What do you think?
Rate this book
Learning Linux Binary Analysis
Uncover the secrets of Linux binary analysis with this handy guide About This Book - Grasp the intricacies of the ELF binary format of UNIX and Linux - Design tools for reverse engineering and binary forensic analysis - Insights into UNIX and Linux memory infections, ELF viruses, and binary protection schemes Who This Book Is For If you are a software engineer or reverse engineer and want to learn more about Linux binary analysis, this book will provide you with all you need to implement solutions for binary analysis in areas of security, forensics, and antivirus. This book is great for both security enthusiasts and system level engineers. Some experience with the C programming language and the Linux command line is assumed. What You Will Learn - Explore the internal workings of the ELF binary format - Discover techniques for UNIX Virus infection and analysis - Work with binary hardening and software anti-tamper methods - Patch executables and process memory - Bypass anti-debugging measures used in malware - Perform advanced forensic analysis of binaries - Design ELF-related tools in the C language - Learn to operate on memory with ptrace In Detail Learning Linux Binary Analysis is packed with knowledge and code that will teach you the inner workings of the ELF format, and the methods used by hackers and security analysts for virus analysis, binary patching, software protection and more. This book will start by taking you through UNIX/Linux object utilities, and will move on to teaching you all about the ELF specimen. You will learn about process tracing, and will explore the different types of Linux and UNIX viruses, and how you can make use of ELF Virus Technology to deal with them. The latter half of the book discusses the usage of Kprobe instrumentation for kernel hacking, code patching, and debugging. You will discover how to detect and disinfect kernel-mode rootkits, and move on to analyze static code. Finally, you will be walked through complex userspace memory infection analysis. This book will lead you into territory that is uncharted even by some experts; right into the world of the computer hacker. Style and approach The material in this book provides detailed insight into the arcane arts of hacking, coding, reverse engineering Linux executables, and dissecting process memory. In the computer security industry these skills are priceless, and scarce. The tutorials are filled with knowledge gained through first hand experience, and are complemented with frequent examples including source code.
282 pages, ebook
Published February 29, 2016
35 people are currently reading
137 people want to read
Ratings & Reviews
Friends & Following
Create a free account to discover what your friends think of this book!
Community Reviews
Displaying 1 - 3 of 3 reviews
November 25, 2018
- primarily about binary executables and (detecting) the many ways of control-flow hijacking (viruses, ...)
- not about reverse engineering, cracking, fuzzing, ... (although control hijacking can be employed here)
- explains ELF segments, sections, ..., with reference to Linux C-sources
- internals of dynamic linking
- process tracing, ...
- (anti-)anti-debugging
- sometimes elf32, sometimes elf64
- concise, 244 pages + index etc
- good layout, some illustrations, fluent writing
- code examples, many links/references
- now and then, O'Neill refers to his own papers and tools (ECFS has own chapter): https://github.com/elfmaster
- examinations are based on ELF headers, a little dissassembly (e.g. procedure prologue), /proc info
- there are no "esoteric" approaches such as entropy analysis (obfuscated/packed data looks different) or stylometry applied to binary files for code authorship attribution (s.a.) etc.
- binary data structures (protocol reversing) isn't covered;
Sutton's fuzzing book for instance demonstrates a bioinformatics approach to analyze binary data formats (long strings of gibberish)
- (larger) control flow/call graphs not covered (or needed for the given topics);
Sutton's fuzzing-book for instance measures code coverage by constructing deep call graphs while adding breakpoints in every block, then records the (auto-)step-overs and subtracts the graphs
- data flow in binaries not covered (track where data ends up; discover functions that handle user input; possible data exfiltration; taint analysis)
I enjoyed reading LLBA, it was concise and educational.
- not about reverse engineering, cracking, fuzzing, ... (although control hijacking can be employed here)
- explains ELF segments, sections, ..., with reference to Linux C-sources
- internals of dynamic linking
- process tracing, ...
- (anti-)anti-debugging
- sometimes elf32, sometimes elf64
- concise, 244 pages + index etc
- good layout, some illustrations, fluent writing
- code examples, many links/references
- now and then, O'Neill refers to his own papers and tools (ECFS has own chapter): https://github.com/elfmaster
- examinations are based on ELF headers, a little dissassembly (e.g. procedure prologue), /proc info
- there are no "esoteric" approaches such as entropy analysis (obfuscated/packed data looks different) or stylometry applied to binary files for code authorship attribution (s.a.) etc.
- binary data structures (protocol reversing) isn't covered;
Sutton's fuzzing book for instance demonstrates a bioinformatics approach to analyze binary data formats (long strings of gibberish)
- (larger) control flow/call graphs not covered (or needed for the given topics);
Sutton's fuzzing-book for instance measures code coverage by constructing deep call graphs while adding breakpoints in every block, then records the (auto-)step-overs and subtracts the graphs
- data flow in binaries not covered (track where data ends up; discover functions that handle user input; possible data exfiltration; taint analysis)
I enjoyed reading LLBA, it was concise and educational.
February 13, 2017
This a good introduction book into Linux executable files and processes in order to understand and reverse engineer them. The author is very experienced in that area and describes his knowledge in an understandable way. The main target of the book is ELF executables and how to analyze and patch them (e.g., packers, viruses, malware).
September 7, 2018
Quite interesting, but I hadn't realized that much of the content was about viruses (which isn't clear from the title or even the subtitle).
Displaying 1 - 3 of 3 reviews