Ceci est une ancienne révision du document !
Author: Dennis Andriesse ISBN-10: 1-59327-912-4 ISBN-13: 978-1-59327-912-7 https://nostarch.com/binaryanalysis Price: $39.00 Author's home page: https://syssec.mistakenot.net/ NOTE: not to be confused with ‘Learning Linux binary analysis’ by Packt Publishing.
Auteur: Dennis Andriesse ISBN-10: 1-59327-912-4 ISBN-13: 978-1-59327-912-7 https://nostarch.com/binaryanalysis Prix : $39.00 Page personnelle de l'auteur: https://syssec.mistakenot.net/
NOTE: À ne pas confondre avec « Learning Linux binary analysis » (Apprendre l'analyse binaire avec Linux) de Packt Publishing.
Binary analysis, in this context, is the analysis of the binary contents of executable files. It is a challenging subject. The book also assumes a few things: you know programming, bash, operating systems internals and assembler. That said, binary analysis is a fast growing discipline in our ever shrinking connected world. Hackers, security researchers, pen-testers, and digital forensic experts, are more prevalent than ever, and this is a ‘need to know’ subject for those professions. The book walks us through a lucky 13 chapters, starting with the anatomy of a binary through to Practical Symbolic Execution with Triton. The focus of the book is on x86. This book is all muscle, no fillers about the origins of DOS or UNIX, but straight to the point.
L'analyse binaire dans ce contexte, est l'analyse du contenu en binaire des fichiers exécutables. C'est un sujet exigeant. Le livre fait quelques présomptions : vous connaissez la programmation, bash, le fonctionnement interne d'un système d'exploitation et l'assembleur. Cela dit, l'analyse binaire est une discipline en croissance rapide dans notre monde connecté à la taille de plus en plus réduite. Les pirates, les chercheurs en sécurité, les testeurs en pénétration et les experts en droit numérique dominent plus que jamais et c'est un « sujet à connaître nécessairement » pour ces professions. Le livrent nous emmène à travars 13 chapitres chanceux, en commençant par l'anatomie d'un binaire par l'exécution symbolique (Practical Symbolic Execution) avec Triton. Ce livre se focalise sur le x86. Ce klivre est costaud et va directement au sujet, sans introduction sur les origines du DOS et d'UNIX.
To get the most out of this book, you should be comfortable with reading code. Reading other people's code is a trigger for a lot of people – in particular reading C and assembler, including hex dumps. The author does a good job explaining, and there are lots of examples. Chapters one to four make up the first part, which is an introduction into the different types of binaries. Both PE and ELF are explained – 32-bit falling by the wayside. By chapter four we are already building tools! Wow! I learnt a lot in a very short period. There is a lot of information to digest if, like me, you fall in the “interested in –“ category, I suggest that when you reach page 100, you put the book down and go make a cuppa, to mull things over.
Pour reirer le maximum de ce livre, vous devez être à l'aise dasn la lecture d'un code. La lecture du code d'autres personnes est un problème pour de nombreuses personnes - en particulier en C et en assembleur, en incluant les vieux restes d'hexa. L'auteur fait unu bon travail d'explication, avec beaucoup d'exemples. Les chapitres un à quatre forme la première partie, qui est une introduction aux différents types de binaires. PE (Portable Executable - exécutable portable) comme ELF (Executable et Linkable Format - format executable et reliable) sont expliqués - le 32-bit test laissé de côté. Dans le chapitre 4, nous créons déjà des outils !
Waouh ! J'ai appris beaucoup de choses en très peu de temps ! Il y a beaucoup d'informations à digérer si, comme moi, vous tombez dans la catégorie « intéresé par ». Je vous suggère, quand vous atteignez à la page 100, de poser le livre et de vous faire une tasse de thé, le temps de méditer sur toutes ces choses.
In chapter five, we start with the basic binary analysis in Linux, (where we all would like to start). The author takes a different approach here, and instead of listing tools, does something really interesting in the form of a capture-the-flag exercise. If you are like me in that “interested in –” category, this is where your re-reading will start. For one, I thought hex editing was the only way to change binary code, and boy, was I surprised! Part two stretches from chapter five to chapter seven, and is heavily laden with information, so read carefully. Do not skip the exercises at the end of the chapters. Part three is the Advanced part of the book, where the author walks you through things like symbolic execution and binary instrumentation. This is where the static and dynamic binaries you read about in part one get linked to instrumentation. Do not be fooled by headings such as ‘disassembly’ and ‘binary analysis fundamentals’, as it's only fundamentals for three pages, before you hit recursive disassembly. One thing to note – all of the tools mentioned in this book are not free or open source. (Single user IDA pro base licence is $2134 !!). So, following along all the way, is not an option unless you are made of money.
I have read a few No Starch Press books before, but this is by far the most intense one I have read, packed so full of information, it cannot be digested in one sitting. The language is not stiff and academic, yet topics are well expressed and explained. I usually do not read the appendices of books, but for some reason I did this one. You see, the appendices are quick crash courses in the tools and x86-64 assembler. It is only a couple of pages, but again, be prepared to be bombarded with information. I am definitely going to read this book again after I read a few other primers; it has opened up an itch I never knew I had. This book is not the usual easy-to-follow, walk-in-the-park guide from No Starch Press, but one that deserves the title of deep dive. There is no waste anywhere - just lean, mean, information. This is NOT a book for beginners. If you fall into those fields I mentioned before, this book should be on your bookshelf and I see it getting a lot of use.