on 3 March 2008
This is a great book and I cannot give it less than 4 stars. It correctly assumes that the reader is a developer using native code tools and requires a hands on introduction to reverse engineering. Now, in similar volumes, Reverse Engineering (RE from now on), is only getting associated with nefarious activities, such as breaking copy protection schemes etc. The examples and pedagogical scope of this book go much further than that, introducing concepts such as RE of file formats (extremely useful), RE in order to locate undocumented functionality and RE in order to "de-armor" malicious code.
In order to keep up with the material presented within, your x86 assembly skills must be at least serviceable, as the author uses LONG uncommented ASM listings on purpose (this is what you expect from using any tool out there). The book includes a chapter on introducing the basics of assembler but I take it that if you have even cursory experience with it, things will be much easier.
Another great thing is that, while the focus of the book is Win32, it is not particularly tied to any given tool. A lot of competing titles on the market focus on (excellent) tools such as Ida Pro and SoftICE, but fortunately the author takes a more or less tool-agnostic approach.
Obviously, due to space and scope constraints, the coverage of the material varies and yes, the emphasis is on copy protection but this is to be expected.
Writing style is concise and informal, a "no-nonsense" approach if you prefer, which only helps the book.
The only fault is that the .Net section is very terse and not as useful as the C++ sections but this can be mitigated, as there are other volumes to cover J2EE and .Net reverse engineering.
Finally, as a personal testimony, after reading this book and practicing a bit with the examples given, I found out RE tasks required in my day job to seem much easier so give it a shot, it will be worth it.
on 1 July 2007
Written very well, and with great enthusiasm by someone who clearly loves the detective work of picking programs apart to see what they do. There must be many in IT with this sort of urge - to get "under the hood" of something and see how the internals work.
I learnt so much from this book, much of which you'd be hard-pressed to find anywhere else - except on some fairly crazy websites/forums. It covers Windows fundamentals (APIs, kernel, threads etc), how compilers work, getting to know IA-32 assembly code (and how to recognise compiler optimizations and arithmetic that might be perplexing at first), breaking protections, and how you can best protect a program yourself. There's also a wonderful chapter where he reverses a piece of malware that he received as an "attachment" in an email.
The book also has a chapter on reversing .NET IL code - like java bytecode there is much more meta-information in the .exe file so it's *much* easier to reconstruct the original code. But most of the book is about reverse engineering C/C++ compiled executables on Windows - nothing about UNIX/Linux here, which I'd be interested to see something on.
The last chapter addresses the possibility of "decompilers", and just how close you can get to the original C(++) source after losing so much info in the compilation stage. Also, and rather importantly, the author looks at legal implications of what you can achieve with reverse engineering.
I'm no expert on the subject - I can't tell what, if anything, he's missed in his subject area. But there's so much here I feel I can safely give 5 stars.
on 5 October 2009
This book gives an insight into some of the inner workings of the Windows system and is written in an easy to read style. It also helps with giving some advice about the ways to defeat spyware. I did not buy it with the intention of doing any actual reversing of software, a process which requires much knowledge and study, but to get a better understanding of some of the processes operating on my computer. In this respect it has been very helpful.
on 25 July 2009
I came across this book by chance because I find this stuff quite interesting. I wasnt expecting too much because the book was relatively cheap, but I was very pleasantly surprised. It's way ahead of other books on the same subject imo. The book is written in a way that is explained crytal clear - even to the novice programmer. That's quite rare in todays software literature. It takes you right through from ground zero.
It's actually turned out to be a very good reference book, of all things, which isn't what I initially was looking for.
If your interested in the subject or want to know whats going on at low level then this book is top draw.
WELL worth the cost.
on 4 November 2013
Was hoping for more worked examples. This book has proved useful in pointing to other resources that are extremely relevant but then I need a better guide on those pieces of software I've now discovered - e.g. IDA pro, ollyDbg, CheatEngine. All useful stuff but I think there are probably better/more up to date books out there.
on 2 January 2012
If you know a little x86 assembly and have played around in a debugger like OllyDbg before, this book is probably ideal for you. The introduction is great and gives you a tool-agnostic approach to debugging and analysis, as well as plenty of information about the Windows PE executable format. There are plenty of examples and whole chapters dedicated to reverse engineering real suites of undocumented APIs. The real gems are the descriptions of how the compiler turns certain snippets of C into certain blocks of x86 assembly, and how you can use these blocks to infer how the code was originally structured. The methodology for analysis is spot on.
On a personal note, I got this book assuming that I'd be skipping the first chapter or so, but still found myself reading through the basics because it's such an engrossing read!
on 2 December 2012
This book is very very very awesome!
It is very easy to read and goes straight to the point, I love it!
I'm just giving it 4 starts (it should be 5 some years ago) because the author should update some aspects and add some information on new ways of cracking applications, and focus a bit more on the new .NET frameworks. So basically the book could be updated.
But besides that, I had a e-copy of this book before buying it so I already know this, and still I bought it because this book is VERY GOOD, IT IS AMAZING REALLY!!! Because even knowing it is a bit (not totally, not even half) out of date, the core of reverse engineering is well covered by the book, and knowing this you can update yourself alone without much trouble!
This book is a MUST!