"Reverse Engineering for Beginners" free book news


Still working on my "Reverse Engineering for Beginners" free book, now it's ~790 pages!
Among news: a lot of OllyDbg and GDB examples/screenshots are added, A5 version for e-book readers available, much more examples and code patterns (including ARM64).
For Oracle hardcore geeks there are also two examples added: reverse engineering of simple proprietary binary files (.SYM and .MSB files: page 655 in English version).
Just took a fancy domain for website dedicated to the book: http://beginners.re/
There are also supporting forum, almost silent yet: http://forum.yurichev.com/
Oh, and please donate. The book is free and well be so: http://beginners.re/donate.html
And please do not hesitate to correct my mistakes, my English language is still horrible.


Couple of win32 PE patching utilities

Just made two more win32 PE patching utilities:

These useful for automated patching and may be used in pair.


Cracking simple hash-function using Z3 SMT-solver

Just added about cracking simple hash-function using Z3 SMT-solver (page 393): http://yurichev.com/writings/RE_for_beginners-en.pdf
This can be interesting for computer programmers in general, not just to reverse engineers.

Another my article about it Z3 SMT-solver: http://yurichev.com/writings/z3_rockey.pdf

If you want to read more like this, please donate! :-) http://yurichev.com/donate.html


My "Reverse Engineering for Beginners" book

I'm still working on my book.
In past half-year I added information about C++ STL internals, which could be interesting not only for reversers, but for C++ programmers as well.
There are also example of OpenMP internals (which also could be interesting for general programmers).
Full list of changes: https://github.com/dennis714/RE-for-beginners/blob/master/ChangeLog

PE add imports

Just upgraded my PE_add_imports utility intended to add imports to the existing compiled .exe-file.
Now multiple symbols are supported, as well as x64 executables.



Convert to sparse file utility (win32)

Just wrote utility intended for converting files into sparse ones on Windows NTFS file system.
Sparse files are those in which long zero blocks are not stored on hard disk, but replaced to information about them (metadata) instead.
These files are very useful for saving space on storing half-empty ISO files, half-downloaded torrent files, virtual machine disk images.

I need it primarily for VMware WS disk images "compressing".
I suppose, many other Oracle specialists use VMware machines with a lot of Oracle versions as well :-)

More about them: https://en.wikipedia.org/wiki/Sparse_file

Compiled executable file: http://yurichev.com/utils/cvt2sparse.exe

That is how it looks after converting:

This one-liner is to be run inside of *NIX virtual machine to write zeroes to unused parts of file system:

dd if=/dev/zero of=empty_file; rm empty_file


Add import to PE executable file

Just wrote an utility I always missed:

PE_add_import is a simple tool for adding symbol to PE executable import table

Sometimes, you may need to replace existing function in binary code by function in your own DLL.

This utility adds yourdll.dll!function import into PE image and writes the following code at the specified point:

MOV EAX, [yourdll.dll!function]



New tracer features for software testing

For my software testers friends I added two features to my tracer.

* Pause

PAUSE:number: Make a pause in milliseconds. 1000 - one second. It is convinient for testing, for creating artifical delays. For example, it is important to know program's behaviour in very slow network environment:

tracer.exe -l:test1.exe bpf=WS2_32.dll!WSARecv,pause:1000

... or if it will read from some very slow storage:

tracer.exe -l:test1.exe bpf=kernel32.dll!ReadFile,pause:1000

* Probability


Bug or typo or?..

Just found this in ftol2() standard C/C++ library function (float-to-long conversion routine) in Microsoft Visual Studio 2012.

(Click to read more)


"Quick introduction to reverse engineering for beginners" book update

Not much added to my "Quick introduction to reverse engineering for beginners" book, but couple things: how C++ objects are usually represented in low-level x86 code and also several examples related to Oracle RDBMS: how to find all information about V$TIMER view and X$KSMLRU tables, which functions are behind them, etc (section 7.3).

I also wrote small utility to extract information related to V$ views and X$ tables, it's here. But more about is in my "book".

English language version, Russian language version.

This book is free, available freely and available in source code form (LaTeX), and it will be so forever. If you want to support my work, so that I could continue to add things to it regularly, you may consider donation. Several ways to donate are available on this page: http://yurichev.com/donate.html

Also, comments in this blog are back, thanks to Disqus. Feel free to express any thoughts!

Update: added a lot about ARM. More changes: https://github.com/dennis714/RE-for-beginners/blob/master/ChangeLog