BKRVRSNG.RVW 20050603 "Reversing", Eldad Eilam, 2005, 0-7645-7481-7, U$40.00/C$51.99/UK#24.99 %A Eldad Eilam www.wiley.com/go/eeilam %C 5353 Dundas Street West, 4th Floor, Etobicoke, ON M9B 6H8 %D 2005 %G 0-7645-7481-7 %I John Wiley & Sons, Inc. %O U$40.00/C$51.99/UK#24.99 416-236-4433 fax: 416-236-4448 %O http://www.amazon.com/exec/obidos/ASIN/0764574817/robsladesinterne http://www.amazon.co.uk/exec/obidos/ASIN/0764574817/robsladesinte-21 %O http://www.amazon.ca/exec/obidos/ASIN/0764574817/robsladesin03-20 %O Audience a- Tech 2 Writing 2 (see revfaq.htm for explanation) %P 589 p. %T "Reversing: Secrets of Reverse Engineering" The introduction defines reverse engineering in the broadest possible way, but notes that the primary intention of the book is to cover the analysis of executable object or binary code. Interestingly, it also concentrates on .NET programs, where most other works on the subject avoid getting into the Windows environment, with its enormous program files. Part one contains foundational material on low-level code and programming. Chapter one defines reversing in more detail, introduces the tools and concepts used, and has an interestingly extended discussion of the legal ramifications of the practice. A rather generic description of the activities of programming (in both high level languages and assembler) is given in chapter two. A review of basic internal concepts in the Windows operating system is in chapter three. Chapter four describes the various tools needed for reversing. Part two demonstrates how to use reverse engineering in different situations. Chapter five covers reversing as a tool for finding out how to make a given piece of software work cooperatively with another, or how to use it most effectively, and manipulates the Windows "generic table" API for this purpose. Another mission for reverse engineering is to find out how file formats are written, as is explained in chapter six. Bugs, particularly those that can be used as security vulnerabilities, are covered in chapter seven as another task. This is extended in chapter eight to examine malware, which might be seen as a kind of program that is all bug. Part three deals specifically with piracy and copy protection. Chapter nine reviews copy protection concepts and history. Various means of preventing reverse engineering are presented in chapter ten. Some simplistic examples of breaking copy protection are given in chapter eleven (with programs written specifically for the exercise). Part four addresses more advanced topics: The Microsoft .NET framework in chapter twelve, and decompilers in chapter thirteen. The book does provide a reasonable overview, although it certainly does not teach reverse engineering as such. Teaching machine language programming would occupy a work all of its own, but the material that Eilam presents is demanding enough to ensure that if you have the background to understand the text, you probably don't need the explanations of concepts it provides. It is nice to see some up-to- date topics being addressed, but many of the subjects, such as object orientation, really have little to do with reverse engineering. The text is a welcome addition to the very limited amount in the field of software analysis, but certainly is no breakthrough. copyright Robert M. Slade, 2005 BKRVRSNG.RVW 20050603