Reddit Reddit reviews Reversing: Secrets of Reverse Engineering

We found 31 Reddit comments about Reversing: Secrets of Reverse Engineering. Here are the top ones, ranked by their Reddit score.

Computers & Technology
Books
Computer Programming
Software Design, Testing & Engineering
Software Development
Reversing: Secrets of Reverse Engineering
Wiley
Check price on Amazon

31 Reddit comments about Reversing: Secrets of Reverse Engineering:

u/Hyru · 39 pointsr/programming

Books

u/DucBlangis · 20 pointsr/netsecstudents

Here is a "curriculum" of sorts I would suggest, as it's fairly close to how I learned:

  1. Programming. Definitely learn "C" first as all of the Exploitation and Assembly courses below assume you know C: The bible is pretty much Dennis Richie and Kernighan's "The C Programming Language", and here is the .pdf (this book is from 1988, I don't think anyone would mind). I actually prefer Kochan's book "Programming in C" which is very beginner freindly and was written in 2004 rather than 1988 making the language a little more "up to date" and accessible. There are plenty of "C Programming" tutorials on YouTube that you can use in conjunction with either of the aforementioned books as well. After learning C than you can try out some other languages. I personally suggest Python as it is very beginner friendly and is well documented. Ruby isn't a bad choice either.

  2. Architecture and Computer basics:
    Generally you'll probably want to look into IA-32 and the best starting point is the Intel Architecture manual itself, the .pdf can be found here (pdf link).
    Because of the depth of that .pdf I would suggest using it mainly as a reference guide while studying "Computer Systems: A Programmers Perspective" and "Secrets of Reverse Engineering".

  3. Operating Systems: Choose which you want to dig into: Linux or Windows, and put the effort into one of them, you can come back to the other later. I would probably suggest Linux unless you are planning on specializing in Malware Analysis, in which case I would suggest Windows. Linux: No Starch's "How Linux Works" is a great beginner resource as is their "Linux Command Line" book. I would also check out "Understanding the Linux Kernel" (that's a .pdf link). For Windows you can follow the Windows Programming wiki here or you can buy the book "Windows System Programming". The Windows Internals books are generally highly regarded, I didn't learn from them I use them more as a reference so I an't really speak to how well they would teach a "beginner".

  4. Assembly: You can't do much better than OpenSecurityTraining's "Introductory Intel x86: Architecture, Assembly, Applications, & Alliteration" class lectures from Xeno Kovah, found here. The book "Secrets of Reverse Engineering" has a very beginner friendly introduction to Assembly as does "Hacking: The Art of Exploitation".

  5. Exploitation: OpenSecurityTraining also has a great video series for Introduction to Exploits. "Hacking: The Art of Exploitation" is a really, really good book that is completely self-contained and will walk you through the basics of assembly. The author does introduce you to C and some basic principles of Linux but I would definitely suggest learning the basics of C and Linux command line first as his teaching style is pretty "hard and fast".

  6. Specialized fields such as Cryptology and Malware Analysis.


    Of course if you just want to do "pentesting/vuln assessment" in which you rely more on toolsets (for example, Nmap>Nessus>Metasploit) structured around a methodology/framework than you may want to look into one of the PACKT books on Kali or backtrack, get familiar with the tools you will use such as Nmap and Wireshark, and learn basic Networking (a simple CompTIA Networking+ book will be a good enough start). I personally did not go this route nor would I recommend it as it generally shys away from the foundations and seems to me to be settling for becoming comfortable with tools that abstract you from the real "meat" of exploitation and all the things that make NetSec great, fun and challenging in the first place. But everyone is different and it's really more of a personal choice. (By the way, I'm not suggesting this is "lame" or anything, it was just not for me.)

    *edited a name out





u/[deleted] · 18 pointsr/netsec

It really depends on what niche you're looking on covering. It's difficult, I feel, to brush up on "infosec" to any level of practical proficiency without focusing on a few subsets. Based on your interests, I would recommend the following books.

