Książki

Gain a solid understanding of how Linux C and C++ compilers generate binary code. This book explains the reversing and binary analysis of ARM64 architecture now used by major Linux cloud providers and covers topics ranging from writing programs in assembly language, live debugging, and static binary analysis of compiled C and C++ code. It is ideal for those working with embedded devices, including mobile phones and tablets.

Using the latest version of Red Hat, you'll look closely at the foundations of diagnostics of core memory dumps, live and postmortem debugging of Linux applications, services, and systems. You'll also work with the GDB debugger and use it for disassembly and reversing. This book uses practical step-by-step exercises of increasing complexity with explanations and many diagrams, including some necessary background topics.  In addition, you will be able to analyze such code confidently, understand stack memory usage, and reconstruct original C/C++ code.  

And as you'll see, memory forensics, malware, and vulnerability analysis, require an understanding of ARM64 assembly language and how C and C++ compilers generate code, including memory layout and pointers. This book provides the background knowledge and practical foundations you'll need to understand internal Linux program structure and behavior.  

Foundations of ARM64 Linux Debugging, Disassembling, and Reversing is the perfect companion to Foundations of Linux Debugging, Disassembling, and Reversing for readers interested in the cloud or cybersecurity.

 What You'll Learn

• Review the basics of ARM64 assembly language
• Examine the essential GDB debugger commands for debugging and binary analysis 
• Study C and C++ compiler code generation with and without compiler optimizations 
  
• Look at binary code disassembly and reversing patterns
  
• See how pointers in C and C++ are implemented and used

Who This Book Is For

Software support and escalation engineers, cloud security engineers, site reliability engineers, DevSecOps, platform engineers, software testers, Linux C/C++ software engineers and security researchers without ARM64 assembly language background, and beginners learning Linux software reverse engineering techniques.

Foundations of ARM64 Linux Debugging, Disassembling, and Reversing: Analyze Code, Understand Stack Memory Usage, and Reconstruct Original C/C++ Code with ARM64

Chapter 1 - A64.1: Memory, Registers, and Simple Arithmetic11
Memory and Registers inside an Idealized Computer11Memory and Registers inside ARM 64-bit Computer12"Arithmetic" Project: Memory Layout and Registers13"Arithmetic" Project: A Computer Program14"Arithmetic" Project: Assigning Numbers to Memory Locations15Assigning Numbers to Registers18"Arithmetic" Project: Adding Numbers to Memory Cells19Incrementing/Decrementing Numbers in Memory and Registers22Multiplying Numbers25
Chapter 2 - A64.2: Code Optimization29"Arithmetic" Project: C/C++ Program29Downloading GDB31GDB Disassembly Output - No Optimization32GDB Disassembly Output - Optimization37
Chapter 3 - A64.3: Number Representations39Numbers and Their Representations39Decimal Representation (Base Ten)40Ternary Representation (Base Three)41Binary Representation (Base Two)42Hexadecimal Representation (Base Sixteen)43Why are Hexadecimals Used?44
Chapter 4 - A64.4: Pointers47A Definition47"Pointers" Project: Memory Layout and Registers48"Pointers" Project: Calculations50Using Pointers to Assign Numbers to Memory Cells51Adding Numbers Using Pointers58Incrementing Numbers Using Pointers62Multiplying Numbers Using Pointers65
Chapter 5 - A64.5: Bytes, Half Words, Words, and Double Words69Using Hexadecimal Numbers69Byte Granularity70Bit Granularity71Memory Layout72
Chapter 6 - A64.6: Pointers to Memory75Pointers Revisited75Addressing Types76Registers Revisited81NULL Pointers82Invalid Pointers83Variables as Pointers84Pointer Initialization85Initialized and Uninitialized Data86More Pseudo Notation87"MemoryPointers" Project: Memory Layout88
Chapter 7 - A64.7: Logical Instructions and PC99Instruction Format99Logical Shift Instructions100Logical Operations101Zeroing Memory or Registers102Instruction Pointer103Code Section105
Chapter 8 - A64.8: Reconstructing a Program with Pointers107Example of Disassembly Output: No Optimization107Reconstructing C/C++ Code: Part 1110Reconstructing C/C++ Code: Part 2112Reconstructing C/C++ Code: Part 3114Reconstructing C/C++ Code: C/C++ program116Example of Disassembly Output: Optimized Program117
Chapter 9 - A64.9: Memory and Stacks119Stack: A Definition119Stack Implementation in Memory120Things to Remember122Stack Push Implementation123Stack Pop Implementation124Register Review125Application Memory Simplified126Stack Overflow127Jumps128Calls130Call Stack131Exploring Stack in GDB133
Chapter 10 - A64.10: Frame Pointer and Local Variables137Stack Usage137Register Review138Addressing Array Elements139Stack Structure (No Function Parameters)140Function Prolog141Raw Stack (No Local Variables and Function Parameters)142Function Epilog144"Local Variables" Project145Disassembly of Optimized Executable148
Chapter 11- A64.11: Function Parameters149"FunctionParameters" Project149Stack Structure150Function Prolog and Epilog152Project Disassembled Code with Comments154Parameter Mismatch Problem158
Chapter 12 - A64.12: More Instructions159PSTATE Flags159Testing for 0160TST - Logical Compare161CMP - Compare Two Operands162TST or CMP?163Conditional Jumps164Function Return Value165
Chapter 13 - A64.13: Function Pointer Parameters167"FunctionPointerParameters" Project167Commented Disassembly168
Chapter 14 - A64.14: Summary of Code Disassembly Patterns173Function Prolog / Epilog173ADR (Address)174Passing Parameters175Accessing Saved Parameters and Local Variables176