Foundations of Linux Debugging, Disassembling, and Reversing: Analyze Binary Code, Understand Stack Memory Usage, and Reconstruct C/C++ Code with Intel x64 / Основы отладки, дизассемблирования и реверсирования Linux: Анализ двоичного кода, понимание использования стековой памяти и восстановление кода C/C++ с помощью Intel x64 Год издания: 2023 Автор: Vostokov Dmitry / Востоков Дмитрий Издательство: Apress Media ISBN: 978-1-4842-9153-5 Язык: Английский Формат: PDF, EPUB Качество: Издательский макет или текст (eBook) Интерактивное оглавление: Да Количество страниц: 181 Описание: Review topics ranging from Intel x64 assembly language instructions and writing programs in assembly language, to pointers, live debugging, and static binary analysis of compiled C and C++ code. This book is ideal for Linux desktop and cloud developers. Using the latest version of Debian, you’ll focus on the foundations of the diagnostics of core memory dumps, live and postmortem debugging of Linux applications, services, and systems, memory forensics, malware, and vulnerability analysis. This requires an understanding of x64 Intel assembly language and how C and C++ compilers generate code, including memory layout and pointers. This book provides the background knowledge and practical foundations you’ll need in order to master internal Linux program structure and behavior. It consists of practical step-by-step exercises of increasing complexity with explanations and ample diagrams. You’ll also work with the GDB debugger and use it for disassembly and reversing. By the end of the book, you will have a solid understanding of how Linux C and C++ compilers generate binary code. In addition, you will be able to analyze such code confidently, understand stack memory usage, and reconstruct original C/C++ code. Foundations of Linux Debugging, Disassembling, and Reversing is the perfect companion to Foundations of ARM64 Linux Debugging, Disassembling, and Reversing for readers interested in the cloud or cybersecurity. What You'll Learn Review the basics of x64 assembly language Examine the essential GDB debugger commands for debugging and binary analysis Study C and C++ compiler code generation with and without compiler optimizations Look at binary code disassembly and reversing patterns See how pointers in C and C++ are implemented and used Who This Book Is For Software support and escalation engineers, cloud security engineers, site reliability engineers, DevSecOps, platform engineers, software testers, Linux C/C++ software engineers and security researchers without Intel x64 assembly language background, beginners learning Linux software reverse engineering techniques, and engineers coming from non-Linux environments. Рассмотрите темы, варьирующиеся от инструкций на языке ассемблера Intel x64 и написания программ на языке ассемблера, до указателей, оперативной отладки и статического двоичного анализа скомпилированного кода C и C++. Эта книга идеально подходит для разработчиков настольных компьютеров Linux и облачных приложений. Используя последнюю версию Debian, вы сосредоточитесь на основах диагностики дампов памяти ядра, оперативной и посмертной отладке приложений, служб и систем Linux, криминалистике памяти, анализе вредоносных программ и уязвимостей. Это требует понимания языка ассемблера Intel x64 и того, как компиляторы C и C++ генерируют код, включая расположение памяти и указатели. Эта книга предоставляет базовые знания и практические основы, которые вам понадобятся для освоения внутренней структуры и поведения программ Linux. Она состоит из практических пошаговых упражнений возрастающей сложности с объяснениями и обширными диаграммами. Вы также будете работать с отладчиком GDB и использовать его для дизассемблирования и реверсирования. К концу книги у вас будет четкое представление о том, как компиляторы Linux C и C++ генерируют двоичный код. Кроме того, вы сможете уверенно анализировать такой код, понимать использование стековой памяти и реконструировать исходный код C/C++. Основы отладки, дизассемблирования и реверсирования Linux - идеальное дополнение к основам отладки, дизассемблирования и реверсирования ARM64 Linux для читателей, интересующихся облаком или кибербезопасностью. Что вы узнаете Ознакомитесь с основами языка ассемблера x64 Изучите основные команды отладчика GDB для отладки и двоичного анализа Изучите генерацию кода компиляторами C и C++ с оптимизацией компилятора и без нее Посмотрите на дизассемблирование двоичного кода и обратные шаблоны Посмотрите, как реализуются и используются указатели в C и C++ Для кого предназначена эта книга Инженеры по поддержке программного обеспечения и эскалации, инженеры по облачной безопасности, инженеры по надежности сайтов, разработчики программного обеспечения, инженеры-платформеры, тестировщики программного обеспечения, инженеры-программисты Linux C/C++ и исследователи безопасности без знания языка ассемблера Intel x64, новички, изучающие методы реверс-инжиниринга программного обеспечения Linux, и инженеры, работающие в средах, отличных от Linux.