General Hacking:

Hacking Exposed

The Art of Exploitation

The Art of Deception



Intrusion Detection / Incident Response:

Network Flow Analysis

The Tao of Network Security Monitoring

Practical Intrusion Analysis

Real Digital Forensics


Reverse Engineering:

Reversing: Secrets of Reverse Engineering

The Ida Pro Book

Malware Analyst Cookbook

Malware Forensics



Digital Forensics:

File System Forensic Analysis

Windows Forensic Analysis

Real Digital Forensics

The Rootkit Arsenal


Hope this helps. If you're a University student, you might have access to Safari Books Online, which has access to almost all of these books, and more. You can also purchase a personal subscription for like $23 a month. It's a bit pricey, but they have an awesome library of technical books.

u/ap0x · 12 pointsr/ReverseEngineering

Chapter 3 - Windows fundamentals; Secrets of Reverse engineering by Eldad Eilam should be an easy high level overview of the subject. The rest of the book is a great resource too.

u/jeremywilms · 10 pointsr/hacking

Depending on the sort of hacking you want to do, your programming skills will likely complement your learning experience very well.

Depending on what sort of programming you've been doing and what your target is, it could also be totally irrelevant.

If you're looking to find exploits in software (i.e inside of a server) you'll need to understand how to reverse engineer it and search for exploits - getting a hang of IDA Pro and OllyDbg will be key to this. If you're looking for software exploits, already understanding languages like C and C++ will be highly benificial. Understanding your target's platform will also be crucial.

If you want to get into exploiting websites etc your C programming probably won't be too helpful - since most scripts are most easily hacked up in python or php. If you have any experience in programming server-side logic in php and interfacing with databases then that would be applicable to this field.

As I am more into native software reverse engineering and not hacking webservers I can really only point you down the path of reverse engineering software. A very good book I found for this was http://www.amazon.ca/Reversing-Secrets-Engineering-Eldad-Eilam/dp/0764574817

This book will guide you through the process of offline and online analysis with ollydbg and IDA. Further it will introduce you to the internal workings on the windows platform (which is crucial if you're looking to reverse engineer targets on the windows platform.)

There are some good books on IDA Pro as well.

u/_EvilRin · 10 pointsr/pcgaming

A lot of these people have university degrees or better knowledge about ASM and dissecting than your university professors. Do you really believe people without qualification could beat a software solution of a multi-million dollar company that's sole propose is to protect software (VMProtect and Denuvo), that employs security researches and experts with 10+ years experience in the field and did years of development on said DRM? You sound like you don't have the slightest idea about the amount of brain power that goes into reversing something that doesn't want to be reversed. Maybe educate yourself before drawing conclusions.

u/emtuls · 9 pointsr/netsec

Hey /u/Xerack! I'm the original author of the post linked here.

Appreciate the feedback! If you think I could clarify anything better, please let me know.

As far as resources for Reverse Engineering, I can provide you with a baseline that I would recommend starting with.

x86 Assembly:


If you don't know assembly language at all, this list of videos was where I picked up a decent amount of x86 assembly language.


A few good books would be:


  • Hacking: The Art of Exploitation I am a huge advocate for this book. I learned a lot from this and have read it multiple times. It is written very well and teaches someone with no experience how to do C programming and assembly. This is mainly a book for learning exploitation/vulnerability research, but that can play hand and hand with Reverse Engineering. It will show you the assembly language break down of basic exploits and this can help you with RE.

  • Practical Reverse Engineering I read through the beginning of this book and it gave me some good foundations of understanding memory and computer architecture for RE along with assembly of course

  • Secrets of Reverse Engineering This book is a bit in depth, but the beginning gives another good foundation for Comp Architecture and assembly stuff.

  • The IDA Pro Book Haven't personally read this book yet, but I have been told it is the defacto standard for learning IDA Pro, and it has examples you can learn from.

