Practical binary analysis : build your own Linux tools for binary instrumentation, analysis, and disassembly

Practical binary analysis build your own Linux tools for binary instrumentation, analysis, and disassembly

As malware increasingly obfuscates itself and applies anti-analysis techniques to thwart our analysis, we need more sophisticated methods that allow us to raise that dark curtain designed to keep us out—binary analysis can help. The goal of all binary analysis is to determine (and possibly modify) t...

Descripción completa

Detalles Bibliográficos
Otros Autores: Andriesse, Dennis, author (author), Bos, Herbert, writer of foreword (writer of foreword)
Formato: Libro electrónico
Idioma:Inglés
Publicado: San Francisco : No Starch Press [2019]
Edición:1st edition
Materias:
Linux
Binary system (Mathematics)
Assembladors de paquets
Sistema binari (Matemàtica)
Disassemblers (Computer programs)
Ver en Biblioteca Universitat Ramon Llull:https://discovery.url.edu/permalink/34CSUC_URL/1im36ta/alma991009630557006719
Tabla de Contenidos:
  • Intro
  • Title Page
  • Copyright Page
  • Dedication
  • BRIEF CONTENTS
  • CONTENTS IN DETAIL
  • FOREWORD by Herbert Bos
  • PREFACE
  • ACKNOWLEDGMENTS
  • INTRODUCTION
  • What Is Binary Analysis, and Why Do You Need It?
  • What Makes Binary Analysis Challenging?
  • Who Should Read This Book?
  • What's in This Book?
  • How to Use This Book
  • PART I: BINARY FORMATS
  • 1 ANATOMY OF A BINARY
  • 1.1 The C Compilation Process
  • 1.2 Symbols and Stripped Binaries
  • 1.3 Disassembling a Binary
  • 1.4 Loading and Executing a Binary
  • 1.5 Summary
  • Exercises
  • 2 THE ELF FORMAT
  • 2.1 The Executable Header
  • 2.2 Section Headers
  • 2.3 Sections
  • 2.4 Program Headers
  • 2.5 Summary
  • Exercises
  • 3 THE PE FORMAT: A BRIEF INTRODUCTION
  • 3.1 The MS-DOS Header and MS-DOS Stub
  • 3.2 The PE Signature, File Header, and Optional Header
  • 3.3 The Section Header Table
  • 3.4 Sections
  • 3.5 Summary
  • Exercises
  • 4 BUILDING A BINARY LOADER USING LIBBFD
  • 4.1 What Is libbfd?
  • 4.2 A Simple Binary-Loading Interface
  • 4.3 Implementing the Binary Loader
  • 4.4 Testing the Binary Loader
  • 4.5 Summary
  • Exercises
  • PART II: BINARY ANALYSIS FUNDAMENTALS
  • 5 BASIC BINARY ANALYSIS IN LINUX
  • 5.1 Resolving Identity Crises Using file
  • 5.2 Using ldd to Explore Dependencies
  • 5.3 Viewing File Contents with xxd
  • 5.4 Parsing the Extracted ELF with readelf
  • 5.5 Parsing Symbols with nm
  • 5.6 Looking for Hints with strings
  • 5.7 Tracing System Calls and Library Calls with strace and ltrace
  • 5.8 Examining Instruction-Level Behavior Using objdump
  • 5.9 Dumping a Dynamic String Buffer Using gdb
  • 5.10 Summary
  • Exercise
  • 6 DISASSEMBLY AND BINARY ANALYSIS FUNDAMENTALS
  • 6.1 Static Disassembly
  • 6.2 Dynamic Disassembly
  • 6.3 Structuring Disassembled Code and Data
  • 6.4 Fundamental Analysis Methods
  • 6.5 Effects of Compiler Settings on Disassembly.
  • 6.6 Summary
  • Exercises
  • 7 SIMPLE CODE INJECTION TECHNIQUES FOR ELF
  • 7.1 Bare-Metal Binary Modification Using Hex Editing
  • 7.2 Modifying Shared Library Behavior Using LD_PRELOAD
  • 7.3 Injecting a Code Section
  • 7.4 Calling Injected Code
  • 7.5 Summary
  • Exercises
  • PART III: ADVANCED BINARY ANALYSIS
  • 8 CUSTOMIZING DISASSEMBLY
  • 8.1 Why Write a Custom Disassembly Pass?
  • 8.2 Introduction to Capstone
  • 8.3 Implementing a ROP Gadget Scanner
  • 8.4 Summary
  • Exercises
  • 9 BINARY INSTRUMENTATION
  • 9.1 What Is Binary Instrumentation?
  • 9.2 Static Binary Instrumentation
  • 9.3 Dynamic Binary Instrumentation
  • 9.4 Profiling with Pin
  • 9.5 Automatic Binary Unpacking with Pin
  • 9.6 Summary
  • Exercises
  • 10 PRINCIPLES OF DYNAMIC TAINT ANALYSIS
  • 10.1 What Is DTA?
  • 10.2 DTA in Three Steps: Taint Sources, Taint Sinks, and Taint Propagation
  • 10.3 Using DTA to Detect the Heartbleed Bug
  • 10.4 DTA Design Factors: Taint Granularity, Taint Colors, and Taint Policies
  • 10.5 Summary
  • Exercise
  • 11 PRACTICAL DYNAMIC TAINT ANALYSIS WITH LIBDFT
  • 11.1 Introducing libdft
  • 11.2 Using DTA to Detect Remote Control-Hijacking
  • 11.3 Circumventing DTA with Implicit Flows
  • 11.4 A DTA-Based Data Exfiltration Detector
  • 11.5 Summary
  • Exercise
  • 12 PRINCIPLES OF SYMBOLIC EXECUTION
  • 12.1 An Overview of Symbolic Execution
  • 12.2 Constraint Solving with Z3
  • 12.3 Summary
  • Exercises
  • 13 PRACTICAL SYMBOLIC EXECUTION WITH TRITON
  • 13.1 Introduction to Triton
  • 13.2 Maintaining Symbolic State with Abstract Syntax Trees
  • 13.3 Backward Slicing with Triton
  • 13.4 Using Triton to Increase Code Coverage
  • 13.5 Automatically Exploiting a Vulnerability
  • 13.6 Summary
  • Exercise
  • PART IV: APPENDIXES
  • A A CRASH COURSE ON X86 ASSEMBLY
  • A.1 Layout of an Assembly Program
  • A.2 Structure of an x86 Instruction.
  • A.3 Common x86 Instructions
  • A.4 Common Code Constructs in Assembly
  • B IMPLEMENTING PT_NOTE OVERWRITING USING LIBELF
  • B.1 Required Headers
  • B.2 Data Structures Used in elfinject
  • B.3 Initializing libelf
  • B.4 Getting the Executable Header
  • B.5 Finding the PT_NOTE Segment
  • B.6 Injecting the Code Bytes
  • B.7 Aligning the Load Address for the Injected Section
  • B.8 Overwriting the .note.ABI-tag Section Header
  • B.9 Setting the Name of the Injected Section
  • B.10 Overwriting the PT_NOTE Program Header
  • B.11 Modifying the Entry Point
  • C LIST OF BINARY ANALYSIS TOOLS
  • C.1 Disassemblers
  • C.2 Debuggers
  • C.3 Disassembly Frameworks
  • C.4 Binary Analysis Frameworks
  • D FURTHER READING
  • D.1 Standards and References
  • D.2 Papers and Articles
  • D.3 Books
  • INDEX.

Ejemplares similares