What do you think?
Rate this book
Practical Binary Analysis: Build Your Own Linux Tools for Binary Instrumentation, Analysis, and Disassembly
Stop manually analyzing binary! Practical Binary Analysis is the first book of its kind to present advanced binary analysis topics, such as binary instrumentation, dynamic taint analysis, and symbolic execution, in an accessible way.
As malware increasingly obfuscates itself and applies anti-analysis techniques to thwart our analysis, we need more sophisticated methods that allow us to raise that dark curtain designed to keep us out--binary analysis can help. The goal of all binary analysis is to determine (and possibly modify) the true properties of binary programs to understand what they really do, rather than what we think they should do. While reverse engineering and disassembly are critical first steps in many forms of binary analysis, there is much more to be learned.
This hands-on guide teaches you how to tackle the fascinating but challenging topics of binary analysis and instrumentation and helps you become proficient in an area typically only mastered by a small group of expert hackers. It will take you from basic concepts to state-of-the-art methods as you dig into topics like code injection, disassembly, dynamic taint analysis, and binary instrumentation. Written for security engineers, hackers, and those with a basic working knowledge of C/C++ and x86-64, Practical Binary Analysis will teach you in-depth how binary programs work and help you acquire the tools and techniques needed to gain more control and insight into binary programs.
Once you've completed an introduction to basic binary formats, you'll learn how to analyze binaries using techniques like the GNU/Linux binary analysis toolchain, disassembly, and code injection. You'll then go on to implement profiling tools with Pin and learn how to build your own dynamic taint analysis tools with libdft and symbolic execution tools using Triton. You'll learn how
- Parse ELF and PE binaries and build a binary loader with libbfd
- Use data-flow analysis techniques like program tracing, slicing, and reaching definitions analysis to reason about runtime flow of your programs
- Modify ELF binaries with techniques like parasitic code injection and hex editing
- Build custom disassembly tools with Capstone
- Use binary instrumentation to circumvent anti-analysis tricks commonly used by malware
- Apply taint analysis to detect control hijacking and data leak attacks
- Use symbolic execution to build automatic exploitation tools
With exercises at the end of each chapter to help solidify your skills, you'll go from understanding basic assembly to performing some of the most sophisticated binary analysis and instrumentation. Practical Binary Analysis gives you what you need to work effectively with binary programs and transform your knowledge from basic understanding to expert-level proficiency.
As malware increasingly obfuscates itself and applies anti-analysis techniques to thwart our analysis, we need more sophisticated methods that allow us to raise that dark curtain designed to keep us out--binary analysis can help. The goal of all binary analysis is to determine (and possibly modify) the true properties of binary programs to understand what they really do, rather than what we think they should do. While reverse engineering and disassembly are critical first steps in many forms of binary analysis, there is much more to be learned.
This hands-on guide teaches you how to tackle the fascinating but challenging topics of binary analysis and instrumentation and helps you become proficient in an area typically only mastered by a small group of expert hackers. It will take you from basic concepts to state-of-the-art methods as you dig into topics like code injection, disassembly, dynamic taint analysis, and binary instrumentation. Written for security engineers, hackers, and those with a basic working knowledge of C/C++ and x86-64, Practical Binary Analysis will teach you in-depth how binary programs work and help you acquire the tools and techniques needed to gain more control and insight into binary programs.
Once you've completed an introduction to basic binary formats, you'll learn how to analyze binaries using techniques like the GNU/Linux binary analysis toolchain, disassembly, and code injection. You'll then go on to implement profiling tools with Pin and learn how to build your own dynamic taint analysis tools with libdft and symbolic execution tools using Triton. You'll learn how
- Parse ELF and PE binaries and build a binary loader with libbfd
- Use data-flow analysis techniques like program tracing, slicing, and reaching definitions analysis to reason about runtime flow of your programs
- Modify ELF binaries with techniques like parasitic code injection and hex editing
- Build custom disassembly tools with Capstone
- Use binary instrumentation to circumvent anti-analysis tricks commonly used by malware
- Apply taint analysis to detect control hijacking and data leak attacks
- Use symbolic execution to build automatic exploitation tools
With exercises at the end of each chapter to help solidify your skills, you'll go from understanding basic assembly to performing some of the most sophisticated binary analysis and instrumentation. Practical Binary Analysis gives you what you need to work effectively with binary programs and transform your knowledge from basic understanding to expert-level proficiency.
456 pages, Paperback
Published December 11, 2018
73 people are currently reading
346 people want to read
Ratings & Reviews
Friends & Following
Create a free account to discover what your friends think of this book!
Community Reviews
Displaying 1 - 6 of 6 reviews
February 26, 2022
I admit I primarily used this book to restructure my cybersecurity Bookmarks Bar folder and update its bookmarks. If I more time I'd spend it focused on getting comfortable with Binary Ninja or Radare2 and probably FRIDA.
