Preface

• Who this book is for
• What this book covers
• To get the most out of this book
• Download the example code files
• Download the color images
• Conventions used
• Get in touch
• Share Your Thoughts

1. Part 1 – Modern Windows Compiler

2. Chapter 1: From Source to Binaries – The Journey of a C Program FREE CHAPTER

• The simplest Windows program in C
• C compiler – assembly code generation
• Assembler – transforming assembly code into machine code
• Compiling code
• Windows linker – packing binary data into PE format
• Running static PE files as dynamic processes
• Summary

3. Chapter 2: Process Memory – File Mapping, PE Parser, tinyLinker, and Hollowing

• Sample programs
• The memory of the static contents of PE files
• PE Parser example
• Dynamic file mapping
• PE infection (PE Patcher) example
• tinyLinker example
• Examples of process hollowing
• PE files to HTML
• Summary

4. Chapter 3: Dynamic API Calling – Thread, Process, and Environment Information

• Sample programs
• Function calling convention
• Thread Environment Block (TEB)
• Process Environment Block
• Examples of process parameter forgery
• Examples of enumerating loaded modules without an API
• Examples of disguising and hiding loaded DLLs
• Summary

5. Part 2 – Windows Process Internals

6. Chapter 4: Shellcode Technique – Exported Function Parsing

• Sample programs
• EATs in PE
• Examples of a DLL file analyzer
• Examples of writing shellcode in x86
• A shellcode generator in Python
• Summary

7. Chapter 5: Application Loader Design

• Import Address Table in PE
• Import API analyzer example
• Examples of IAT hijack
• DLL side-loading example
• Summary

8. Chapter 6: PE Module Relocation

• Relocation table of PE
• tinyLoader example
• Summary

9. Part 3 – Abuse System Design and Red Team Tips

10. Chapter 7: PE to Shellcode – Transforming PE Files into Shellcode

• The open source project pe_to_shellcode analysis
• Summary

11. Chapter 8: Software Packer Design

• What is a software packer?
• Packer builder
• Stub – the main program of an unpacker
• Examples of software packers
• Summary

12. Chapter 9: Digital Signature – Authenticode Verification

• Authenticode digital signatures
• Signature verification
• Examples of mock signatures
• Examples of bypassing hash verification
• Examples of signature steganography
• Getting signed by abusing path normalization
• Summary

13. Chapter 10: Reversing User Account Control and Bypassing Tricks

• UAC overview
• RAiLaunchAdminProcess callback
• Two-level authentication mechanism
• Elevated privilege conditions
• Examples of bypassing UAC
• Summary

14. Index

• Why subscribe?

15. Other Books You May Enjoy

• Packt is searching for authors like you
• Share Your Thoughts
• Download a free PDF copy of this book

Appendix – NTFS, Paths, and Symbols

• Win32 and NT path specification