Practical Binary Analysis

Practical Binary Analysis

Build Your Own Linux Tools for Binary Instrumentation, Analysis, and Disassembly
by Dennis Andriesse
October 2018, 440 pp.

Order now and get early access to the PDF ebook!
(What's Early Access?)
(Which chapters are available now?)

Get 30% off with the coupon code EARLYBIRD

Stop manually analyzing binary! Practical Binary Analysis is the first book of its kind to present advanced binary analysis topics, such as binary instrumentation, dynamic taint analysis, and symbolic execution, in an accessible way. After an introduction on the basics of binary formats, disassembly, and code injection, you’ll dive into more complex subjects, and by the end of the book, you’ll be able to build your own binary analysis tools. Practical Binary Analysis will help interested people become well-rounded binary analysts, who are capable of developing and exploring new ideas on their own.

Author Bio 

Dennis Andriesse has a Ph.D. in system and network security and uses binary analysis daily in his postdoctoral. He is one of the main contributors to PathArmor, a Control-Flow Integrity system which defends against control-flow hijacking attacks such as ROP. Andriesse was also one of the attack developers involved in the takedown of the GameOver Zeus P2P botnet.

Table of contents 


Part I: Binary Formats

Chapter 1: Anatomy of a Binary (NOW AVAILABLE!)
Chapter 2: The ELF Format (NOW AVAILABLE!)
Chapter 3: The PE Format: A Brief Introduction (NOW AVAILABLE!)
Chapter 4: Building a Binary Loader Using libbfd (NOW AVAILABLE!)

Part II: Binary Analysis Fundamentals

Chapter 5: Basic Binary Analysis in Linux (NOW AVAILABLE!)
Chapter 6: Disassembly and Binary Analysis Fundamentals (NOW AVAILABLE!)
Chapter 7: Simple Code Injection Techniques for ELF (NOW AVAILABLE!)

Part III: Advanced Binary Analysis

Chapter 8: Customizing Disassembly
Chapter 9: Binary Instrumentation
Chapter 10: Principles of Dynamic Taint Analysis
Chapter 11: Practical Dynamic Taint Analysis with libdft
Chapter 12: Principles of Symbolic Execution
Chapter 13: Practical Symbolic Execution with Triton

Part IV: Appendices

Appendix A: A Crash Course on x86 Assembly
Appendix B: Implementing PT_NOTE Overwriting Using libelf
Appendix C: List of Binary Analysis Tools
Appendix D: Further Reading