERSING TOOLS 109 DIFFERENT REVERSING APPROACHES 110 OFFLINE CODE ANALYSIS (DEAD-LISTING) 110 LIVE CODE ANALYSIS 110 DISASSEMBLERS 110 IDA PRO 112 ILDASM 115 DEBUGGERS 116 USER-MODE DEBUGGERS 118 OLLYDBG 118 USER DEBUGGING IN WINDBG 119 IDA PRO 121 PEBROWSE PROFESSIONAL INTERACTIVE 122 KERNEL-MODE DEBUGGERS 122 KERNEL DEBUGGING IN WINDBG 123 NUMEGA SOFTICE 124 KERNEL DEBUGGING ON VIRTUAL MACHINES 127 DECOMPILERS 129 SYSTEM-MONITORING TOOLS 129 PATCHING TOOLS 131 HEX WORKSHOP 131 MISCELLANEOUS REVERSING TOOLS 133 EXECUTABLE-DUMPING TOOLS 133 DUMPBIN 133 PEVIEW 137 PEBROWSE PROFESSIONAL 137 CONCLUSION 138 CONTENTS XVII PART II APPLIED REVERSING CHAPTER 5 BEYOND THE DOCUMENTATION REVERSING AND INTEROPERABILITY LAYING THE GROUND RULES LOCATING UNDOCUMENTED APIS WHAT ARE WE LOOKING FOR? CASE STUDY: THE GENERIC TABLE API IN NTDLL.DLL RTLLNITIALIZEGENERICTABLE RTLNUMBERGENERICTABLEELEMENTS RTLLSGENERICTABLEEMPTY RTLGETELEMENTGENERICTABLE SETUP AND INITIALIZATION LOGIC AND STRUCTURE SEARCH LOOP 1 SEARCH LOOP 2 SEARCH LOOP 3 SEARCH LOOP 4 RECONSTRUCTING THE SOURCE CODE RTLLNSERTELEMENTGENERICTABLE RTLLOCATENODEGENERICTABLE RTLREALLNSERTELEMENTWORKER SPLAY TREES RTLLOOKUPELEMENTGENERICTABLE RTLDELETEELEMENTGENERICTABLE PUTTING THE PIECES TOGETHER CONCLUSION CHAPTER 6 DECIPHERING FILE FORMATS CRYPTEX USING CRYPTEX REVERSING CRYPTEX THE PASSWORD VERIFICATION PROCESS CATCHING THE "BAD PASSWORD" MESSAGE THE PASSWORD TRANSFORMATION ALGORITHM HASHING THE PASSWORD THE DIRECTORY LAYOUT ANALYZING THE DIRECTORY PROCESSING CODE ANALYZING A FILE ENTRY DUMPING THE DIRECTORY LAYOUT THE FILE EXTRACTION PROCESS SCANNING THE FILE LIST DECRYPTING THE FILE THE FLOATING-POINT SEQUENCE THE DECRYPTION LOOP VERIFYING THE HASH VALUE THE BIG PICTURE DIGGING DEEPER CONCLUSION 139 141 142 142 143 144 145 146 151 152 153 155 159 161 163 164 165 165 168 170 178 187 188 193 194 196 199 200 201 202 207 207 210 213 218 218 223 227 228 234 235 236 238 239 239 241 242 XVIII CONTENTS CHAPTER 7 AUDITING PROGRAM BINARIES 243 DEFINING THE PROBLEM 243 VULNERABILITIES 245 STACK OVERFLOWS 245 A SIMPLE STACK VULNERABILITY 247 INTRINSIC IMPLEMENTATIONS 249 STACK CHECKING 250 NONEXECUTABLE MEMORY 254 HEAP OVERFLOWS 255 STRING FILTERS 256 INTEGER OVERFLOWS 256 ARITHMETIC OPERATIONS ON USER-SUPPLIED INTEGERS 258 TYPE CONVERSION ERRORS 260 CASE-STUDY: THE IIS INDEXING SERVICE VULNERABILITY 262 CVARIABLESET::ADDEXTENSIONCONTROLBLOCK 263 DECODEURLESCAPES 267 CONCLUSION 271 CHAPTER 8 REVERSING MAL WAERE 273 TYPES OF MALWARE 274 VIRUSES 274 WORMS 274 TROJAN HORSES 275 BACKDOORS 276 MOBILE CODE 276 ADWARE/SPYWARE 276 STICKY SOFTWARE 277 FUTURE MALWARE 278 INFORMATION-STEALING WORMS 278 BIOS/FIRMWARE MALWARE 279 USES OF MALWARE 280 MALWARE VULNERABILITY 281 POLYMORPHISM 282 METAMORPHISM 283 ESTABLISHING A SECURE ENVIRONMENT 285 THE BACKDOOR.HACARMY.D 285 UNPACKING THE EXECUTABLE 286 INITIAL IMPRESSIONS 290 THE INITIAL INSTALLATION 291 INITIALIZING COMMUNICATIONS 294 CONNECTING TO THE SERVER 296 JOINING THE CHANNEL 298 COMMUNICATING WITH THE BACKDOOR 299 RUNNING SOCKS4 SERVERS 303 CLEARING THE CRIME SCENE 303 THE BACKDOOR.HACARMY.D: A COMMAND REFERENCE 304 CONCLUSION 306 CONTENTS XIX PART III CHAPTER 9 CHAPTER 10 CRACKING PIRACY AND COPY PROTECTION COPYRIGHTS IN THE NEW WORLD THE SOCIAL ASPECT SOFTWARE PIRACY DEFINING THE PROBLEM CLASS BREAKS REQUIREMENTS THE THEORETICALLY UNCRACKABLE MODEL TYPES OF PROTECTION MEDIA-BASED PROTECTIONS SERIAL NUMBERS CHALLENGE RESPONSE AND ONLINE ACTIVATIONS HARDWARE-BASED PROTECTIONS SOFTWARE AS A SERVICE ADVANCED PROTECTION CONCEPTS CRYPTO-PROCESSORS DIGITAL RIGHTS MANAGEMENT DRM MODELS THE WINDOWS MEDIA RIGHTS MANAGER SECURE AUDIO PATH WATERMARKING TRUSTED COMPUTING ATTACKING COPY PROTECTION TECHNOLOGIES CONCLUSION ANTIREVERSING TECHNIQUES WHY ANTIREVERSING? BASIC APPROACHES TO ANTIREVERSING ELIMINATING SYMBOLIC INFORMATION CODE ENCRYPTION ACTIVE ANTIDEBUGGER TECHNIQUES DEBUGGER BASICS THE ISDEBUGGERPRESENT API SYSTEMKERNELDEBUGGERMFORMATION DETECTING SOFTICE USING THE SINGLE-STEP INTERRUPT THE TRAP FLAG CODE CHECKSUMS CONFUSING DISASSEMBLERS LINEAR SWEEP DISASSEMBLERS RECURSIVE TRAVERSAL DISASSEMBLERS APPLICATIONS CODE OBFUSCATION CONTROL FLOW TRANSFORMATIONS OPAQUE PREDICATES CONFUSING DECOMPILERS TABLE INTERPRETATION 307 309 309 310 310 311 312 313 314 314 314 315 315 316 317 318 318 319 320 321 321 321 322 324 324 327 327 328 329 330 331 331 332 333 334 335 335 336 337 338 343 344 346 346 348 348 XX CONTENTS INLINING AND OUTLINING 353 INTERLEAVING CODE ORDERING TRANSFORMATIONS 355 DATA TRANSFORMATIONS 355 MODIFYING VARIABLE ENCODING 355 RESTRUCTURING ARRAYS 35 CONCLUSION 356 CHAPTER 11 BREAKING PROTECTIONS 357 PATCHING 358 * %4 KEYGENNMG RIPPING KEY-GENERATION ALGORITHMS 365 ADVANCED CRACKING: DEFENDER 370 REVERSING DEFENDER'S INITIALIZATION ROUTINE 377 ANALYZING THE DECRYPTED CODE 387 SOFTICE'S DISAPPEARANCE 39 REVERSING THE SECONDARY THREAD 396 DEFEATING THE "KILLER" THREAD 3 " LOADING KERNEL32.DLL 400 4.01 REENCRYPTING THE FUNCTION ^ UL BACK AT THE ENTRY POINT 402 PARSING THE PROGRAM PARAMETERS 404 PROCESSING THE USERNAME 406 VALIDATING USER INFORMATION 407 UNLOCKING THE CODE 409 BRUTE-FORCING YOUR WAY THROUGH DEFENDER 4 09 PROTECTION TECHNOLOGIES IN DEFENDER 4I5 LOCALIZED FUNCTION-LEVEL ENCRYPTION 4I5 RELATIVELY STRONG CIPHER BLOCK CHAINING 4 15 41 F) REENCRYPTING OBFUSCATED APPLICATION/OPERATING SYSTEM INTERFACE 416 PROCESSOR TIME-STAMP VERIFICATION THREAD 4I7 RUNTIME GENERATION OF DECRYPTION KEYS 418 4.18 INTERDEPENDENT KEYS USER-INPUT-BASED DECRYPTION KEYS 419 HEAVY INLINING CONCLUSION PART IV BEYOND DISASSEMBLY 421 CHAPTER 12 REVERSING.NET ^ GROUND RULES 424 .NET BASICS 426 MANAGED CODE .NET PROGRAMMING LANGUAGES 428 COMMON TYPE SYSTEM (CTS) 428 INTERMEDIATE LANGUAGE (IL) THE EVALUATION STACK 430 ACTIVATION RECORDS 430 CONTENTS XXI CHAPTER 13 APPENDIX A APPENDIX B APPENDIX C INDEX IL INSTRUCTIONS IL CODE SAMPLES COUNTING ITEMS A LINKED LIST SAMPLE DECOMPILERS OBFUSCATORS RENAMING SYMBOLS CONTROL FLOW OBFUSCATION BREAKING DECOMPILATION AND DISASSEMBLY REVERSING OBFUSCATED CODE XENOCODE OBFUSCATOR DOTFUSCATOR BY PREEMPTIVE SOLUTIONS REMOTESOFT OBFUSCATOR AND LINKER REMOTESOFT PROTECTOR PRECOMPILED ASSEMBLIES ENCRYPTED ASSEMBLIES CONCLUSION DECOMPILATION NATIVE CODE DECOMPILATION: AN UNSOLVABLE PROBLEM? TYPICAL DECOMPILER ARCHITECTURE INTERMEDIATE REPRESENTATIONS EXPRESSIONS AND EXPRESSION TREES CONTROL FLOW GRAPHS THE FRONT END SEMANTIC ANALYSIS GENERATING CONTROL FLOW GRAPHS CODE ANALYSIS DATA-FLOW ANALYSIS SINGLE STATIC ASSIGNMENT (SSA) DATA PROPAGATION REGISTER VARIABLE IDENTIFICATION DATA TYPE PROPAGATION TYPE ANALYSIS PRIMITIVE DATA TYPES COMPLEX DATA TYPES CONTROL FLOW ANALYSIS FINDING LIBRARY FUNCTIONS THE BACK END REAL-WORLD IA-32 DECOMPILATION CONCLUSION DECIPHERING CODE STRUCTURES UNDERSTANDING COMPILED ARITHMETIC DECIPHERING PROGRAM DATA 430 433 433 436 443 444 444 444 444 445 446 448 451 452 453 453 455 457 457 459 459 461 462 463 463 464 466 466 467 468 470 471 472 472 473 475 475 476 477 477 479 519 537 561
