- Subjects
- Published
-
San Francisco, CA :
No Starch Press
c2009.
- Language
- English
- Main Author
- Physical Description
- xx, 189 p. : ill. ; 24 cm
- Bibliography
- Includes bibliographical references and index.
- ISBN
- 9781593271923
- Foreword
- Acknowledgments
- Introduction
- 1. Setting up Your Development Environment
- 1.1. Operating System Requirements
- 1.2. Obtaining and Installing Python 2.5
- 1.2.1. Installing Python on Windows
- 1.2.2. Installing Python for Linux
- 1.3. Setting Up Eclipse and PyDev
- 1.3.1. The Hacker's Best Friend: ctypes
- 1.3.2. Using Dynamic Libraries
- 1.3.3. Constructing C Datatypes
- 1.3.4. Passing Parameters by Reference
- 1.3.5. Defining Structures and Unions
- 2. Debuggers and Debugger Design
- 2.1. General-Purpose CPU Registers
- 2.2. The Stack
- 2.3. Debug Events
- 2.4. Breakpoints
- 2.4.1. Soft Breakpoints
- 2.4.2. Hardware Breakpoints
- 2.4.3. Memory Breakpoints
- 3. Building A Windows Debugger
- 3.1. Debuggee, Where Art Thou?
- 3.2. Obtaining CPU Register State
- 3.2.1. Thread Enumeration
- 3.2.2. Putting It All Together
- 3.3. Implementing Debug Event Handlers
- 3.4. The Almighty Breakpoint
- 3.4.1. Soft Breakpoints
- 3.4.2. Hardware Breakpoints
- 3.4.3. Memory Breakpoints
- 3.5. Conclusion
- 4. Pydbg-A Pure Python Windows Debugger
- 4.1. Extending Breakpoint Handlers
- 4.2. Access Violation Handlers
- 4.3. Process Snapshots
- 4.3.1. Obtaining Process Snapshots
- 4.3.2. Putting It All Together
- 5. Immunity Debugger-The Best Of Both Worlds
- 5.1. Installing Immunity Debugger
- 5.2. Immunity Debugger 101
- 5.2.1. PyCommands
- 5.2.2. PyHooks
- 5.3. Exploit Development
- 5.3.1. Finding Exploit-Friendly Instructions
- 5.3.2. Bad-Character Filtering
- 5.3.3. Bypassing DEP on Windows
- 5.4. Defeating Anti-Debugging Routines in Malware
- 5.4.1. IsDebuggerPresent
- 5.4.2. Defeating Process Iteration
- 6. Hooking
- 6.1. Soft Hooking with PyDbg
- 6.2. Hard Hooking with Immunity Debugger
- 7. DLL and Code Injection
- 7.1. Remote Thread Creation
- 7.1.1. DLL Injection
- 7.1.2. Code Injection
- 7.2. Getting Evil
- 7.2.1. File Hiding
- 7.2.2. Coding the Backdoor
- 7.2.3. Compiling with py2exe
- 8. Fuzzing
- 8.1. Bug Classes
- 8.1.1. Buffer Overflows
- 8.1.2. Integer Overflows
- 8.1.3. Format String Attacks
- 8.2. File Fuzzer
- 8.3. Future Considerations
- 8.3.1. Code Coverage
- 8.3.2. Automated Static Analysis
- 9. Sulley
- 9.1. Sulley Installation
- 9.2. Sulley Primitives
- 9.2.1. Strings
- 9.2.2. Delimiters
- 9.2.3. Static and Random Primitives
- 9.2.4. Binary Data
- 9.2.5. Integers
- 9.2.6. Blocks and Groups
- 9.3. Slaying WarFTPD with Sulley
- 9.3.1. FTP 101
- 9.3.2. Creating the FTP Protocol Skeleton
- 9.3.3. Sulley Sessions
- 9.3.4. Network and Process Monitoring
- 9.3.5. Fuzzing and the Sulley Web Interface
- 10. Fuzzing Windows Drivers
- 10.1. Driver Communication
- 10.2. Driver Fuzzing with Immunity Debugger
- 10.3. Driverlib-The Static Analysis Tool for Drivers
- 10.3.1. Discovering Device Names
- 10.3.2. Finding the IOCTL Dispatch Routine
- 10.3.3. Determining Supported IOCTL Codes
- 10.4. Building a Driver Fuzzer
- 11. Idapython-Scripting Ida Pro
- 11.1. IDAPython Installation
- 11.2. IDAPython Functions
- 11.2.1. Utility Functions
- 11.2.2. Segments
- 11.2.3. Functions
- 11.2.4. Cross-References
- 11.2.5. Debugger Hooks
- 11.3. Example Scripts
- 11.3.1. Finding Dangerous Function Cross-References
- 11.3.2. Function Code Coverage
- 11.3.3. Calculating Stack Size
- 12. Pyemu-The Scriptable Emulator
- 12.1. Installing PyEmu
- 12.2. PyEmu Overview
- 12.2.1. PyCPU
- 12.2.2. PyMemory
- 12.2.3. PyEmu
- 12.2.4. Execution
- 12.2.5. Memory and Register Modifiers
- 12.2.6. Handlers
- 12.3. IDAPyEmu
- 12.3.1. Function Emulation
- 12.3.2. PEPyEmu
- 12.3.3. Executable Packers
- 12.3.4. UPX Packer
- 12.3.5. Unpacking UPX with PEPyEmu
- Index