Abstract
This book is an attempt to provide an introduction to reverse engineering software under both Linux and Microsoft Windows©. The goal of this book is not to cover how to reproduce an entire program from a binary, but instead how to use the Scientific Method to deduce specific behavior and to target, analyze, extract and modify specific operations of a program, usually for interoperability purposes. As such, the book takes a top-down approach, starting at the highest level (program behavior) and drilling down to assembly when it is needed.
![[Note]](images/note.png) | Note |
|---|---|
This book is currently incomplete, and we are looking for a publisher to publish a completed version. Please contact the authors if you are interested in helping to publish this book or know someone who would be. | |
Table of Contents
- 1. Introduction
- 2. The Compilation Process
- 3. Gathering Info
- 4. Determining Program Behavior
- 5. Determining Interesting Functions
- 6. Understanding Assembly
- 7. Debugging
- 8. Executable formats
- 9. Code Modification
- 10. Network Application Interception
- 11. Contribut(e|ions)!
- 12. Extra Resources
- A. Tools
- B. Documentation resouces
- C. Web links and resources
List of Figures
- 1.1. Exploring a Hypothesis Space
- 2.1. The compilation Process
- 2.2. The Java Compile/Execute Path
- 3.1. Process Explorer
- 3.2. Depends
- 3.3. Netstat output
- 3.4. Ethereal capture
- 7.1. ASM in DDD
- 7.2. Stack Displays with New Display Window
- 8.1. PEView Executable Viewer
- 8.2. IMAGE_DOS_HEADER
- 8.3. IMAGE_NT_HEADERS
- 8.4. IMAGE_FILE_HEADER
- 8.5. IMAGE_OPTONAL_HEADERS
- 8.6. IMAGE_DATA_DIRECTORY
- 8.7. IMAGE_IMPORT_DIRECTORY
- 8.8. IMAGE_THUNK_DATA