any_adam_object	1
any_adam_object_boolean	1
author	Eilam, Eldad
author_facet	Eilam, Eldad
author_role	aut
author_sort	Eilam, Eldad
author_variant	e e ee
building	Verbundindex
bvnumber	BV021627460
callnumber-first	Q - Science
callnumber-label	QA76
callnumber-raw	QA76.758
callnumber-search	QA76.758
callnumber-sort	QA 276.758
callnumber-subject	QA - Mathematics
classification_rvk	ST 230 ST 277 ZG 9144
classification_tum	DAT 310f
ctrlnum	(OCoLC)60359199 (DE-599)BVBBV021627460
dewey-full	005.1
dewey-hundreds	000 - Computer science, information, general works
dewey-ones	005 - Computer programming, programs, data, security
dewey-raw	005.1
dewey-search	005.1
dewey-sort	15.1
dewey-tens	000 - Computer science, information, general works
discipline	Technik Informatik
discipline_str_mv	Technik Informatik
format	Book
fullrecord	<?xml version="1.0" encoding="UTF-8"?><collection xmlns="http://www.loc.gov/MARC21/slim"><record><leader>02179nam a2200553zc 4500</leader><controlfield tag="001">BV021627460</controlfield><controlfield tag="003">DE-604</controlfield><controlfield tag="005">20140827 </controlfield><controlfield tag="007">t</controlfield><controlfield tag="008">060623s2005 xxud\|\|\| \|\|\|\| 00\|\|\| eng d</controlfield><datafield tag="010" ind1=" " ind2=" "><subfield code="a">2005921595</subfield></datafield><datafield tag="020" ind1=" " ind2=" "><subfield code="a">0764574817</subfield><subfield code="c">pbk.</subfield><subfield code="9">0-7645-7481-7</subfield></datafield><datafield tag="020" ind1=" " ind2=" "><subfield code="a">9780764574818</subfield><subfield code="9">978-0-7645-7481-8</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(OCoLC)60359199</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(DE-599)BVBBV021627460</subfield></datafield><datafield tag="040" ind1=" " ind2=" "><subfield code="a">DE-604</subfield><subfield code="b">ger</subfield><subfield code="e">aacr</subfield></datafield><datafield tag="041" ind1="0" ind2=" "><subfield code="a">eng</subfield></datafield><datafield tag="044" ind1=" " ind2=" "><subfield code="a">xxu</subfield><subfield code="c">US</subfield></datafield><datafield tag="049" ind1=" " ind2=" "><subfield code="a">DE-91G</subfield><subfield code="a">DE-634</subfield><subfield code="a">DE-11</subfield><subfield code="a">DE-Aug4</subfield><subfield code="a">DE-706</subfield><subfield code="a">DE-29T</subfield><subfield code="a">DE-1043</subfield></datafield><datafield tag="050" ind1=" " ind2="0"><subfield code="a">QA76.758</subfield></datafield><datafield tag="082" ind1="0" ind2=" "><subfield code="a">005.1</subfield><subfield code="2">22</subfield></datafield><datafield tag="084" ind1=" " ind2=" "><subfield code="a">ST 230</subfield><subfield code="0">(DE-625)143617:</subfield><subfield code="2">rvk</subfield></datafield><datafield tag="084" ind1=" " ind2=" "><subfield code="a">ST 277</subfield><subfield code="0">(DE-625)143643:</subfield><subfield code="2">rvk</subfield></datafield><datafield tag="084" ind1=" " ind2=" "><subfield code="a">ZG 9144</subfield><subfield code="0">(DE-625)156030:</subfield><subfield code="2">rvk</subfield></datafield><datafield tag="084" ind1=" " ind2=" "><subfield code="a">DAT 310f</subfield><subfield code="2">stub</subfield></datafield><datafield tag="100" ind1="1" ind2=" "><subfield code="a">Eilam, Eldad</subfield><subfield code="e">Verfasser</subfield><subfield code="4">aut</subfield></datafield><datafield tag="245" ind1="1" ind2="0"><subfield code="a">Reversing</subfield><subfield code="b">secrets of reverse engineering</subfield><subfield code="c">Eldad Eilam</subfield></datafield><datafield tag="264" ind1=" " ind2="1"><subfield code="a">Indianapolis, IN</subfield><subfield code="b">Wiley</subfield><subfield code="c">2005</subfield></datafield><datafield tag="300" ind1=" " ind2=" "><subfield code="a">XXVIII, 589 S.</subfield><subfield code="b">graph. Darst.</subfield><subfield code="c">24 cm</subfield></datafield><datafield tag="336" ind1=" " ind2=" "><subfield code="b">txt</subfield><subfield code="2">rdacontent</subfield></datafield><datafield tag="337" ind1=" " ind2=" "><subfield code="b">n</subfield><subfield code="2">rdamedia</subfield></datafield><datafield tag="338" ind1=" " ind2=" "><subfield code="b">nc</subfield><subfield code="2">rdacarrier</subfield></datafield><datafield tag="500" ind1=" " ind2=" "><subfield code="a">Includes index.</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Génie logiciel</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Rétro-ingénierie</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Sécurité informatique</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Software engineering</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Reverse engineering</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Computer security</subfield></datafield><datafield tag="650" ind1="0" ind2="7"><subfield code="a">Reverse Engineering</subfield><subfield code="0">(DE-588)4391935-2</subfield><subfield code="2">gnd</subfield><subfield code="9">rswk-swf</subfield></datafield><datafield tag="650" ind1="0" ind2="7"><subfield code="a">Software Engineering</subfield><subfield code="0">(DE-588)4116521-4</subfield><subfield code="2">gnd</subfield><subfield code="9">rswk-swf</subfield></datafield><datafield tag="689" ind1="0" ind2="0"><subfield code="a">Software Engineering</subfield><subfield code="0">(DE-588)4116521-4</subfield><subfield code="D">s</subfield></datafield><datafield tag="689" ind1="0" ind2="1"><subfield code="a">Reverse Engineering</subfield><subfield code="0">(DE-588)4391935-2</subfield><subfield code="D">s</subfield></datafield><datafield tag="689" ind1="0" ind2=" "><subfield code="5">DE-604</subfield></datafield><datafield tag="856" ind1="4" ind2=" "><subfield code="u">http://www.loc.gov/catdir/enhancements/fy0628/2005921595-b.html</subfield><subfield code="3">Contributor biographical information</subfield></datafield><datafield tag="856" ind1="4" ind2=" "><subfield code="u">http://www.loc.gov/catdir/enhancements/fy0628/2005921595-d.html</subfield><subfield code="3">Publisher description</subfield></datafield><datafield tag="856" ind1="4" ind2=" "><subfield code="u">http://www.loc.gov/catdir/enhancements/fy0628/2005921595-t.html</subfield><subfield code="3">Table of contents</subfield></datafield><datafield tag="856" ind1="4" ind2="2"><subfield code="m">GBV Datenaustausch</subfield><subfield code="q">application/pdf</subfield><subfield code="u">http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=014842419&sequence=000001&line_number=0001&func_code=DB_RECORDS&service_type=MEDIA</subfield><subfield code="3">Inhaltsverzeichnis</subfield></datafield><datafield tag="999" ind1=" " ind2=" "><subfield code="a">oai:aleph.bib-bvb.de:BVB01-014842419</subfield></datafield></record></collection>
