Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Save more on your purchases now! discount-offer-chevron-icon
Savings automatically calculated. No voucher code required.
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon
Mastering Reverse Engineering
Mastering Reverse Engineering

Mastering Reverse Engineering: Re-engineer your ethical hacking skills

eBook
$27.98 $39.99
Paperback
$48.99
Subscription
Free Trial
Renews at $19.99p/m

What do you get with eBook?

Product feature icon Instant access to your Digital eBook purchase
Product feature icon Download this book in EPUB and PDF formats
Product feature icon Access this title in our online reader with advanced features
Product feature icon DRM FREE - Read whenever, wherever and however you want
Table of content icon View table of contents Preview book icon Preview Book

Mastering Reverse Engineering

Identification and Extraction of Hidden Components

Today, the most common use for reverse engineering is in targeting malware. Like any other software, malware has its installation process. The difference is that it does not ask for the user's permission to install. Malware does not even install in the Program files folder where other legitimate applications are installed. Rather, it tends to install its malware file in folders that are not commonly entered by the user, making it hidden from being noticed. However, some malware shows up noticed and generates copies of itself in almost all noticeable folders such as the desktop. Its purpose is to get its copies executed by users, be it by accidental double-click or by curiosity. This is what we usually call malware persistence.

Persistence is when malware consistently runs in the background. In this chapter, we will be pointing...

Technical requirements

The operating system environment

Doing reverse engineering requires the analyst to understand where the software being reversed is being run. The major parts that software requires in order to work in an operating system are the memory and the filesystem. In Windows operating systems, besides the memory and the filesystem, Microsoft introduced the registry system, which is actually stored in protected files called registry hives.

The filesystem

The filesystem is where data is stored directly to the physical disk drive. These filesystems manage how files and directories are stored in the disk. Various disk filesystems have their own variation of efficiently reading and writing data. 

There are different disk filesystems...

Typical malware behavior

Malware is simply defined as malicious software. You'd expect bad things to happen to your system environment once malware has entered. Once typical malware enters the system, it does two basic things: installs itself and does its evil work. With the intent of forcing itself to be installed in the system malware does not need to notify the user at all. Instead, it directly makes changes to the system.  

Persistence

One of the changes malware makes in the system is to make itself resident.  Malware persistence means that the malware will still be running in background and, as much as possible, all the time. For example, malware gets executed after every boot-up of the system...

Tools

Identifying the registry entry, files dropped, and running processes that are related to the malware requires tools. There are existing tools that we can use to extract these objects. There are two analysis events we should consider: analysis after the malware has been executed and analysis before the malware executes. Since our aim for this chapter is to extract components, we will discuss the tools that can help us find suspected files. Analysis tools that are used after we have extracted our suspected malware will be discussed in further chapters.

When a system has already been compromised, the analyst would need to use tools that can identify suspected files. Each suspected file will be analysed further. To start off, we can identify it based on persistence.

  1. List down all processes and their respective file information
  2. From the list of known registry persistence paths...

Summary

In the first chapter, we learned about reverse engineering and its importance when analyzing malware. To begin with our reverse engineering adventures, we have to learn the system we are analyzing. We discussed the three main areas in the Windows operating system environment: memory, disk, and the registry.  In this chapter, we aimed to find malware from a compromised Windows system by extracting suspected files. To do that, we listed common startup areas in the system that we can search into. These areas include the registry, task schedules, and startup folder.  

We learned that typical malware behaves by installing itself and runnng code that harms the system. Malware installs itself basically for persistence which results in the malware file triggering most of the time the system is online. We then listed a few behaviors as to why malware was called malicious...

