Korean publication of "Reverse Engineering for Beginners" book is available for pre-order!

I'm very happy to announce that Acorn publisher in South Korea did huge amount of work in translating and publishing my "Reverse Engineering for Beginners" book in Korean language.

Now it's available for pre-order at their website: http://www.acornpub.co.kr/book/reversing-for-beginners
It's also available in South Korean shops:
How it looks like: Side A, Side B.
It's 1160 pages. The content is the same as it is in open-source form right now, but it's translated and professionally edited and prepared.
I also in debt to Byungho Min (@tais9), who translated my book in Korean language.
Cover pictures was done by my artist friend Andy Nechaevsky: https://www.facebook.com/andydinka
So if you want to have a "real" book on your shelf in Korean language and/or want to support my work, now you may buy it.

English and Russian versions are still available here: http://beginners.re/


I'm looking for a publisher who may want to translate and publish my "Reverse Engineering for Beginners" book to a language other than English/Russian, under condition that English/Russian version will remain freely available in open-source form.
Interesting? dennis(a)yurichev.com

"Reverse Engineering for Beginners" free book news


Still working on my "Reverse Engineering for Beginners" free book, now it's ~790 pages!
Among news: a lot of OllyDbg and GDB examples/screenshots are added, A5 version for e-book readers available, much more examples and code patterns (including ARM64).
For Oracle hardcore geeks there are also two examples added: reverse engineering of simple proprietary binary files (.SYM and .MSB files: page 655 in English version).
Just took a fancy domain for website dedicated to the book: http://beginners.re/
There are also supporting forum, almost silent yet: http://forum.yurichev.com/
Oh, and please donate. The book is free and well be so: http://beginners.re/donate.html
And please do not hesitate to correct my mistakes, my English language is still horrible.


Couple of win32 PE patching utilities

Just made two more win32 PE patching utilities:

These useful for automated patching and may be used in pair.


Cracking simple hash-function using Z3 SMT-solver

Just added about cracking simple hash-function using Z3 SMT-solver (page 393): http://yurichev.com/writings/RE_for_beginners-en.pdf
This can be interesting for computer programmers in general, not just to reverse engineers.

Another my article about it Z3 SMT-solver: http://yurichev.com/writings/z3_rockey.pdf

If you want to read more like this, please donate! :-) http://yurichev.com/donate.html


My "Reverse Engineering for Beginners" book

I'm still working on my book.
In past half-year I added information about C++ STL internals, which could be interesting not only for reversers, but for C++ programmers as well.
There are also example of OpenMP internals (which also could be interesting for general programmers).
Full list of changes: https://github.com/dennis714/RE-for-beginners/blob/master/ChangeLog

PE add imports

Just upgraded my PE_add_imports utility intended to add imports to the existing compiled .exe-file.
Now multiple symbols are supported, as well as x64 executables.



Convert to sparse file utility (win32)

Just wrote utility intended for converting files into sparse ones on Windows NTFS file system.
Sparse files are those in which long zero blocks are not stored on hard disk, but replaced to information about them (metadata) instead.
These files are very useful for saving space on storing half-empty ISO files, half-downloaded torrent files, virtual machine disk images.

I need it primarily for VMware WS disk images "compressing".
I suppose, many other Oracle specialists use VMware machines with a lot of Oracle versions as well :-)

More about them: https://en.wikipedia.org/wiki/Sparse_file

Compiled executable file: http://yurichev.com/utils/cvt2sparse.exe

That is how it looks after converting:

This one-liner is to be run inside of *NIX virtual machine to write zeroes to unused parts of file system:

dd if=/dev/zero of=empty_file; rm empty_file


Add import to PE executable file

Just wrote an utility I always missed:

PE_add_import is a simple tool for adding symbol to PE executable import table

Sometimes, you may need to replace existing function in binary code by function in your own DLL.

This utility adds yourdll.dll!function import into PE image and writes the following code at the specified point:

MOV EAX, [yourdll.dll!function]



New tracer features for software testing

For my software testers friends I added two features to my tracer.

* Pause

PAUSE:number: Make a pause in milliseconds. 1000 - one second. It is convinient for testing, for creating artifical delays. For example, it is important to know program's behaviour in very slow network environment:

tracer.exe -l:test1.exe bpf=WS2_32.dll!WSARecv,pause:1000

... or if it will read from some very slow storage:

tracer.exe -l:test1.exe bpf=kernel32.dll!ReadFile,pause:1000

* Probability