id	DE-604.BV021627460
illustrated	Illustrated
index_date	2024-07-02T14:55:47Z
indexdate	2024-07-09T20:40:16Z
institution	BVB
isbn	0764574817 9780764574818
language	English
lccn	2005921595
oai_aleph_id	oai:aleph.bib-bvb.de:BVB01-014842419
oclc_num	60359199
open_access_boolean
owner	DE-91G DE-BY-TUM DE-634 DE-11 DE-Aug4 DE-706 DE-29T DE-1043
owner_facet	DE-91G DE-BY-TUM DE-634 DE-11 DE-Aug4 DE-706 DE-29T DE-1043
physical	XXVIII, 589 S. graph. Darst. 24 cm
publishDate	2005
publishDateSearch	2005
publishDateSort	2005
publisher	Wiley
record_format	marc
spelling	Eilam, Eldad Verfasser aut Reversing secrets of reverse engineering Eldad Eilam Indianapolis, IN Wiley 2005 XXVIII, 589 S. graph. Darst. 24 cm txt rdacontent n rdamedia nc rdacarrier Includes index. Génie logiciel Rétro-ingénierie Sécurité informatique Software engineering Reverse engineering Computer security Reverse Engineering (DE-588)4391935-2 gnd rswk-swf Software Engineering (DE-588)4116521-4 gnd rswk-swf Software Engineering (DE-588)4116521-4 s Reverse Engineering (DE-588)4391935-2 s DE-604 http://www.loc.gov/catdir/enhancements/fy0628/2005921595-b.html Contributor biographical information http://www.loc.gov/catdir/enhancements/fy0628/2005921595-d.html Publisher description http://www.loc.gov/catdir/enhancements/fy0628/2005921595-t.html Table of contents GBV Datenaustausch application/pdf http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=014842419&sequence=000001&line_number=0001&func_code=DB_RECORDS&service_type=MEDIA Inhaltsverzeichnis
spellingShingle	Eilam, Eldad Reversing secrets of reverse engineering Génie logiciel Rétro-ingénierie Sécurité informatique Software engineering Reverse engineering Computer security Reverse Engineering (DE-588)4391935-2 gnd Software Engineering (DE-588)4116521-4 gnd
subject_GND	(DE-588)4391935-2 (DE-588)4116521-4
title	Reversing secrets of reverse engineering
title_auth	Reversing secrets of reverse engineering
title_exact_search	Reversing secrets of reverse engineering
title_exact_search_txtP	Reversing secrets of reverse engineering
title_full	Reversing secrets of reverse engineering Eldad Eilam
title_fullStr	Reversing secrets of reverse engineering Eldad Eilam
title_full_unstemmed	Reversing secrets of reverse engineering Eldad Eilam
title_short	Reversing
title_sort	reversing secrets of reverse engineering
title_sub	secrets of reverse engineering
topic	Génie logiciel Rétro-ingénierie Sécurité informatique Software engineering Reverse engineering Computer security Reverse Engineering (DE-588)4391935-2 gnd Software Engineering (DE-588)4116521-4 gnd
topic_facet	Génie logiciel Rétro-ingénierie Sécurité informatique Software engineering Reverse engineering Computer security Reverse Engineering Software Engineering
url	http://www.loc.gov/catdir/enhancements/fy0628/2005921595-b.html http://www.loc.gov/catdir/enhancements/fy0628/2005921595-d.html http://www.loc.gov/catdir/enhancements/fy0628/2005921595-t.html http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=014842419&sequence=000001&line_number=0001&func_code=DB_RECORDS&service_type=MEDIA
work_keys_str_mv	AT eilameldad reversingsecretsofreverseengineering

Verfügbarkeit

Es ist kein Print-Exemplar vorhanden.

Fernleihe Bestellen Achtung: Nicht im THWS-Bestand! Inhaltsverzeichnis

MARC

Datensatz im Suchindex

Es ist kein Print-Exemplar vorhanden.

Ähnliche Einträge