    Hands On:


  • Legend of Random Very useful hands on with tutorials. Mainly based on cracking, but that requires reverse engineering. Highly recommend this!

  • Lenas Tutorials Again, another awesome hands on tutorial, mostly based on cracking as well.

  • Crackmes These are more of challenges once you start to have a little understanding down

    Courses:

    Tons of courses on youtube. I learn well from visual, so I recommend these youtube videos:


  • Basic Dynamic Analysis
  • Real World Decompilation There are a few videos to this series and he disassembles a game, definitely nice to learn from.


    Beyond that, Google will always be your friend, and /r/reverseengineering. I also have a bunch of material for Malware RE, but that's a bit different than Software RE, though it is relatable.
u/cpp_is_king · 9 pointsr/gamedev

Yea, I actually recommended one in the post above. Here's a direct link though

I'm recommending this only because it's the one book on the topic that I've read and it was really good. There's others too, like this one, but I haven't read them so I can't comment.

Any book about reverse engineering can only teach you the most basic things. But it teaches you enough that once you're on your own, you aren't lost. If you want to develop the skills further, just start disassembling OS functions and figuring out how they work.

Another book that's tangentially related is this one. It isn't about reverse engineering specifically, but rather about debugging (usually without source code), which is obviously a critical skill.

u/smo0shy · 8 pointsr/MrRobot

I actually already have a copy of Hacking: The Art of Exploitation. My personal library consists of around 45 books on a range of computing topics from PHP, MySQL, C++, Windows Internals, CCNA, MCSE/MCSA, Unix, Rootkits, AI, Data Structures and the list goes on.

Other relevant titles include Gray Hat Python, Reversing: Secrets of Reverse Engineering and Rootkits: Subverting the Windows Kernel.

I was going to buy the following: Assembly Language Step-by-step, SQL Injection Attacks and Defense and Metasploit: The Penetration Tester's Guide.

I agree that where one starts really depends on what they want to end up doing. "Hacking" is such a general term and SQL-Injections is completely different from finding 0-days. If I'm honest I'm not sure where to start but I'm open to suggestions.

​

u/PeeWeeHerming · 5 pointsr/AskReddit

Reverse engineer Microsoft patches.

edit: serious answer:

I do this kind of work for a living. I started out in 1995 when I was 13 years old learning from mudge's excellent article on how to write buffer overflows and I progressed from there.

If you're analyzing software for which you have access to source code, you can't beat The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities.

Chris Wysopal's Art of Software Security Testing is also good.


If you're attacking software for which you have no source code, learn about fuzzing and reverse engineering. An excellent intro to reverse engineering is Reversing: Secrets of Reverse Engineering.

Those will get you started, but it helps to have people around you who are successfully discovering and exploiting software vulnerabilities. This is also the kind of field where you absolutely have to stay on top of the latest developments in software security. Things move at a mind-boggling pace. Read security blogs, talk to people in the industry, read books, etc...

u/GeneticsGuy · 5 pointsr/wow

Reverse engineering, technically. Blizz doesn't actually publish an official list of available Lua API (which I find odd, personally), but you can find them by looking at memory dumps on each update.

You can also do an /etrace and then see the exact events being fired and thus record anything new. Though, that is a bit inefficient. Blizz often announces UI/Macro changes HERE

If you want to do your own scans to see the latest API check this out here

Some basics on how to do this can be found HERE, though it might be a bit outdated, it is quite good on how to learn for yourself how to reverse engineer programs

u/PM_ME_YOUR_SHELLCODE · 4 pointsr/RELounge

Reversing: Secrets of Reverse Engineering - Is probably the most common book recommendation. Its an older book (2005) but its about as gentle as it gets in terms of the core concepts but its missing a bit due to its age (32bit RE only). I'd liken it to something like Hacking: The Art of Exploitation for exploit developers. Its a solid book, it covers the fundamentals but it'll take a bit more work to get up to speed.