Disassemblers (HexRays IDA Pro, HopperApp, ODA OnlineDisassembler, Binary Ninja, Relyze, Medusa, Radare2, objdump), debuggers (gdb, OllyDbg, windbg, Bochs, macgdp, Immunity Debugger), disassembly frameworks (Capstone engine, Dlstorm3, udis86), binary analysis frameworks (angr, Intel Pintool, Dyninst, nicorn Engine, libdft, Triton Quaarkslab, zynamics BinDiff BinNavi, BARF, CMU USEI Pharaos, FRIDA, Unicorn PurifyPlus, Manticore, rev.ng, codsec veles, panda-re), debugging formats (i.e. DWARF, ELF, PDB, Intel, LIEF, etc), Programming Language Quirks (Assembly, C, Shellcode, Ruby, XML, etc), Hex Editors (Hex Fiend, Hexinator), Decompilers (Java, .NET), Fuzzing (BooFuzz, Google syskaller, Radamsa Gen Pup, Fuddly Gen Pup, Peacah.tech, CERTfuzz, zzuf, Fuzzy Lop), Assemblers (NASM), Inspection Tools (pestudio, binscope, checksec, intezer analyze)
Disassemblers (HexRays IDA Pro, HopperApp, ODA OnlineDisassembler, Binary Ninja, Relyze, Medusa, Radare2, objdump), debuggers (gdb, OllyDbg, windbg, Bochs, macgdp, Immunity Debugger), disassembly frameworks (Capstone engine, Dlstorm3, udis86), binary analysis frameworks (angr, Intel Pintool, Dyninst, nicorn Engine, libdft, Triton Quaarkslab, zynamics BinDiff BinNavi, BARF, CMU USEI Pharaos, FRIDA, Unicorn PurifyPlus, Manticore, rev.ng, codsec veles, panda-re), debugging formats (i.e. DWARF, ELF, PDB, Intel, LIEF, etc), Programming Language Quirks (Assembly, C, Shellcode, Ruby, XML, etc), Hex Editors (Hex Fiend, Hexinator), Decompilers (Java, .NET), Fuzzing (BooFuzz, Google syskaller, Radamsa Gen Pup, Fuddly Gen Pup, Peacah.tech, CERTfuzz, zzuf, Fuzzy Lop), Assemblers (NASM), Inspection Tools (pestudio, binscope, checksec, intezer analyze)
December 14, 2021
I really loved this book. You know it's a good read when you take a technical book to Chipotle to read over lunch. This book is a great introduction for people whom are interested in software reverse engineering. It is a great introduction to how software works and how it interacts with the operating system. Nothing is better than a hands on approach to learning complex subjects, and this book does a great job executing on that.
October 22, 2022
Pretty Good book for Beginners/Intermediate People who are interested in Reverse Engineering or Analysis also Binary Exploiter who want to Gain an Even more Deep Dive / Knowledge Regarding Everything binary related Especially in The Linux Realm, I Enjoyed it very much and learned alot especially thalast Three Chapters , Very well Done
September 12, 2024
- I read this out of sheer curiosity, for the endorphin rush of understanding how things work. I'm more inclined to blue team, but this was really for future research towards introspective, self-modifying, goal seeking code agents !
references:
- file util https://en.wikipedia.org/wiki/File_(c... a standard program of Unix for recognizing the type of data contained in a file
- readelf binutil for parsing ELF binaries https://www.geeksforgeeks.org/readelf...
- strip binutil https://www.computerhope.com/unix/str... discards symbols from compiled object files
- objdump binutil https://www.geeksforgeeks.org/objdump... display information about compiled object files
- nm binutil https://en.wikipedia.org/wiki/Nm_(Unix) dump the symbol table
- ldd util https://ioflood.com/blog/ldd-linux-co... lists shared lib dependencies
- xxd util https://www.tutorialspoint.com/unix_c... creates a hex dump
- hexedit https://linux.die.net/man/1/hexedit hex dump editor
- https://refspecs.linuxbase.org/ DWARF, ELF and ABI standards
- elfinject https://github.com/krakankrakan/elfin... A simple ELF code injector for x64. Uses segment padding
- dd util https://en.wikipedia.org/wiki/Dd_(Unix) modify file bytes
- strings util https://en.wikipedia.org/wiki/Strings... prints the strings of printable characters in files
- strace util https://www.geeksforgeeks.org/strace-... syscall tracer
- ltrace util https://en.wikipedia.org/wiki/Ltrace dynamically loaded library call tracer
- LD_LIBRARY_PATH https://www.geeksforgeeks.org/how-to-... envar to set a path for shared libs
- LD_PRELOAD https://stackoverflow.com/questions/4... override symbols in loaded libs by creating a library with the same symbols
- libbfd https://en.wikipedia.org/wiki/Binary_... binary file descriptor lib
- PyBFD https://github.com/Groundworkstech/pybfd A Python interface to the GNU Binary File Descriptor (BFD) library.
- PEBIL https://github.com/mlaurenzano/PEBIL Fast static binary instrumentation for linux/x86
- DyninstAPI: https://github.com/dyninst/dyninst Tools for binary instrumentation, analysis, and modification.
