Hacker Disassembling Uncovered

Program-Transformation.Org: The Program Transformation Wiki
Hacker Disassembling Uncovered, Kris Kaspersky. A-List Publishing, 2003. ISBN: 1931769222, 584pp, soft cover.

The book is divided into two parts. Part 1 is "Getting acquainted with basic hacking techniques", and takes up about 80% of the book. Part 2 is titled "Ways of making software analysis difficult".

Both parts treat the static approach (disassembling) separately from the dynamic (debugging). By far the largest chapter in the book is "Identifying key structures of high level languages"; most of this consists of commented disassemblies of programs.

The book is completely Windows specific. The author sticks to the major tools: IDA Pro, Soft Ice, and although he covers Borland and Watcom compilers, most of the examples are from Microsoft Visual C/C++ 6. The gcc compiler is mentioned briefly.

I was disappointed that the material seems at times rather dated. For example, he uses IDA Pro version 4.1X (before the integrated debugger), some of the examples are of 16-bit code, and so on. No version of Windows after Windows 2000 is mentioned.

Kaspersky has good coverage of Virtual Function tables, operator new and delete, the various calling conventions, and so on. I was really hoping he'd have the structure for Windows message maps, since these are such a good starting point, but I haven't found any reference to it. The index (at the back of the book) is hopeless, just two pages, I'm afraid this is a pet hate of mine. There is a 12 page "how to" index, but you have to think the same way as the author in order to use it effectively.

There is good material here, but to me it lacked any real depth.

-- MikeVanEmmerik - 30 Jul 2004