Ceci est une ancienne révision du document !
Author: Dennis Andriesse ISBN-10: 1-59327-912-4 ISBN-13: 978-1-59327-912-7 https://nostarch.com/binaryanalysis Price: $39.00 Author's home page: https://syssec.mistakenot.net/ NOTE: not to be confused with ‘Learning Linux binary analysis’ by Packt Publishing.
Binary analysis, in this context, is the analysis of the binary contents of executable files. It is a challenging subject. The book also assumes a few things: you know programming, bash, operating systems internals and assembler. That said, binary analysis is a fast growing discipline in our ever shrinking connected world. Hackers, security researchers, pen-testers, and digital forensic experts, are more prevalent than ever, and this is a ‘need to know’ subject for those professions. The book walks us through a lucky 13 chapters, starting with the anatomy of a binary through to Practical Symbolic Execution with Triton. The focus of the book is on x86. This book is all muscle, no fillers about the origins of DOS or UNIX, but straight to the point.
To get the most out of this book, you should be comfortable with reading code. Reading other people's code is a trigger for a lot of people – in particular reading C and assembler, including hex dumps. The author does a good job explaining, and there are lots of examples. Chapters one to four make up the first part, which is an introduction into the different types of binaries. Both PE and ELF are explained – 32-bit falling by the wayside. By chapter four we are already building tools! Wow! I learnt a lot in a very short period. There is a lot of information to digest if, like me, you fall in the “interested in –“ category, I suggest that when you reach page 100, you put the book down and go make a cuppa, to mull things over.
In chapter five, we start with the basic binary analysis in Linux, (where we all would like to start). The author takes a different approach here, and instead of listing tools, does something really interesting in the form of a capture-the-flag exercise. If you are like me in that “interested in –” category, this is where your re-reading will start. For one, I thought hex editing was the only way to change binary code, and boy, was I surprised! Part two stretches from chapter five to chapter seven, and is heavily laden with information, so read carefully. Do not skip the exercises at the end of the chapters. Part three is the Advanced part of the book, where the author walks you through things like symbolic execution and binary instrumentation. This is where the static and dynamic binaries you read about in part one get linked to instrumentation. Do not be fooled by headings such as ‘disassembly’ and ‘binary analysis fundamentals’, as it's only fundamentals for three pages, before you hit recursive disassembly. One thing to note – all of the tools mentioned in this book are not free or open source. (Single user IDA pro base licence is $2134 !!). So, following along all the way, is not an option unless you are made of money.
I have read a few No Starch Press books before, but this is by far the most intense one I have read, packed so full of information, it cannot be digested in one sitting. The language is not stiff and academic, yet topics are well expressed and explained. I usually do not read the appendices of books, but for some reason I did this one. You see, the appendices are quick crash courses in the tools and x86-64 assembler. It is only a couple of pages, but again, be prepared to be bombarded with information. I am definitely going to read this book again after I read a few other primers; it has opened up an itch I never knew I had. This book is not the usual easy-to-follow, walk-in-the-park guide from No Starch Press, but one that deserves the title of deep dive. There is no waste anywhere - just lean, mean, information. This is NOT a book for beginners. If you fall into those fields I mentioned before, this book should be on your bookshelf and I see it getting a lot of use.