Learning linux binary analysis

Learning linux binary analysis

If nothing happens, download GitHub Desktop and try again.

Launching GitHub Desktop

If nothing happens, download GitHub Desktop and try again.

Launching Xcode

If nothing happens, download Xcode and try again.

Launching Visual Studio

Latest commit

Git stats

Files

Failed to load latest commit information.

README.md

Learning Linux Binary Analysis

This is the code repository for Learning Linux Binary Analysis, published by Packt.

Learning Linux Binary Analysis

What is this book about?

Learning Linux Binary Analysis is packed with knowledge and code that will teach you the inner workings of the ELF format, and the methods used by hackers and security analysts for virus analysis, binary patching, software protection and more.

This book covers the following exciting features: Explore the internal workings of the ELF binary format Discover techniques for UNIX Virus infection and analysis Work with binary hardening and software anti-tamper methods Patch executables and process memory Bypass anti-debugging measures used in malware Perform advanced forensic analysis of binaries Design ELF-related tools in the C language Learn to operate on memory with ptrace

If you feel this book is for you, get your copy today!

Instructions and Navigations

All of the code is organized into folders. For example, Chapter02.

The code will look like the following:

Following is what you need for this book: If you are a software engineer or reverse engineer and want to learn more about Linux binary analysis, this book will provide you with all you need to implement solutions for binary analysis in areas of security, forensics, and antivirus. This book is great for both security enthusiasts and system level engineers. Some experience with the C programming language and the Linux command line is assumed.

A user will be able to experiment with much of the knowledge in this book (Chapter 1-9) with a variety of operating systems and hardware, although it is specifically focused for Linux 3.2 and higher running on X86 32bit or 64bit architectures.

Get to Know the Author

Ryan «elfmaster» O’Neill is a computer security researcher and software engineer with a background in reverse engineering, software exploitation, security defense, and forensics technologies. He grew up in the computer hacker subculture, the world of EFnet, BBS systems, and remote buffer overflows on systems with an executable stack. He was introduced to system security, exploitation, and virus writing at a young age. His great passion for computer hacking has evolved into a love for software development and professional security research. Ryan has spoken at various computer security conferences, including DEFCON and RuxCon, and also conducts a 2-day ELF binary hacking workshop. He has an extremely fulfilling career and has worked at great companies such as Pikewerks, Leviathan Security Group, and more recently Backtrace as a software engineer. Ryan has not published any other books, but he is well known for some of his papers published in online journals such as Phrack and VXHeaven. Many of his other publications can be found on his website at http://www.bitlackeys.org.

Suggestions and Feedback

Click here if you have any feedback or suggestions.

Источник

Learning Linux Binary Analysis

Uncover the secrets of Linux binary analysis with this handy guide

About This Book

• Grasp the intricacies of the ELF binary format of UNIX and Linux
• Design tools for reverse engineering and binary forensic analysis
• Insights into UNIX and Linux memory infections, ELF viruses, and binary protection schemes

Who This Book Is For

If you are a software engineer or reverse engineer and want to learn more about Linux binary analysis, this book will provide you with all you need to implement solutions for binary analysis in areas of security, forensics, and antivirus. This book is great for both security enthusiasts and system level engineers. Some experience with the C programming language and the Linux command line is assumed.

What You Will Learn

• Explore the internal workings of the ELF binary format
• Discover techniques for UNIX Virus infection and analysis
• Work with binary hardening and software anti-tamper methods
• Patch executables and process memory
• Bypass anti-debugging measures used in malware
• Perform advanced forensic analysis of binaries
• Design ELF-related tools in the C language
• Learn to operate on memory with ptrace

In Detail

Learning Linux Binary Analysis is packed with knowledge and code that will teach you the inner workings of the ELF format, and the methods used by hackers and security analysts for virus analysis, binary patching, software protection and more.

This book will start by taking you through UNIX/Linux object utilities, and will move on to teaching you all about the ELF specimen. You will learn about process tracing, and will explore the different types of Linux and UNIX viruses, and how you can make use of ELF Virus Technology to deal with them.

The latter half of the book discusses the usage of Kprobe instrumentation for kernel hacking, code patching, and debugging. You will discover how to detect and disinfect kernel-mode rootkits, and move on to analyze static code. Finally, you will be walked through complex userspace memory infection analysis.

This book will lead you into territory that is uncharted even by some experts; right into the world of the computer hacker.

Style and approach

The material in this book provides detailed insight into the arcane arts of hacking, coding, reverse engineering Linux executables, and dissecting process memory. In the computer security industry these skills are priceless, and scarce. The tutorials are filled with knowledge gained through first hand experience, and are complemented with frequent examples including source code.