Practical Reverse Engineering - This one is a newer book (2014) while it doesn't cover as many topics as the above book, its less dated in what it does cover, and it does cast a wider net covering things you'll see today like ARM and x64 instead of just x86. I tend to recommend starting with this book, using Reversing and the next book as a reference if there is a chapter of interest.

Practical Malware Analysis - While this one has more traditional RE introduction, where it excels is in dynamic analysis and dealing with software that doesn't want to be analyzed. Now, its from 2012 and malware has changed since then, so its age certainly shows, but again fundamentals remain even if technical details change or are expanded upon.

Practical Binary Analysis - This is the newest book of the list (December 2018). It wouldn't use it alone, but after you've gone through any of the above books, consider this an add-on. Its focus is on dynamic analysis and its modern. I'll admit I haven't read the entire thing yet, but I've been pleased with what I have read.

Edit: s/.ca/.com/g

u/ShadoWolf · 4 pointsr/Futurology

chrome runs at user app level. it's not running in kernal space with rootkit-like functionality.


Google going out of there way to try and illegally spy on you is crazy. simply because any interested party can go and grab a copy of IDA pro and slap it onto chrome right now and do live disassemble the code base as it's running. Watch the stack calls, view library calls, and view network traffic.

But if the overly paranode type. Then go an investigate for yourself you have access to the tools and the books to self-learn the skills need to do so. Here a good jumping off point


http://out7.hex-rays.com/demo/request < request a trail evulation of ida pro

read this
https://www.amazon.ca/Reversing-Secrets-Engineering-Eldad-Eilam/dp/0764574817

this
https://www.amazon.ca/IDA-Pro-Book-Unofficial-Disassembler/dp/1593272898

and finally this
https://www.apress.com/gp/book/9781484200650


u/root_pentester · 3 pointsr/blackhat

No problem. I am by no means an expert in writing code or buffer overflows but I have written several myself and even found a few in the wild which was pretty cool. A lot of people want to jump right in to the fun stuff but find out rather quickly that they are missing the skills to perform those tasks. I always suggest to people to start from the ground up when learning to do anything like this. Before going into buffer overflows you need to learn assembly language. Yes, it can be excellent sleep material but it is certainly a must. Once you get an understand of assembly you should learn basic C++. You don't have to be an expert or even intermediate level just learn the basics of it and be familiar with it. The same goes for assembly. Once you get that writing things like shellcode should be no problem. I'll send you some links for a few books I found very helpful. I own these myself and it helped me tremendously.

Jumping into C++: Alex Allain

Write Great Code: Volume1 Understanding the Machine

Write Great Code: Volume2 Thinking Low-Level, Writing High Level

Reversing: Secrets of Reverse Engineering

Hacking: The Art of Exploitation I used this for an IT Security college course. Professor taught us using this book.

The Shellcoders Handbook This book covers EVERYTHING you need to know about shellcodes and is filled with lots of tips and tricks. I use mostly shells from metasploit to plug in but this goes really deep.

.

If you have a strong foundation of knowledge and know the material from the ground-up you will be very successful in the future.

One more thing, I recently took and passed the course from Offensive Security to get my OSCP (Offensive Security Certified Professional). I learned more from that class than years in school. It was worth every penny spent on it. You get to VPN in their lab and run your tools using Kali Linux against a LOT of machines ranging from Windows to Linux and find real vulnerabilities of all kinds. They have training videos that you follow along with and a PDF that teaches you all the knowledge you need to be a pentester. Going in I only had my CEH from eccouncil and felt no where close to being a pentester. After this course I knew I was ready. At the end you take a 24-long test to pass. No questions or anything just hands on hacking. You have 24 hrs to hack into a number of machines and then another 24 hours to write a real pentest report like you would give a client. You even write your own buffer overflow in the course and they walk you through step by step in a very clear way. The course may seem a bit pricey but I got to say it was really worth it. http://www.offensive-security.com/information-security-certifications/oscp-offensive-security-certified-professional/

u/Grazfather · 2 pointsr/ReverseEngineering

Hah. Just got my order of "Reversing: Secrets of Reverse Engineering" in recently. I'll have to finish that, first.