Left arrow icon Right arrow icon
Download code icon Download Code

Key benefits

  • Analyze and improvise software and hardware with real-world examples
  • Learn advanced debugging and patching techniques with tools such as IDA Pro, x86dbg, and Radare2.
  • Explore modern security techniques to identify, exploit, and avoid cyber threats

Description

If you want to analyze software in order to exploit its weaknesses and strengthen its defenses, then you should explore reverse engineering. Reverse Engineering is a hackerfriendly tool used to expose security flaws and questionable privacy practices.In this book, you will learn how to analyse software even without having access to its source code or design documents. You will start off by learning the low-level language used to communicate with the computer and then move on to covering reverse engineering techniques. Next, you will explore analysis techniques using real-world tools such as IDA Pro and x86dbg. As you progress through the chapters, you will walk through use cases encountered in reverse engineering, such as encryption and compression, used to obfuscate code, and how to to identify and overcome anti-debugging and anti-analysis tricks. Lastly, you will learn how to analyse other types of files that contain code. By the end of this book, you will have the confidence to perform reverse engineering.

Who is this book for?

If you are a security engineer or analyst or a system programmer and want to use reverse engineering to improve your software and hardware, this is the book for you. You will also find this book useful if you are a developer who wants to explore and learn reverse engineering. Having some programming/shell scripting knowledge is an added advantage.

What you will learn

  • Learn core reverse engineering
  • Identify and extract malware components
  • Explore the tools used for reverse engineering
  • Run programs under non-native operating systems
  • Understand binary obfuscation techniques
  • Identify and analyze anti-debugging and anti-analysis tricks

Product Details

Country selected
Publication date, Length, Edition, Language, ISBN-13
Publication date : Oct 31, 2018
Length: 436 pages
Edition : 1st
Language : English
ISBN-13 : 9781788835299
Category :
Tools :

What do you get with eBook?

Product feature icon Instant access to your Digital eBook purchase
Product feature icon Download this book in EPUB and PDF formats
Product feature icon Access this title in our online reader with advanced features
Product feature icon DRM FREE - Read whenever, wherever and however you want

Product Details

Publication date : Oct 31, 2018
Length: 436 pages
Edition : 1st
Language : English
ISBN-13 : 9781788835299
Category :
Tools :

Packt Subscriptions

See our plans and pricing
Modal Close icon
$19.99 billed monthly
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Simple pricing, no contract
$199.99 billed annually
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just $5 each
Feature tick icon Exclusive print discounts
$279.99 billed in 18 months
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just $5 each
Feature tick icon Exclusive print discounts

Frequently bought together


Stars icon
Total $ 158.97
Mastering Reverse Engineering
$48.99
Hands-On System Programming with Linux
$54.99
Learning Malware Analysis
$54.99
Total $ 158.97 Stars icon

Table of Contents

14 Chapters
Preparing to Reverse Chevron down icon Chevron up icon
Identification and Extraction of Hidden Components Chevron down icon Chevron up icon
The Low-Level Language Chevron down icon Chevron up icon
Static and Dynamic Reversing Chevron down icon Chevron up icon
Tools of the Trade Chevron down icon Chevron up icon
RE in Linux Platforms Chevron down icon Chevron up icon
RE for Windows Platforms Chevron down icon Chevron up icon
Sandboxing - Virtualization as a Component for RE Chevron down icon Chevron up icon
Binary Obfuscation Techniques Chevron down icon Chevron up icon
Packing and Encryption Chevron down icon Chevron up icon
Anti-analysis Tricks Chevron down icon Chevron up icon
Practical Reverse Engineering of a Windows Executable Chevron down icon Chevron up icon
Reversing Various File Types Chevron down icon Chevron up icon
Other Books You May Enjoy Chevron down icon Chevron up icon

