Practical Binary Analysis: Build Your Own Linux Tools for Binary Instrumentation, Analysis, and Disassembly (Paperback)

Dennis Andriesse

  • 出版商: No Starch Press
  • 出版日期: 2018-12-11
  • 定價: $1,750
  • 售價: 9.5$1,663
  • 貴賓價: 9.0$1,575
  • 語言: 英文
  • 頁數: 456
  • 裝訂: Paperback
  • ISBN: 1593279124
  • ISBN-13: 9781593279127
  • 相關分類: LinuxAssembly
  • 相關翻譯: 二進制分析實戰 (簡中版)
  • 立即出貨 (庫存 < 4)

買這商品的人也買了...

商品描述

Stop manually analyzing binary! Practical Binary Analysis is the first book of its kind to present advanced binary analysis topics, such as binary instrumentation, dynamic taint analysis, and symbolic execution, in an accessible way.

As malware increasingly obfuscates itself and applies anti-analysis techniques to thwart our analysis, we need more sophisticated methods that allow us to raise that dark curtain designed to keep us out--binary analysis can help. The goal of all binary analysis is to determine (and possibly modify) the true properties of binary programs to understand what they really do, rather than what we think they should do. While reverse engineering and disassembly are critical first steps in many forms of binary analysis, there is much more to be learned.

This hands-on guide teaches you how to tackle the fascinating but challenging topics of binary analysis and instrumentation and helps you become proficient in an area typically only mastered by a small group of expert hackers. It will take you from basic concepts to state-of-the-art methods as you dig into topics like code injection, disassembly, dynamic taint analysis, and binary instrumentation. Written for security engineers, hackers, and those with a basic working knowledge of C/C++ and x86-64, Practical Binary Analysis will teach you in-depth how binary programs work and help you acquire the tools and techniques needed to gain more control and insight into binary programs.

Once you've completed an introduction to basic binary formats, you'll learn how to analyze binaries using techniques like the GNU/Linux binary analysis toolchain, disassembly, and code injection. You'll then go on to implement profiling tools with Pin and learn how to build your own dynamic taint analysis tools with libdft and symbolic execution tools using Triton. You'll learn how to:

- Parse ELF and PE binaries and build a binary loader with libbfd
- Use data-flow analysis techniques like program tracing, slicing, and reaching definitions analysis to reason about runtime flow of your programs
- Modify ELF binaries with techniques like parasitic code injection and hex editing
- Build custom disassembly tools with Capstone
- Use binary instrumentation to circumvent anti-analysis tricks commonly used by malware
- Apply taint analysis to detect control hijacking and data leak attacks
- Use symbolic execution to build automatic exploitation tools

With exercises at the end of each chapter to help solidify your skills, you'll go from understanding basic assembly to performing some of the most sophisticated binary analysis and instrumentation. Practical Binary Analysis gives you what you need to work effectively with binary programs and transform your knowledge from basic understanding to expert-level proficiency.

商品描述(中文翻譯)

停止手動分析二進制!《實用二進制分析》是第一本以易於理解的方式介紹高級二進制分析主題的書籍,包括二進制儀器化、動態污點分析和符號執行等。

隨著惡意軟體越來越多地對自身進行混淆並應用反分析技術來阻撓我們的分析,我們需要更複雜的方法來突破那道旨在阻止我們進入的黑暗幕布,而二進制分析可以幫助我們。所有二進制分析的目標都是確定(並可能修改)二進制程序的真實屬性,以了解它們真正的功能,而不是我們認為它們應該具備的功能。儘管逆向工程和反組譯是許多形式的二進制分析的關鍵第一步,但還有很多可以學習的東西。

這本實用指南將教你如何應對有趣但具有挑戰性的二進制分析和儀器化主題,並幫助你成為一個在這個領域通常只有少數專家黑客掌握的人。它將帶你從基本概念到最先進的方法,深入探討代碼注入、反組譯、動態污點分析和二進制儀器化等主題。《實用二進制分析》針對安全工程師、黑客和具有基本C/C++和x86-64工作知識的人,將深入教授二進制程序的工作原理,並幫助你獲得更多控制和洞察力的工具和技術。

在介紹基本二進制格式後,你將學習如何使用GNU/Linux二進制分析工具鏈、反組譯和代碼注入等技術來分析二進制程序。然後,你將使用Pin實現分析工具,並學習如何使用libdft構建自己的動態污點分析工具和使用Triton的符號執行工具。你將學習如何:

- 解析ELF和PE二進制文件,並使用libbfd構建二進制加載器
- 使用數據流分析技術,如程序追蹤、切片和到達定義分析,來推理程序的運行時流程
- 使用寄生代碼注入和十六進制編輯等技術修改ELF二進制文件
- 使用Capstone構建自定義反組譯工具
- 使用二進制儀器化繞過惡意軟體常用的反分析技巧
- 應用污點分析來檢測控制劫持和數據洩漏攻擊
- 使用符號執行構建自動利用工具

每章末尾的練習將幫助你鞏固你的技能,從理解基本組合語言到執行一些最複雜的二進制分析和儀器化。《實用二進制分析》將為你提供與二進制程序有效工作所需的知識,將你的基礎理解轉化為專家級的熟練程度。