u/daeken · 2 pointsr/IAmA

Only book I recommend is Reversing by Eldad Eilam (affiliate link if you feel like it: http://www.amazon.com/gp/product/0764574817/ref=as_li_ss_tl?ie=UTF8&camp=1789&creative=390957&creativeASIN=0764574817&linkCode=as2&tag=iha0a-20 )

Otherwise, I just recommend diving in and asking questions of everyone you possibly can. Feel free to contact me, should you want to do so.

u/arvindsraj · 2 pointsr/netsecstudents

Reversing: Secrets of reverse engineering by Eldad Eilam by Eldad Eilam could be included in the reverse engineering section.

u/sanitybit · 2 pointsr/netsec
u/MHHH_SALTY_BALLS · 2 pointsr/gamedev

Even if you don't plan on writing your bots in C/C++, you should still understand how most commonly used compilers compile them to native code.
Most games* are written in C/C++, although .NET ones seem to be gaining popularity.
Once again, assuming Windows, it's usually enough to know how MSVC works.

It's hard to summarize what exactly is 'necessary', as a lot of this comes with experience and some trial & error, but I'll try it anyway:

u/HexCC · 2 pointsr/ReverseEngineering

Thanks for the list. I've been recommended Reversing: Secrets of Reverse Engineering by a friend but it didn't make this list. Does anyone know why?

u/haxcess · 1 pointr/ccna

I remember this text: http://amzn.com/0123742684

And for the programming side of things:

u/bestseeker · 1 pointr/ReverseEngineering

I'll tell it like it is. Most colleges don't really teach useful things these days in favor of giving you a broad education and emptying your wallet. You'd probably only have one or two courses on reverse engineering, if that. The best thing to do is probably learn it on your own and take whichever major of those you enjoy more. I recommend checking out this book for software RE. http://www.amazon.com/gp/product/0764574817/ref=as_li_ss_tl?ie=UTF8&camp=1789&creative=390957&creativeASIN=0764574817&linkCode=as2&tag=viewsite-20

u/robvas · 1 pointr/linux

You need to know a lot of things to be able to figure that kind of stuff out. Not just low-level programming but details about hardware, tricks the developers used to create the product...

These books might be a good start:

Reversing: Secrets of Reverse Engineering

Gray Hat Python - Since you are familiar with Python right now



u/serious_face · 1 pointr/ReverseEngineering

I'm in a similar position (besides having a nice cert ;), and what I'm going through right now is a combination of Lena's tutorials, and Reversing - Secrets of Reverse Engineering. The book actually seems like a really good "foundation" kind of book, since it spends the first 4 chapters or so going over the basics of compilers, operating systems, memory, etc. As for Lena's tutorials, it's hard for me to say because I've only finished a few, but I've heard good things about them. Good luck.

u/The_Sober_Grudge · 1 pointr/askscience

Generally speaking, "reverse engineering" implies getting an executable (like a .exe file on Windows) and trying to figure out what it does at the level of the source code. Reverse engineering is a long and tedious process that is not as simple as it sounds for several reasons.

The first thing that you have to understand is how a program goes from source code to EXE (since we're going in the opposite direction when we reverse an .exe file). When a program is written in a high level language like C or C++, it can't be run by a computer until it has been compiled, a special process performed by a compiler. Compilers take the source code, and translate it first into a middle language called an intermediate representation that represents the logical structure of the program, and then based on that middle language emit machine code. Machine code (which can be translated into a human readable form called assembly language) is the binary language that the CPU actually uses to do computation - it contains very simple instructions like "move this data to this location in memory" or "add these two numbers together". Most compilers will also make a lot of optimizations in before emitting the machine code - for example, if they see a certain piece of data being accessed and stored unnecessarily, they may move the code responsible for the redundancy to another place in the executable to avoid wasted operations. The compiler will finally output a file called an object file, which contains optimized machine code.