Customer reviews

Rating distribution
Full star icon Full star icon Full star icon Empty star icon Empty star icon 3
(5 Ratings)
5 star 20%
4 star 40%
3 star 0%
2 star 0%
1 star 40%
Mansour Ahmed Oct 10, 2022
Full star icon Full star icon Full star icon Full star icon Empty star icon 4
Thank you
Amazon Verified review Amazon
Drakeor Nov 30, 2020
Full star icon Full star icon Full star icon Full star icon Empty star icon 4
TLDR:The title is misleading. This book is an excellent primer for Malware Analysis and I highly recommend it if you're new to it. However, expect to quickly move onto other books/resources once you need any sort of depth into any of the tools/techniques.Summary:The title makes it seem like a more in-depth book for people already familiar with the basics of reverse engineering and thus are looking for new techniques or ways to improve their existing skillsets. Instead, this book is an introductory book into Malware Analysis. If it's treated like that, I do recommend this book for anyone wanting a good primer into Malware analysis. I understand that there's a lot to cover (Ex: static analysis have entire textbooks dedicated to them) so don't expect an in-depth guide on the tools/techniques.Pros:- Touches on a good number of techniques and tools used for Malware Analysis. There were a couple the author mentioned that I was not yet aware of.- Touches on a good number of topics such as anti-debugging / anti-vm / metamorphism- Pretty easy to follow and not overly bloated. Gives enough information that one would be able to look up areas they aren't familiar with and expand their knowledge.- Explanations were easy to follow.Cons:- The title is misleading. This is really the biggest con. It really should be called "A Primer on Malware Analysis".- This book is far from comprehensive. If you were looking for a comprehensive textbook on Malware Analysis with an appropriate amount of exercises, this isn't the book for you. This is less of a con if you approach this book as a primer.- It's $45 on Amazon. I read mine thru Packt Publishing's site since I have an account there, but $45 is way too steep a price for this book. I feel it's worth more like $25, $30 at most. The only way I would justify $45 is if it had more exercises.
Amazon Verified review Amazon
PC Jul 14, 2020
Full star icon Empty star icon Empty star icon Empty star icon Empty star icon 1
Der Text wird richtig gezeigt: es kann problemlos vergrößert werden aber die Bilder bleiben leider extrem klein: es ist schwer zu erkenne, was sie zeigen sollten.Das zweite Bild zeigt das Hauptfenster von Ollidbg: Ich habe es erkannt, nur weil Ich es regelmäßig benutze.Dazu, die Quelltexte werden mit einer Schriftart gezeigt, die extrem dünn ist, praktisch unleserlich (drittes Bild).Man fragt sich, warum solche Probleme niemandem aufgefallen sind.Komisch ist auch, dass „Blick ins Buch“ eine mackellose Darstellung der Seiten zeigt, auch derjenigen, die bei Kindle Windows die Darstellungsprobleme zeigen, die Ich beschrieben habe.
Amazon Verified review Amazon
Customer Feb 14, 2019
Full star icon Full star icon Full star icon Full star icon Full star icon 5
Contained the information necessary to go from casual malware analyst to occasional hero. The crux of the matter is developed when the author hits on key points necessary to repackage executables while coding out the malicious logic -- especially logic intended to ruin early-stage and mid-stage analysis efforts that are focused by the adversary towards the amateur reverser. Other books in this vein do not necessarily cover the the necessary steps to champion repatching. In the future, a serious book might cover more advanced topics, such as hot patching, but I think this book covers most of the subject matter well.The book may not have a lot for an average exploit developer, or for reversers who are not subject to the cat-and mouse game of anti-debugging, anti-tampering, anti-emulation, and vm-detection techniques. For those who want to up their skills and abilities in critical areas that key cybersecurity countermeasures such as FireEye, Palo Alto Networks, McAfee ATD, and Microsoft ATP/Defender might miss -- this is the right book at the right time. This book also has the ability to foresee malware intelligence as a future decisive area where cybersecurity decisions are made. You have to read into it a little bit. It's not obvious, so maybe give it a few reads, embellish the ideas and concepts by practicing them, and spend a little effort beyond what the book provides.You will find no better modern resource on the in-the weeds methods (not just the tools, but the techniques!) of malicious logic reversing. If you intend to do battle with a disassembler, debugger, or other related weapon of choice -- look no further than this written material on this topic.
Amazon Verified review Amazon
Amazon Customer Nov 04, 2018
Full star icon Empty star icon Empty star icon Empty star icon Empty star icon 1
This would be the worst book I've read about reversing if it was about... reversing. Instead it is very brief peek into several available tools that aid in malware analysis. The chapter about MBR reversing with bochs is worst than one provided by IDA Pro authors available at Hex Blog site for free. IDA capabilities are not even scratched, all the code is targeting x86 32 bit platforms (with brief exception of tips how to run ARM base linux distro in QEMU). The book doesn't even explain how disassembler works hence the chapter about code obfuscation are a bit useless, especially considering the fact that there are very few examples being discussed. Anti debugging and anti emulation tricks are also very briefly discussed. x64 architecture is not discussed, just like ARM (with single exception above). Don't buy this book, there are many others great publication on this topic available today.
Amazon Verified review Amazon
Get free access to Packt library with over 7500+ books and video courses for 7 days!
Start Free Trial

