Reverse Engineering for Beginners-en(1), matma

[ Pobierz całość w formacie PDF ]
//-->Reverse Engineering for BeginnersDennis YurichevReverse Engineering for BeginnersDennis Yurichev<dennis(a)yurichev.com>c bnd©2013-2015, Dennis Yurichev.This work is licensed under the Creative Commons Attribution-NonCommercial-NoDerivs 3.0 Unported License. To view acopy of this license, visitText version (July 31, 2015).The latest version (and Russian edition) of this text accessible atbeginners.re.An e-book reader version is also available.There is also a LITE-version (introductory short version), intended for those who want a very quick introduction to thebasics of reverse engineering:beginners.reYou can also follow me on twitter to get information about updates of this text:@yurichev1or to subscribe to themailing list2.The cover was made by Andy Nechaevsky:facebook.1twitter.com/yurichev2yurichev.comiPlease take this short survey!Your feedback is extremely important to the author!iiABRIDGED CONTENTSABRIDGED CONTENTSAbridged contentsIIIIIIIVVVIVIICode patternsImportant fundamentalsSlightly more advanced examplesJavaFinding important/interesting stuff in the codeOS-specificTools1463472620658681735VIIIIXXXIXIIExamples of real-world RE3tasks741855886904908946948988Examples of reversing proprietary file formatsOther thingsBooks/blogs worth readingExercisesAfterwordAppendixAcronyms used3ReverseEngineeringiiiCONTENTSCONTENTSContents0.0.1Donate. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxiiICode patterns133555667778910101112131314151517181818202121222222221 A short introduction to the CPU1.1 A couple of words about different ISA4s. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2 The simplest Function2.1 x86. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2.2 ARM. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2.3 MIPS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2.3.1 A note about MIPS instruction/register names........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................3 Hello, world!3.1 x86. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3.1.1 MSVC. . . . . . . . . . . . . . . . . . . . . . . . . . .3.1.2 GCC. . . . . . . . . . . . . . . . . . . . . . . . . . . .3.1.3 GCC: AT&T syntax. . . . . . . . . . . . . . . . . . .3.2 x86-64. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3.2.1 MSVC—x86-64. . . . . . . . . . . . . . . . . . . . .3.2.2 GCC—x86-64. . . . . . . . . . . . . . . . . . . . . .3.3 GCC—one more thing. . . . . . . . . . . . . . . . . . . . . .3.4 ARM. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3.4.1 Non-optimizing Keil 6/2013 (ARM mode). . . .3.4.2 Non-optimizing Keil 6/2013 (Thumb mode). . .3.4.3 Optimizing Xcode 4.6.3 (LLVM) (ARM mode). . .3.4.4 Optimizing Xcode 4.6.3 (LLVM) (Thumb-2 mode)3.4.5 ARM64. . . . . . . . . . . . . . . . . . . . . . . . . .3.5 MIPS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3.5.1 A word about “global pointer”. . . . . . . . . . . .3.5.2 Optimizing GCC. . . . . . . . . . . . . . . . . . . . .3.5.3 Non-optimizing GCC. . . . . . . . . . . . . . . . . .3.5.4 Role of the stack frame in this example. . . . . .3.5.5 Optimizing GCC: load it into GDB. . . . . . . . . .3.6 Conclusion. . . . . . . . . . . . . . . . . . . . . . . . . . . . .3.7 Exercises. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3.7.1 Exercise #1. . . . . . . . . . . . . . . . . . . . . . .3.7.2 Exercise #2. . . . . . . . . . . . . . . . . . . . . . .4 Function prologue and epilogue244.1 Recursion. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 245 Stack5.1 Why does the stack grow backwards?. . . .5.2 What is the stack used for?. . . . . . . . . .5.2.1 Save the function’s return address.5.2.2 Passing function arguments. . . . .5.2.3 Local variable storage. . . . . . . . .5.2.4 x86: alloca() function. . . . . . . . .5.2.5 (Windows) SEH. . . . . . . . . . . . .5.2.6 Buffer overflow protection. . . . . .4Instruction........................................................................................................................................................................................................................................................................................................................................................252526262728283030Set Architectureiv [ Pobierz całość w formacie PDF ]

  • zanotowane.pl
  • doc.pisz.pl
  • pdf.pisz.pl
  • tejsza.htw.pl

    •