Примеры страниц
Оглавление
About the Author ..........................................................................................ix About the Technical Reviewer .........................................................................xi Preface ........................................................................................................xiii Chapter 1: Memory, Registers, and Simple Arithmetic .........................................1 Memory and Registers Inside an Idealized Computer ..........................................1 Memory and Registers Inside Intel 64-Bit PC .......................................................2 “Arithmetic” Project: Memory Layout and Registers ............................................3 “Arithmetic” Project: A Computer Program ...........................................................5 “Arithmetic” Project: Assigning Numbers to Memory Locations ...........................5 Assigning Numbers to Registers ...........................................................................8 “Arithmetic” Project: Adding Numbers to Memory Cells .......................................8 Incrementing/Decrementing Numbers in Memory and Registers .......................11 Multiplying Numbers ...........................................................................................14 Summary.............................................................................................................17 Chapter 2: Code Optimization .............................................................................19 “Arithmetic” Project: C/C++ Program .................................................................19 Downloading GDB ...............................................................................................20 GDB Disassembly Output – No Optimization .......................................................20 GDB Disassembly Output – Optimization ............................................................25 Summary.............................................................................................................26 Chapter 3: Number Representations.....................................................................27 Numbers and Their Representations ...................................................................27 Decimal Representation (Base Ten) ....................................................................28 Ternary Representation (Base Three) ..................................................................29 Binary Representation (Base Two) ......................................................................29 Hexadecimal Representation (Base Sixteen) ......................................................30 Why Are Hexadecimals Used? .............................................................................30 Summary.............................................................................................................32 Chapter 4: Pointers ...............................................................................................33 A Definition..........................................................................................................33 “Pointers” Project: Memory Layout and Registers ..............................................34 “Pointers” Project: Calculations ..........................................................................36 Using Pointers to Assign Numbers to Memory Cells ...........................................36 Adding Numbers Using Pointers .........................................................................42 Incrementing Numbers Using Pointers ...............................................................45 Multiplying Numbers Using Pointers ...................................................................48 Summary.............................................................................................................51 Chapter 5: Bytes, Words, Double, and Quad Words .................................................53 Using Hexadecimal Numbers ..............................................................................53 Byte Granularity ..................................................................................................53 Bit Granularity .....................................................................................................54 Memory Layout ...................................................................................................55 Summary.............................................................................................................58 Chapter 6: Pointers to Memory ..............................................................................59 Pointers Revisited ...............................................................................................59 Addressing Types ................................................................................................59 Registers Revisited .............................................................................................65 NULL Pointers .....................................................................................................65 Invalid Pointers ...................................................................................................65 Variables As Pointers ..........................................................................................66 Pointer Initialization ............................................................................................67 Initialized and Uninitialized Data .........................................................................67 More Pseudo Notation .........................................................................................68 “MemoryPointers” Project: Memory Layout..............................................................68 Summary.............................................................................................................79 Chapter 7: Logical Instructions and RIP ..................................................................81 Instruction Format...............................................................................................81 Logical Shift Instructions ....................................................................................82 Logical Operations ..............................................................................................82 Zeroing Memory or Registers.................................................................................83 Instruction Pointer ...............................................................................................84 Code Section .......................................................................................................85 Summary.............................................................................................................86 Chapter 8: Reconstructing a Program with Pointers .................................................87 Example of Disassembly Output: No Optimization ..............................................87 Reconstructing C/C++ Code: Part 1 ....................................................................90 Reconstructing C/C++ Code: Part 2 ....................................................................92 Reconstructing C/C++ Code: Part 3 ....................................................................93 Reconstructing C/C++ Code: C/C++ Program ....................................................94 Example of Disassembly Output: Optimized Program .........................................95 Summary.............................................................................................................96 Chapter 9: Memory and Stacks ............................................................................97 Stack: A Definition ...............................................................................................97 Stack Implementation in Memory .......................................................................98 Things to Remember .........................................................................................100 PUSH Instruction ...............................................................................................101 POP Instruction .................................................................................................101 Register Review ................................................................................................102 Application Memory Simplified .............................................................................105 Stack Overflow ..................................................................................................105 Jumps ...............................................................................................................106 Calls ..................................................................................................................108 Call Stack ..........................................................................................................110 Exploring Stack in GDB .....................................................................................112 Summary...........................................................................................................115 Chapter 10: Frame Pointer and Local Variables .......................................................117 Stack Usage ......................................................................................................117 Register Review ................................................................................................118 Addressing Array Elements ...............................................................................118 Stack Structure (No Function Parameters) ...........................................................119 Function Prolog .................................................................................................121 Raw Stack (No Local Variables and Function Parameters) ........................................121 Function Epilog .................................................................................................123 “Local Variables” Project ..................................................................................124 Disassembly of Optimized Executable ..............................................................127 Summary...........................................................................................................128 Chapter 11: Function Parameters .......................................................................129 “FunctionParameters” Project ..........................................................................129 Stack Structure .................................................................................................130 Function Prolog and Epilog ...............................................................................132 Project Disassembled Code with Comments ....................................................133 Parameter Mismatch Problem ..........................................................................137 Summary...........................................................................................................138 Chapter 12: More Instructions .............................................................................139 CPU Flags Register ............................................................................................139 The Fast Way to Fill Memory .............................................................................140 Testing for 0 ......................................................................................................141 TEST – Logical Compare ...................................................................................142 CMP – Compare Two Operands .........................................................................143 TEST or CMP? ...................................................................................................144 Conditional Jumps ............................................................................................144 The Structure of Registers ................................................................................145 Function Return Value .......................................................................................146 Using Byte Registers .........................................................................................146 Summary...........................................................................................................147 Chapter 13: Function Pointer Parameters ..............................................................149 “FunctionPointerParameters” Project ...................................................................149 Commented Disassembly .................................................................................150 Summary...........................................................................................................159 Chapter 14: S ummary of Code Disassembly Patterns ...........................................161 Function Prolog/Epilog ......................................................................................161 LEA (Load Effective Address) ............................................................................164 Passing Parameters ..........................................................................................164 Accessing Parameters and Local Variables ............................................................165 Summary...........................................................................................................166 Index .............................................................................................................167
Vostokov Dmitry / Востоков Дмитрий - Foundations of Linux Debugging, Disassembling, and Reversing / Основы отладки, дизассемблирования и реверсирования Linux [2023, PDF, EPUB, ENG] download torrent for free and without registration
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum You cannot attach files in this forum You can download files in this forum
![[Quote]](./templates/default/images/lang/en/icon_quote.gif "Reply with quote"){kind=icon}
![[Profile]](./templates/default/images/lang/en/icon_profile.gif "View user's profile"){kind=icon}
![[PM]](./templates/default/images/lang/en/icon_pm.gif "Send private message"){kind=icon}