Источник

Learning linux binary analysis

Название: Practical Binary Analysis: Build Your Own Linux Tools for Binary Instrumentation, Analysis, and Disassembly
Автор: Dennis Andriesse
Издательство: No Starch Press
Год: 2019
Страниц: 456
Формат: PDF, EPUB, AZW3
Размер: 22 Mb
Язык: English

Stop manually analyzing binary! Practical Binary Analysis is the first book of its kind to present advanced binary analysis topics, such as binary instrumentation, dynamic taint analysis, and symbolic execution, in an accessible way.

As malware increasingly obfuscates itself and applies anti-analysis techniques to thwart our analysis, we need more sophisticated methods that allow us to raise that dark curtain designed to keep us out—binary analysis can help. The goal of all binary analysis is to determine (and possibly modify) the true properties of binary programs to understand what they really do, rather than what we think they should do. While reverse engineering and disassembly are critical first steps in many forms of binary analysis, there is much more to be learned.

This hands-on guide teaches you how to tackle the fascinating but challenging topics of binary analysis and instrumentation and helps you become proficient in an area typically only mastered by a small group of expert hackers. It will take you from basic concepts to state-of-the-art methods as you dig into topics like code injection, disassembly, dynamic taint analysis, and binary instrumentation. Written for security engineers, hackers, and those with a basic working knowledge of C/C++ and x86-64, Practical Binary Analysis will teach you in-depth how binary programs work and help you acquire the tools and techniques needed to gain more control and insight into binary programs.

Once you’ve completed an introduction to basic binary formats, you’ll learn how to analyze binaries using techniques like the GNU/Linux binary analysis toolchain, disassembly, and code injection. You’ll then go on to implement profiling tools with Pin and learn how to build your own dynamic taint analysis tools with libdft and symbolic execution tools using Triton. You’ll learn how to:

— Parse ELF and PE binaries and build a binary loader with libbfd
— Use data-flow analysis techniques like program tracing, slicing, and reaching definitions analysis to reason about runtime flow of your programs
— Modify ELF binaries with techniques like parasitic code injection and hex editing
— Build custom disassembly tools with Capstone
— Use binary instrumentation to circumvent anti-analysis tricks commonly used by malware
— Apply taint analysis to detect control hijacking and data leak attacks
— Use symbolic execution to build automatic exploitation tools

With exercises at the end of each chapter to help solidify your skills, you’ll go from understanding basic assembly to performing some of the most sophisticated binary analysis and instrumentation. Practical Binary Analysis gives you what you need to work effectively with binary programs and transform your knowledge from basic understanding to expert-level proficiency.

Источник

Learning Linux Binary Analysis

Explore a preview version of Learning Linux Binary Analysis right now.

O’Reilly members get unlimited access to live online training experiences, plus books, videos, and digital content from 200+ publishers.

Book description

Uncover the secrets of Linux binary analysis with this handy guide

• Grasp the intricacies of the ELF binary format of UNIX and Linux
• Design tools for reverse engineering and binary forensic analysis
• Insights into UNIX and Linux memory infections, ELF viruses, and binary protection schemes

Who This Book Is For

If you are a software engineer or reverse engineer and want to learn more about Linux binary analysis, this book will provide you with all you need to implement solutions for binary analysis in areas of security, forensics, and antivirus. This book is great for both security enthusiasts and system level engineers. Some experience with the C programming language and the Linux command line is assumed.

What You Will Learn

• Explore the internal workings of the ELF binary format
• Discover techniques for UNIX Virus infection and analysis
• Work with binary hardening and software anti-tamper methods
• Patch executables and process memory
• Bypass anti-debugging measures used in malware
• Perform advanced forensic analysis of binaries
• Design ELF-related tools in the C language
• Learn to operate on memory with ptrace

Learning Linux Binary Analysis is packed with knowledge and code that will teach you the inner workings of the ELF format, and the methods used by hackers and security analysts for virus analysis, binary patching, software protection and more.

This book will start by taking you through UNIX/Linux object utilities, and will move on to teaching you all about the ELF specimen. You will learn about process tracing, and will explore the different types of Linux and UNIX viruses, and how you can make use of ELF Virus Technology to deal with them.

The latter half of the book discusses the usage of Kprobe instrumentation for kernel hacking, code patching, and debugging. You will discover how to detect and disinfect kernel-mode rootkits, and move on to analyze static code. Finally, you will be walked through complex userspace memory infection analysis.

This book will lead you into territory that is uncharted even by some experts; right into the world of the computer hacker.

Style and approach

The material in this book provides detailed insight into the arcane arts of hacking, coding, reverse engineering Linux executables, and dissecting process memory. In the computer security industry these skills are priceless, and scarce. The tutorials are filled with knowledge gained through first hand experience, and are complemented with frequent examples including source code.

Источник