FAQs

How do I buy and download an eBook? Chevron down icon Chevron up icon

Where there is an eBook version of a title available, you can buy it from the book details for that title. Add either the standalone eBook or the eBook and print book bundle to your shopping cart. Your eBook will show in your cart as a product on its own. After completing checkout and payment in the normal way, you will receive your receipt on the screen containing a link to a personalised PDF download file. This link will remain active for 30 days. You can download backup copies of the file by logging in to your account at any time.

If you already have Adobe reader installed, then clicking on the link will download and open the PDF file directly. If you don't, then save the PDF file on your machine and download the Reader to view it.

Please Note: Packt eBooks are non-returnable and non-refundable.

Packt eBook and Licensing When you buy an eBook from Packt Publishing, completing your purchase means you accept the terms of our licence agreement. Please read the full text of the agreement. In it we have tried to balance the need for the ebook to be usable for you the reader with our needs to protect the rights of us as Publishers and of our authors. In summary, the agreement says:

  • You may make copies of your eBook for your own use onto any machine
  • You may not pass copies of the eBook on to anyone else
How can I make a purchase on your website? Chevron down icon Chevron up icon

If you want to purchase a video course, eBook or Bundle (Print+eBook) please follow below steps:

  1. Register on our website using your email address and the password.
  2. Search for the title by name or ISBN using the search option.
  3. Select the title you want to purchase.
  4. Choose the format you wish to purchase the title in; if you order the Print Book, you get a free eBook copy of the same title. 
  5. Proceed with the checkout process (payment to be made using Credit Card, Debit Cart, or PayPal)
Where can I access support around an eBook? Chevron down icon Chevron up icon
  • If you experience a problem with using or installing Adobe Reader, the contact Adobe directly.
  • To view the errata for the book, see www.packtpub.com/support and view the pages for the title you have.
  • To view your account details or to download a new copy of the book go to www.packtpub.com/account
  • To contact us directly if a problem is not resolved, use www.packtpub.com/contact-us
What eBook formats do Packt support? Chevron down icon Chevron up icon

Our eBooks are currently available in a variety of formats such as PDF and ePubs. In the future, this may well change with trends and development in technology, but please note that our PDFs are not Adobe eBook Reader format, which has greater restrictions on security.

You will need to use Adobe Reader v9 or later in order to read Packt's PDF eBooks.

What are the benefits of eBooks? Chevron down icon Chevron up icon
  • You can get the information you need immediately
  • You can easily take them with you on a laptop
  • You can download them an unlimited number of times
  • You can print them out
  • They are copy-paste enabled
  • They are searchable
  • There is no password protection
  • They are lower price than print
  • They save resources and space
What is an eBook? Chevron down icon Chevron up icon

Packt eBooks are a complete electronic version of the print edition, available in PDF and ePub formats. Every piece of content down to the page numbering is the same. Because we save the costs of printing and shipping the book to you, we are able to offer eBooks at a lower cost than print editions.

When you have purchased an eBook, simply login to your account and click on the link in Your Download Area. We recommend you saving the file to your hard drive before opening it.

For optimal viewing of our eBooks, we recommend you download and install the free Adobe Reader version 9.