However, this file is generally not executable - it still has to be linked by the linker, (which sometimes automatically runs after the compiler). The linker performs several tasks, like fixing up absolute addressing to ensure that a program can be loaded anywhere in it's address space, as well as providing references to shared libraries. Usually when writing big programs, developers will use already-written code, like the C library or other vendor specific packages, by referencing it in the source code. For example, C source code can use statements like

include <stdio.h>


to indicate that the program includes references to the standard input/output library in the C library, which is used to allow user-provided data and to print data to the screen, among other things. So, it's the linker's job to ensure that these libraries are included in the final executable and that the other object files can reference them correctly. To make matters worse, the linker will build the executable program in whatever file format the operating system uses (PE on Windows, ELF on Linux, and Mach-O on OSX), and these file formats store the program data and code in separate locations. However, the linker handles this cleanly and produces a compiled, optimized, and linked program in the right format, which can then be executed. So that's how it happens normally.

So now, let's do it in reverse. Suppose you have suspicious.exe, a file that you think is malware and you want to find out what it does so that you know whether it's dangerous or not. Suspicious.exe is a compiled and linked executable, and since it was optimized, you don't necessarily have a 1-to-1 correspondence between each machine code instruction and each line of source code (and you don't have the source code anyway). Furthermore, the Intel x86 architecture that most commercial personal computers use in their CPUs uses variable length machine code instructions - some of the instructions will be longer than others, so it is very difficult to look at them in a binary and figure out what is doing what. This is where a disassembler is used - a program that takes a raw binary file and emits human readable assembly language. Because of variable length instructions, some disassemblers even emit the wrong assembly instructions sometimes! However, because the program has to be able to run consistently and reliably when given to the CPU, there is always a way to disassemble it into the correct machine code - it sometimes just takes a few hours (and a headache or two).

Now, you've disassembled the file using a tool like IDA Pro (which can cost hundreds or thousands of dollars, depending on the license), and you have human-readable assembly. So why is it still hard to figure out what the program does? Firstly, any descriptive variable names that a programmer used to make the source code more easy to read are gone because the compiler got rid of them once it generated the intermediate representation - so you don't even know what the various memory references are where data is stored. Secondly, while you can tell where functions begin and end, you can't necessarily tell what they do - they're just blobs of assembly, and sometimes not even that; if the functions were included in a shared library, they'll often be just references to the address in memory where the imported library is placed when the operating system loads the process into its address space (it depends on whether the executable is dynamically or statically linked, but that's a more in depth and tangential discussion). You also don't where important data structures - like strings or pointer tables - are because what the disassembler doesn't recognize as code, it'll just call "data" and leave it at that. Thirdly, most of the data in the program depends on the memory state while it's running, which you can't tell just by looking at the assembly. You need to actually run suspicious.exe.

So you take a look at this mess, ask yourself why you chose this job in the first place instead of being a web developer even though they get paid about the same as you, open another can of Rockstar, and you get to work. Generally, you'll start suspicious.exe in a sandbox environment like a virtual machine using a debugger, which is a special program that will allow you to halt it and examine its memory state, register states, and other activity. As the program executes, you will begin to notice behaviors that resemble C structures - how you actually do this is a huge discussion that people have written entire books about, but suffice it to say for now that it comes with experience. Furthermore, if you use IDA (or keep a notebook), you'll write down lots of notes about the program behavior, and use Microsoft's MSDN pages (or Apple's developer documents or the Linux man pages, depending on what environment your executable runs in). Eventually, whatever it is that you were aiming to find out becomes clear, or you quit out of sheer frustration (but usually and hopefully the former).

Bear in mind that most people don't aim to entirely reverse engineer every bit of machine code in an executable. A lot of it isn't related to what you're trying to discover, and so part of the game is first finding what pieces of code are actually relevant (which you do with a debugger by stopping the program's execution once it starts doing stuff relevant to your reversing purposes), then reversing those little parts of the code.