更新时间:2021-06-10 19:41:16
coverpage
Title Page
Packt Upsell
Why subscribe?
Packt.com
Contributors
About the author
About the reviewers
Packt is searching for authors like you
Preface
Who this book is for
What this book covers
To get the most out of this book
Download the example code files
Download the color images
Conventions used
Get in touch
Reviews
Preparing to Reverse
Reverse engineering
Technical requirements
Reverse engineering as a process
Seeking approval
Static analysis
Dynamic analysis
Low-level analysis
Reporting
Tools
Binary analysis tools
Disassemblers
Debuggers
Monitoring tools
Decompilers
Malware handling
Basic analysis lab setup
Our setup
Samples
Summary
Identification and Extraction of Hidden Components
The operating system environment
The filesystem
Memory
The registry system
Typical malware behavior
Persistence
Run keys
Load and Run values
Startup values
The Image File Execution Options key
Malware delivery
Email
Instant messenger
The computer network
Media storage
Exploits and compromised websites
Software piracy
Malware file properties
Payload – the evil within
Autoruns
The Process explorer
Further reading
The Low-Level Language
Binary numbers
Bases
Converting between bases
Binary arithmetic
Signed numbers
x86
Registers
Memory addressing
Endianness
Basic instructions
Opcode bytes
Copying data
MOV and LEA
Arithmetic operations
Addition and subtraction
Increment and decrement instructions
Multiplication and division instructions
Other signed operations
Bitwise algebra
Control flow
Stack manipulation
Tools – builder and debugger
Popular assemblers
MASM
NASM
FASM
x86 Debuggers
WinDbg
Ollydebug
x64dbg
Hello World
Installation of FASM
It works!
Dealing with common errors when building
