Sunday, August 14, 2011

Impressions: Reversing: Secrets of Reverse Engineering

I took a lot of notes while reading Reversing: Secrets of Reverse Engineering (RSORE) by Eldad Eilam, but I didn't read enough of the book to qualify in my opinion to write a true review. What I did read, though, was awesome. RSORE is very well written, clear, interesting, and features high production value and quality. Although Wiley published the book in 2005, I believe it's as relevant now as it was six years ago. In fact, I recommend pairing it with IDA Pro, 2nd Ed for a one-two RE punch.

The introduction part provided sound foundations, great coverage of low-level concepts, a helpful overview of the Win32 environment (albeit with a 32 bit focus) and a quick tools discussion.

The applied engineering part includes hunting for undocumented (as of 2005) native Windows APIs, analyzing the file format of an encryption program, auditing the vulnerability in idq.dll exploited by Code Red, and reversing a backdoor that communicates via IRC.

The cracking part featured solid references to legal precedents, academic papers, and books, then discussed copy protection, DRM, and anti-piracy concepts, followed by anti-reversing measures and cracking learning-tool "crackmes."

The final part described reversing .NET and decompilation.

Overall the book appears very strong and I recommend it based on the material I did read.

No comments: