Trending on TikTok

Buldak

Sunscreen

Sanrio

English

{{sellerTotalView > 1 ? __("sellers", {number: sellerTotalView}) : __("seller", {number: sellerTotalView}) }}, {{numTotalView > 1 ? __("items", {number: numTotalView}) : __("item", {number: numTotalView}) }}

View Cart & Check Out

Nickname

Let us know how to properly address you.

Update Your Name

xxxxxxx@yamibuy.com

Account Orders Favorites

Points 0

Coupons 0

Gift Card Balance $0.00

Sign Out

Change Your Zip Code

Inventory information and delivery speeds may vary for different locations.

Location History

We will notify you by email when the item back in stock.

Your email: {{remindEmail}}

Cancel

Jingdong book

有趣的二进制软件安全与逆向分析

View Cart & Check Out

{{buttonTypePin == 3 ? __("Scan to view more PinGo") : __("Scan to start")}}

Books Computers & Internet Programming Language and Programming

Jingdong book

有趣的二进制软件安全与逆向分析

Name: 有趣的二进制 软件安全与逆向分析
Brand: Jingdong book
SKU: 3118221601
Price: 31.11 USD
Availability: OutOfStock

{{__(":people-members", {'people': item.limit_people_count})}} {{ itemCurrency }}{{ item.valid_price }} {{ itemCurrency }}{{ item.invalid_price }} {{ itemDiscount }}

Ends in

{{ itemCurrency }}{{ priceFormat(item.valid_price / item.bundle_specification) }}/{{ item.unit }}

{{ itemCurrency }}{{ item.valid_price }} {{ itemCurrency }}{{ priceFormat(item.valid_price / item.bundle_specification) }}/{{ item.unit }} {{ itemCurrency }}{{ item.invalid_price }} {{itemDiscount}}

Sale ends in

Sale will starts after Sale ends in

{{ __( "Pay with Gift Card to get sale price: :itemCurrency:price", { 'itemCurrency' : itemCurrency, 'price' : (item.giftcard_price ? priceFormat(item.giftcard_price) : '0.00') } ) }} ({{ itemCurrency }}{{ priceFormat(item.giftcard_price / item.bundle_specification) }}/{{ item.unit }}) Details

Best before

Currently unavailable.

We don't know when or if this item will be back in stock.

Unavailable in your area.

Sold Out

Details

Full product details

Editer Recommend

打开黑箱，感受底层世界的乐趣
1. 如何防止软件被别人分析？
2. 如何知道软件在运行时都干了什么？
3. 如何防止攻击者利用漏洞夺取系统权限？

Content Description

《有趣的二进制软件安全与逆向分析》通过逆向工程，揭开人们熟知的软件背后的机器语言的秘密，并教给读者读懂这些二进制代码的方法。理解了这些方法，技术人员就能有效地Debug，防止软件受到恶意攻击和反编译。本书涵盖的技术包括：汇编与反汇编、调试与反调试、缓冲区溢出攻击与底层安全、钩子与注入、Metasploit等安全工具。

Author Description

爱甲健二，曾就职于NetAgent株式会社，负责逆向工程、恶意软件分析、渗透测试等工作。2008年7月任董事。此后，在株式会社Fourteenforty技术研究所（现更名为株式会社FFRI）从事计算机安全技术研究和软件开发工作。
曾参加Black Hat Japan 2008（日本）、HITCON 2011（中国台湾）等会议，并发表重大研究成果。著有《汇编语言教程》（アセンブリ言語の教科書）、《TCP/IP教程》（TCP/IPの教科書）等。

周自恒，技术图书译者，IT、编程及自然科学爱好者，初中时曾获得信息学奥赛天津赛区一等奖，曾任某管理咨询公司战略技术总监。
译有《图解CIO工作指南（第4版）》《大数据的冲击》《代码的未来》《30天自制操作系统》《图解密码技术》《家用游戏机简史》等。

Catalogue

第1章通过逆向工程学习如何读懂二进制代码1
1．1先来实际体验一下软件分析吧3
1．1．1通过Process Monitor的日志来确认程序的行为4
1．1．2从注册表访问中能发现些什么6
1．1．3什么是逆向工程9
专栏：逆向工程技术大赛10
1．2尝试静态分析11
1．2．1静态分析与动态分析11
专栏：Stirling与BZ Editor的区别12
1．2．2用二进制编辑器查看文件内容13
1．2．3看不懂汇编语言也可以进行分析14
1．2．4在没有源代码的情况下搞清楚程序的行为16
1．2．5确认程序的源代码18
1．3尝试动态分析20
1．3．1设置Process Monitor的过滤规则20
1．3．2调试器是干什么用的23
1．3．3用OllyDbg洞察程序的详细逻辑24
1．3．4对反汇编代码进行分析26
专栏：什么是寄存器28
1．3．5将分析结果与源代码进行比较29
专栏：选择自己喜欢的调试器30
1．4学习最基础的汇编指令32
1．4．1没必要记住所有的汇编指令32
1．4．2汇编语言是如何实现条件分支的33
1．4．3参数存放在栈中35
1．4．4从汇编代码联想到C语言源代码37
1．5通过汇编指令洞察程序行为40
1．5．1给函数设置断点40
1．5．2反汇编并观察重要逻辑42
专栏：学习编写汇编代码47
第2章在射击游戏中防止玩家作弊51
2．1解读内存转储53
2．1．1射击游戏的规则53
2．1．2修改4个字节就能得高分54
2．1．3获取内存转储58
2．1．4从进程异常终止瞬间的状态查找崩溃的原因63
2．1．5有效运用实时调试66
2．1．6通过转储文件寻找出错原因68
专栏：除了个人电脑，在其他计算机设备上运行的程序也可以进行
分析吗74
专栏：分析Java编写的应用程序74
2．2如何防止软件被别人分析76
2．2．1反调试技术76
专栏：检测调试器的各种方法77
2．2．2通过代码混淆来防止分析79
专栏：代码混淆的相关话题80
2．2．3将可执行文件进行压缩81
2．2．4将压缩过的可执行文件解压缩：解包86
2．2．5通过手动解包UPX来理解其工作原理87
2．2．6用硬件断点对ASPack进行解包91
专栏：如何分析．NET编写的应用程序95
第3章利用软件的漏洞进行攻击97
3．1利用缓冲区溢出来执行任意代码99
3．1．1引发缓冲区溢出的示例程序99
3．1．2让普通用户用管理员权限运行程序100
3．1．3权限是如何被夺取的102
3．1．4栈是如何使用内存空间的104
3．1．5攻击者如何执行任意代码107
3．1．6用gdb 查看程序运行时的情况110
3．1．7攻击代码示例113
3．1．8生成可用作shellcode的机器语言代码116
3．1．9对0x00的改进121
专栏：printf类函数的字符串格式化bug125
3．2防御攻击的技术127
3．2．1地址随机化：ASLR127
3．2．2 除存放可执行代码的内存空间以外，对其余内存空间尽量
禁用执行权限：Exec-Shield130
3．2．3 在编译时插入检测栈数据完整性的代码：StackGuard131
3．3绕开安全机制的技术134
3．3．1使用libc中的函数来进行攻击：Return-into-libc134
3．3．2利用未随机化的模块内部的汇编代码进行攻击：ROP136
专栏：计算机安全为什么会变成猫鼠游戏137
第4章自由控制程序运行方式的编程技巧139
4．1通过自制调试器来理解其原理141
4．1．1亲手做一个简单的调试器，在实践中学习141
4．1．2调试器到底是怎样工作的141
4．1．3实现反汇编功能147
4．1．4运行改良版调试器153
4．2 在其他进程中运行任意代码：代码注入155
4．2．1向其他进程注入代码155
4．2．2用SetWindowsHookEx劫持系统消息155
4．2．3将DLL路径配置到注册表的AppInit_DLLs项162
4．2．4 通过CreateRemoteThread在其他进程中创建线程165
4．2．5注入函数170
4．3任意替换程序逻辑：API 钩子174
4．3．1API 钩子的两种类型174
4．3．2用Detours实现一个简单的API 钩子174
4．3．3修改消息框的标题栏177
专栏：DLL注入和API钩子是“黑客”技术的代表？178
第5章使用工具探索更广阔的世界179
5．1 用Metasploit Framework验证和调查漏洞181
5．1．1什么是Metasploit Framework181
5．1．2安全漏洞的信息从何而来181
5．1．3搭建用于测试漏洞的环境182
5．1．4利用漏洞进行攻击183
专栏：深入探索shellcode184
5．1．5一个ROP的实际例子188
5．2用EMET观察反ROP的机制192
5．2．1什么是EMET192
5．2．2Anti-ROP的设计获得了蓝帽奖192
5．2．3如何防止攻击193
5．2．4搞清楚加载器的逻辑194
5．2．5DLL的程序逻辑196
5．2．6CALL-RETN检查197
5．2．7如何防止误判200
5．2．8检查栈的合法性201
5．3用REMnux 分析恶意软件205
5．3．1什么是REMnux205
5．3．2更新特征数据库206
5．3．3扫描目录206
5．4 用ClamAV检测恶意软件和漏洞攻击208
5．4．1ClamAV的特征文件208
5．4．2解压缩．cvd文件209
5．4．3被检测到的文件详细信息210
5．4．4检测所使用的打包器以及疑似恶意软件的文件211
5．5 用Zero Wine Tryouts分析恶意软件212
5．5．1REMnux与Zero Wine Tryouts的区别212
5．5．2运行机制212
5．5．3显示用户界面213
5．5．4确认分析报告214
专栏：尝试开发自己的工具217
5．6尽量减少人工分析：启发式技术218
5．6．1恶意软件应对极限的到来：平均每天60000个218
5．6．2启发式技术革命218
5．6．3用两个恶意软件进行测试220
附录223
A．1安装IDA224
A．2安装OllyDbg 229
A．3安装WinDbg230
A．4安装Visual Studio 2010235
A．5安装Metasploit240
A．6分析工具248
Stirling / BZ Editor248
Process Monitor249
Process Explorer250
Sysinternals工具250
兔耳旋风251
参考文献252
后记254

Introduction

这是一本讲“底层”知识的书，不过似乎现在大部分计算机用户都跟底层没多少缘分了。很多人说，写汇编语言的时候总得操心寄存器，写C 语言的时候总得操心内存，而如今到了Web 当道的时代，不但底层的事情完全用不着操心了，就连应用层的事情也有大把的框架来替你搞定。想想看，现在连大多数程序员都不怎么关心底层了，更不要说数量更多的一般用户了。当然，这其实是一件好事，这说明技术进步了，分工细化了，只需要一小部分人去研究底层，剩下大部分人都可以享受他们的伟大成果，把精力集中在距离解决实际问题更近的地方，这样才能解放出更多的生产力。
话说回来，底层到底指的是什么呢？现代数字计算机自问世以来已经过了将近60 年，在这60 年中，计算机的制造技术、性能、外观等都发生了翻天覆地的变化，然而其基本原理和结构依然还是1946 年冯? 诺依曼大神所描绘的那一套。冯? 诺依曼结构的精髓在于，处理器按照顺序执行指令和操作数据，而无论指令还是数据，它们的本质并没有区别，都是一串二进制数字的序列。换句话说，“二进制”就是现代计算机的最底层。我们现在用计算机上网、聊天、看视频、玩游戏，根本不会去考虑二进制层面的问题，不过较早接触计算机的一代人，其实都曾经离底层很近，像这本书里面所讲的调试器、反汇编器、二进制编辑器、内存编辑器等，当初可都是必备的法宝，也给我们这一代人带来过很多乐趣。
在MS-DOS 时代，很多人都用过一个叫debug 的命令，这就是一个非常典型的调试器。准确地说，debug 的功能已经超出了调试器的范畴，除了调试之外，它还能够进行汇编、反汇编、内存转储，甚至直接修改磁盘扇区，俨然是那个年代的一把“瑞士军刀”。我上初中的时候，学校上计算机课用的电脑在BIOS 里禁用了软驱，而且还设置了BIOS 密码，于是我运行debug，写几条汇编指令，调用系统中断强行抹掉CMOS 数据，重启之后显示CMOS 数据异常，于是BIOS 设置被恢复到默认状态，软驱也就可以用了，小伙伴们终于可以把游戏带来玩了。当然，学校老师后来还是找到我谈话，原因仅仅是因为我在信息学奥赛得过奖，他们觉得除了我以外不可能有别人干得出这种事了……
很多资历比较老的PC 游戏玩家其实也都和二进制打过交道，比如说，大家应该还记得一个叫“整人专家FPE”的软件。如果你曾经用过“整人专家”，那么这本书第2 章中讲的那个修改游戏得分的桥段你一定是再熟悉不过了。除了修改内存中的数据，很多玩家应该也用二进制编辑器修改过游戏存档，比如当年的《金庸群侠传》《仙剑奇侠传》，改金钱道具能力值那还是初级技巧，还有一些高级技巧，比如改各种游戏中的flag，这样错过开启隐藏分支的条件也不怕不怕啦。此外，各种破解游戏激活策略的补丁也是通过调试和反汇编研究出来的，我也曾经用SoftICE 玩过一点逆向工程，找到判断是否注册激活的逻辑，然后用一个无条件跳转替换它，或者是跳过序列号的校验逻辑，不管输入什么序列号都能激活。
精通二进制的人还懂得如何压榨出每一个比特的能量。说到这一点，不得不提鼎鼎大名的64k-intro 大赛。所谓64k-intro，就是指用一段程序来产生包含图像和声音的演示动画，而这段程序（可执行文件）的大小被限制为64KB（65536 字节）。想想看，用iPhone 随便拍一张照片就得差不多2MB 大小，相当于64KB 的32 倍，然而大神们却能在64KB 的空间里塞下长达十几分钟的3D 动画和音乐，着实令人惊叹不已。我第一次看到64k-intro 作品是在上初中的时候，当时某一期《大众软件》杂志对此做了介绍，光盘里还附带了相应的程序文件。当我在自己的电脑上亲自运行，看到美轮美奂的3D 动画时，瞬间就被二进制的奇妙感动了。
二进制的乐趣不胜枚举，其实最大的乐趣莫过于“打开黑箱”所带来的那种抽丝剥茧的快感。夸张点说，这和物理学家们探求“大统一理论”，不断逼近宇宙终极规律的过程中所体验到的那种快感颇有异曲同工之妙。诚然，二进制的可能性是无穷无尽的，这本书所涉及的也只是其中很小的一方面，但正如作者在前言中所说的那样，希望大家能够借此体会到底层技术所特有的快乐。
周自恒
2015 年8 月于上海

Specifications

Brand

Jingdong book

Brand Origin

China

Disclaimer

Product packaging, specifications and price are subject to change without notice. All information about the products on our website is provided for information purposes only. Please always read labels, warnings and directions provided with the product before use.

View Full Terms of Use

Scan to Share

Add to favorites

{{ $isZh ? coupon.coupon_name_sub : coupon.coupon_ename_sub | formatCurrency }}

Clip coupons

Quantity

{{buttonTypePin == 3 ? __("Scan to view more PinGo") : __("Scan to start")}}

Sold by JD@CHINA

Ship to

Free shipping over 69

Genuine guarantee

View details

Region

Added to Cart

Keep Shopping

More to Consider

Coupons

Clip Clipped Over

Expires soon {{ formatTime(coupon.use_end_time) }}

Share this item with friends

Cancel

Yami Gift Card

Get this exclusive deal when paying with gift card

Terms and Conditions

Gift card deals are special offers for selected products;

The gift card deals will automatically be activated if a customer uses gift card balance at check out and the balance is sufficient to pay for the total price of the shopping cart products with gift card deals;

You will not be able to activate the gift card deals if you choose other payment methods besides gift card. The products will be purchased at their normal prices;

If your account balance is not enough to pay for the products with gift card deals, you can choose to reload your gift card balance by clicking on the Reload button at either shopping cart page or check out page;

Products that have gift card deals can be recognized by a special symbol showing 'GC Deal';

For any additional questions or concerns, please contact our customer service;

Yamibuy reserves the right of final interpretation.

Sold by Yami

Service Guarantee

Free Shipping over $49

Easy Returns

Ships from United States

Shipping

United States

Standard Shipping is $5.99 (Excluding Alaska & Hawaii). Free on orders of $49 or more.

Local Express is $5.99 (Available in Parts of CA, NJ, MA & PA). Free on orders of $49 or more.

2-Day Express (Includes Alaska & Hawaii) starts at $19.99.

Return Policy

Yami is committed to provide our customers with a peace of mind when purchasing from us. Most items shipped from Yamibuy.com can be returned within 30 days of receipt of shipment (For Food, Beverages, Snacks, Dry Goods, Health supplements, Fresh Grocery and Perishables Goods, within 7 days of receipt of shipment due to damages or quality issues; To ensure that every customer receives safe and high-quality products, we do not provide refunds or returns for beauty products once they have been opened or used, except in the case of quality issues; Some products may have different policies or requirements associated with them, please see below for products under special categories, or contact Yami Customer Service for further assistance).
Thank you for your understanding and support.

Learn More

Sold by Yami

Terms and Conditions of Yami E-Gift Card

If you choose “Redeem automatically” as your delivery method, your gift card balance will be reload automatically after your order has been processed successfully;

If you choose “Send to Email”as your delivery method, the card number and CVV will be sent to the email address automatically;

Any user can use the card number and CVV to redeem the gift card, please keep your gift card information safely. If you have any trouble receiving email, please contact Yami customer service;

Yami gift card can be used to purchase both Yami owned or Marketplace products;

Yami gift card will never expire;

Yami gift card balance does not have to be used up at once;

Return Policy

Gift card that has already been consumed is non-refundable.

Sold by JD@CHINA

Fulfilled by Yami

Service Guarantee

Free Shipping over $49

Easy Returns

Ships from United States

Shipping

United States

Standard Shipping is $5.99 (Excluding Alaska & Hawaii). Free on orders of $49 or more.

Local Express is $5.99 (Available in Parts of CA, NJ, MA & PA). Free on orders of $49 or more.

2-Day Express (Includes Alaska & Hawaii) starts at $19.99.

Return Policy

You may return product within 30 days upon receiving the product. Items returned must be new in it's original packing, including the original invoice for the purchase. Customer return product at their own expense.

Sold by JD@CHINA

Yami-China FC

Service Guarantee

Cross-store Free Shipping over $69

30-days Return

Yami-China FC

Yami has a consolidation warehouse in China which collects multiple sellers’ packages and combines to one order. Our Yami consolidation warehouse will directly ship the packages to your door. Cross-store free shipping over $69.

Return Policy

You may return products within 30 days upon receiving the products. Sellers take responsibilities for any wrong shipment or missing items. Packing needs to be unopened for any other than quality issues return. We promise to pack carefully, but because goods are taking long journey to destinations, simple damages to packaging may occur. Any damages not causing internal goods quality problems are not allowed to return. If you open the package and any quality problem is found, please contact customer service within three days after receipt of goods.

Shipping Information

Yami Consolidation Service Shipping Fee $9.99(Free shipping over $69)

Sellers in China will ship their orders within 1-2 business days once the order is placed. Packages are sent to our consolidation warehouse in China and combined there. Our Yami consolidation warehouse will directly ship the packages to you via UPS. The average time for UPS to ship from China to the United States is about 10 working days and it can be traced using the tracking number. Due to the pandemic, the delivery time may be delayed by about 5 days. The package needs to be signed by the guest. If the receipt is not signed, the customer shall bear the risk of loss of the package.

Sold by JD@CHINA

Service Guarantee

Free shipping over 69

Genuine guarantee

Shipping

Yami Consolidated Shipping $9.99(Free shipping over $69)

Seller will ship the orders within 1-2 business days. The logistics time limit is expected to be 7-15 working days. In case of customs clearance, the delivery time will be extended by 3-7 days. The final receipt date is subject to the information of the postal company.

Yami Points information

All items are excluding from any promotion or points events on Yamibuy.com

Return Policy

Download the Yami App

Feedback

Back Top

Reviews{{'('+ commentList.posts_count + ')'}}

Have your say. Be the first to help other guests.

Write a review

{{i}} star

{{i}} stars

{{ parseInt(commentRatingList[i]) }}%

{{ showTranslate(comment) }}Show Less

{{ strLimit(comment,800) }}Show more

Show Original

Show All

{{ formatTime(comment.in_dtm) }} VERIFIED PURCHASE {{groupData}}

{{ comment.likes_count }} {{ comment.likes_count }} {{ comment.reply_count }} {{comment.in_user==uid ? __('Delete') : __('Report')}}

{{ showTranslate(comment) }}Show Less

{{ strLimit(comment,800) }}Show more

Show Original

Show All

{{ formatTime(comment.in_dtm) }} VERIFIED PURCHASE {{groupData}}

{{ comment.likes_count }} {{ comment.likes_count }} {{ comment.reply_count }} {{comment.in_user==uid ? __('Delete') : __('Report')}}

No related comment~

Load more reviews

Review

{{ showTranslate(commentDetails) }}Show Less

{{ strLimit(commentDetails,800) }}Show more

Show Original

Show All

{{ formatTime(commentDetails.in_dtm) }} VERIFIED PURCHASE {{groupData}}

Please write at least one word

Comments{{'(' + replyList.length + ')'}}

Change Your Zip Code

Location History

有趣的二进制 软件安全与逆向分析

有趣的二进制软件安全与逆向分析