- intel pin https://www.intel.com/content/www/us/... dynamic binary instrumentation framework
- upx https://github.com/upx/upx binary packer
- libfdt https://github.com/kernkonzept/libfdt device tree lib
- Intel XED Encoder Decoder https://github.com/intelxed/xed
- angr https://angr.io/ an open-source binary analysis platform for Python. It combines both static and dynamic symbolic ("concolic") analysis,
- KLEE Symbolic Execution Engine https://klee-se.org/
- S²E: A Platform for In-Vivo Analysis of Software Systems https://s2e.systems/
- trailofbits https://www.trailofbits.com/opensource/ high-end security research
- bitlackeys https://bitlackeys.org/ security research (defunct)
- capstone engine https://www.capstone-engine.org/docum... the ultimate dissasembler
- pyvex https://github.com/angr/pyvex Python bindings for Valgrind's VEX IR.
- X86 Opcode and Instruction Reference http://ref.x86asm.net/index.html
- Searchable Linux Syscall Table https://filippo.io/linux-syscall-table/
- SAT/SMT by example https://smt.st/SAT_SMT_by_example.pdf
- libelf by example https://atakua.org/old-wp/wp-content/...
- Triton https://triton-library.github.io/ dynamic binary analysis lib
references:
- file util https://en.wikipedia.org/wiki/File_(c... a standard program of Unix for recognizing the type of data contained in a file
- readelf binutil for parsing ELF binaries https://www.geeksforgeeks.org/readelf...
- strip binutil https://www.computerhope.com/unix/str... discards symbols from compiled object files
- objdump binutil https://www.geeksforgeeks.org/objdump... display information about compiled object files
- nm binutil https://en.wikipedia.org/wiki/Nm_(Unix) dump the symbol table
- ldd util https://ioflood.com/blog/ldd-linux-co... lists shared lib dependencies
- xxd util https://www.tutorialspoint.com/unix_c... creates a hex dump
- hexedit https://linux.die.net/man/1/hexedit hex dump editor
- https://refspecs.linuxbase.org/ DWARF, ELF and ABI standards
- elfinject https://github.com/krakankrakan/elfin... A simple ELF code injector for x64. Uses segment padding
- dd util https://en.wikipedia.org/wiki/Dd_(Unix) modify file bytes
- strings util https://en.wikipedia.org/wiki/Strings... prints the strings of printable characters in files
- strace util https://www.geeksforgeeks.org/strace-... syscall tracer
- ltrace util https://en.wikipedia.org/wiki/Ltrace dynamically loaded library call tracer
- LD_LIBRARY_PATH https://www.geeksforgeeks.org/how-to-... envar to set a path for shared libs
- LD_PRELOAD https://stackoverflow.com/questions/4... override symbols in loaded libs by creating a library with the same symbols
- libbfd https://en.wikipedia.org/wiki/Binary_... binary file descriptor lib
- PyBFD https://github.com/Groundworkstech/pybfd A Python interface to the GNU Binary File Descriptor (BFD) library.
- PEBIL https://github.com/mlaurenzano/PEBIL Fast static binary instrumentation for linux/x86
- DyninstAPI: https://github.com/dyninst/dyninst Tools for binary instrumentation, analysis, and modification.
- intel pin https://www.intel.com/content/www/us/... dynamic binary instrumentation framework
- upx https://github.com/upx/upx binary packer
- libfdt https://github.com/kernkonzept/libfdt device tree lib
- Intel XED Encoder Decoder https://github.com/intelxed/xed
- angr https://angr.io/ an open-source binary analysis platform for Python. It combines both static and dynamic symbolic ("concolic") analysis,
- KLEE Symbolic Execution Engine https://klee-se.org/
- S²E: A Platform for In-Vivo Analysis of Software Systems https://s2e.systems/
- trailofbits https://www.trailofbits.com/opensource/ high-end security research
- bitlackeys https://bitlackeys.org/ security research (defunct)
- capstone engine https://www.capstone-engine.org/docum... the ultimate dissasembler
- pyvex https://github.com/angr/pyvex Python bindings for Valgrind's VEX IR.
- X86 Opcode and Instruction Reference http://ref.x86asm.net/index.html
- Searchable Linux Syscall Table https://filippo.io/linux-syscall-table/
- SAT/SMT by example https://smt.st/SAT_SMT_by_example.pdf
- libelf by example https://atakua.org/old-wp/wp-content/...
- Triton https://triton-library.github.io/ dynamic binary analysis lib
January 31, 2022
I think this book is fun to read. It is quite suitable for the reader who is curious about how binaries are structured, what information can be gleaned from them (such as control flow, data flow, functionality, and even protection or obfuscation mechanisms), and for a course in software security or malware analysis. Reading the book brought back memories of old times spent modifying the Commodore 64 OS with peeks and pokes in the 1980s, and editing an A/UX (an ancestor of macOS) device driver in the 1990s, with the intent of retaining functionality after the demise of the software company that created the device driver.
February 17, 2020
Well written. Doesn't shy away from details. Provides clear examples and even clearer explanations of hard-to-grasp concepts. Can't recommend highly enough!
Displaying 1 - 6 of 6 reviews