Note: Supplemental materials are not guaranteed with Rental or Used book purchases.
Purchase Benefits
What is included with this book?
Justin Seitz is a Senior Security Researcher for Immunity, Inc., where he spends his time bug hunting, reverse engineering, writing exploits, and coding Python.
Foreword | p. xiii |
Acknowledgments | p. xvii |
Introduction | p. xix |
Setting up Your Development Environment | p. 1 |
Operating System Requirements | p. 2 |
Obtaining and Installing Python 2.5 | p. 2 |
Installing Python on Windows | p. 2 |
Installing Python for Linux | p. 3 |
Setting Up Eclipse and PyDev | p. 4 |
The Hacker's Best Friend: ctypes | p. 5 |
Using Dynamic Libraries | p. 6 |
Constructing C Datatypes | p. 8 |
Passing Parameters by Reference | p. 9 |
Defining Structures and Unions | p. 9 |
Debuggers and Debugger Design | p. 13 |
General-Purpose CPU Registers | p. 14 |
The Stack | p. 16 |
Debug Events | p. 18 |
Breakpoints | p. 18 |
Soft Breakpoints | p. 19 |
Hardware Breakpoints | p. 21 |
Memory Breakpoints | p. 23 |
Building A Windows Debugger | p. 25 |
Debuggee, Where Art Thou? | p. 25 |
Obtaining CPU Register State | p. 33 |
Thread Enumeration | p. 33 |
Putting It All Together | p. 35 |
Implementing Debug Event Handlers | p. 39 |
The Almighty Breakpoint | p. 43 |
Soft Breakpoints | p. 43 |
Hardware Breakpoints | p. 47 |
Memory Breakpoints | p. 52 |
Conclusion | p. 55 |
Pydbg-A Pure Python Windows Debugger | p. 57 |
Extending Breakpoint Handlers | p. 58 |
Access Violation Handlers | p. 60 |
Process Snapshots | p. 63 |
Obtaining Process Snapshots | p. 63 |
Putting It All Together | p. 65 |
Immunity Debugger-The Best Of Both Worlds | p. 69 |
Installing Immunity Debugger | p. 70 |
Immunity Debugger 101 | p. 70 |
PyCommands | p. 71 |
PyHooks | p. 71 |
Exploit Development | p. 73 |
Finding Exploit-Friendly Instructions | p. 73 |
Bad-Character Filtering | p. 75 |
Bypassing DEP on Windows | p. 77 |
Defeating Anti-Debugging Routines in Malware | p. 81 |
IsDebuggerPresent | p. 81 |
Defeating Process Iteration | p. 82 |
Hooking | p. 85 |
Soft Hooking with PyDbg | p. 86 |
Hard Hooking with Immunity Debugger | p. 90 |
DLL and Code Injection | p. 97 |
Remote Thread Creation | p. 98 |
DLL Injection | p. 99 |
Code Injection | p. 101 |
Getting Evil | p. 104 |
File Hiding | p. 104 |
Coding the Backdoor | p. 105 |
Compiling with py2exe | p. 108 |
Fuzzing | p. 111 |
Bug Classes | p. 112 |
Buffer Overflows | p. 112 |
Integer Overflows | p. 113 |
Format String Attacks | p. 114 |
File Fuzzer | p. 115 |
Future Considerations | p. 122 |
Code Coverage | p. 122 |
Automated Static Analysis | p. 122 |
Sulley | p. 123 |
Sulley Installation | p. 124 |
Sulley Primitives | p. 125 |
Strings | p. 125 |
Delimiters | p. 125 |
Static and Random Primitives | p. 126 |
Binary Data | p. 126 |
Integers | p. 126 |
Blocks and Groups | p. 127 |
Slaying WarFTPD with Sulley | p. 129 |
FTP 101 | p. 129 |
Creating the FTP Protocol Skeleton | p. 130 |
Sulley Sessions | p. 131 |
Network and Process Monitoring | p. 132 |
Fuzzing and the Sulley Web Interface | p. 133 |
Fuzzing Windows Drivers | p. 137 |
Driver Communication | p. 138 |
Driver Fuzzing with Immunity Debugger | p. 139 |
Driverlib-The Static Analysis Tool for Drivers | p. 142 |
Discovering Device Names | p. 143 |
Finding the IOCTL Dispatch Routine | p. 144 |
Determining Supported IOCTL Codes | p. 145 |
Building a Driver Fuzzer | p. 147 |
Idapython-Scripting Ida Pro | p. 153 |
IDAPython Installation | p. 154 |
IDAPython Functions | p. 155 |
Utility Functions | p. 155 |
Segments | p. 155 |
Functions | p. 156 |
Cross-References | p. 156 |
Debugger Hooks | p. 157 |
Example Scripts | p. 158 |
Finding Dangerous Function Cross-References | p. 158 |
Function Code Coverage | p. 160 |
Calculating Stack Size | p. 161 |
Pyemu-The Scriptable Emulator | p. 163 |
Installing PyEmu | p. 164 |
PyEmu Overview | p. 164 |
PyCPU | p. 164 |
PyMemory | p. 165 |
PyEmu | p. 165 |
Execution | p. 165 |
Memory and Register Modifiers | p. 165 |
Handlers | p. 166 |
IDAPyEmu | p. 171 |
Function Emulation | p. 172 |
PEPyEmu | p. 175 |
Executable Packers | p. 176 |
UPX Packer | p. 176 |
Unpacking UPX with PEPyEmu | p. 177 |
Index | p. 183 |
Table of Contents provided by Ingram. All Rights Reserved. |
The New copy of this book will include any supplemental materials advertised. Please check the title of the book to determine if it should include any access cards, study guides, lab manuals, CDs, etc.
The Used, Rental and eBook copies of this book are not guaranteed to include any supplemental materials. Typically, only the book itself is included. This is true even if the title states it includes any access cards, study guides, lab manuals, CDs, etc.