Reverse Engineering Reading List
Software & Libraries
- IDA Pro: The KING IDA is a Windows, Linux or Mac OS X hosted multi-processor disassembler and debugger that offers so many features it is hard to describe them all.
- Binary Ninja: A reverse engineering platform. It focuses on a clean and easy to use interface with a powerful multithreaded analysis built on a custom IL to quickly adapt to a variety of architectures, platforms, and compilers.
- Capstone: Capstone is a lightweight multi-platform, multi-architecture disassembly framework. Our target is to make Capstone the ultimate disassembly engine for binary analysis and reversing in the security community.
- Hopper: Hopper is a reverse engineering tool for OS X and Linux, that lets you disassemble, and decompile your 32/64bits Intel Mac, Linux, Windows and iOS executables! Based on capstone, scriptable.
- PeachPy: Portable efficient assembly code-generator in higher-level python.
- Radare2: Portable reversing framework for disassembly, debugging, forensics, etc. Based on capstone, scriptable.
- x64dbg: Open source x64/x32 Windows debugger. Heir to Olly.
- re_lab: A portable reverse engineering environment using docker.
Assembly / Disassembly
- Analyzing Uncommon Firmware
- ARM v7 Disassembling
- UROBOROS - Reassembling Disassembling - a tool that can disassemble executables to the extent that the generated code can be assembled back to working binaries without manual effort.
- Reverse Engineering 101 Speaker Presentation
- Reverse Engineering 101 - NYU: Poly 2010: Intro to Reverse Engineering given at NYU:Poly on October 4th, 2010 by Aaron Portnoy and Peter Silberman.
- Reverse Engineering 102 - NYU: Poly 2010: Intro to Reverse Engineering (Day 2) given at NYU:Poly on October 11th, 2010 by Aaron Portnoy and Peter Silberman.
- CTF Field Guide
- Modern X86 Assembly Language Programming: 32-bit, 64-bit, SSE, and AVX: Fundamentals of x86 assembly language programming. It focuses on the aspects of the x86 instruction set that are most relevant to application software development.
- Practical Malware Analysis: Practical Malware Analysis will teach you the tools and techniques used by professional analysts. With this book as your guide, you'll be able to safely analyze, debug, and disassemble any malicious software that comes your way.
- Practical Reverse Engineering: The book covers x86, x64, and ARM (the first book to cover all three); Windows kernel-mode code rootkits and drivers; virtual machine protection techniques; and much more. Best of all, it offers a systematic approach to the material, with plenty of hands-on exercises and real-world examples.
- Reversing: Secrets of Reverse Engineering: Beginning with a basic primer on reverse engineering-including computer internals, operating systems, and assembly language-and then discussing the various applications of reverse engineering, this book provides readers with practical, in-depth techniques for software reverse engineering.
- Reverse Engineering for Beginners: Available in english and russian, this ebook is a good introduction for beginners. Numerous topics are touched : Oracle RDBMS, Itanium, copy-protection dongles, LD_PRELOAD, stack overflow, ELF, win32 PE file format, x86-64, critical sections, syscalls, TLS, position-independent code (PIC), profile-guided optimization, C++ STL, OpenMP, win32 SEH.
- The IDA Pro Book: The Unofficial Guide to the World's Most Popular Disassembler: Hailed by the creator of IDA Pro as "profound, comprehensive, and accurate," the second edition of The IDA Pro Book covers everything from the very first steps to advanced automation techniques.
- Automatic Reverse Engineering of Data Structures from Binary Execution [PDF]
- Digging For Data Structures [PDF]
- Howard: a dynamic excavator for reverse engineering data structures [PDF]
- MemPick: High-Level Data Structure Detection in C/C++ Binaries [PDF]
- TIE: Principled Reverse Engineering of Types in Binary Programs [PDF]
- Automated Vulnerability Discovery Techniques [PDF]
- Dismantling Megamos Crypto: Wirelessly Lockpicking a Vehicle Immobilizer [PDF]
- Memory Graph Approach for Program Data Introspection and Modification [PDF]
- Remote Exploitation of an Unaltered Passenger Vehicle [PDF]
- Intel® 64 and IA-32 Architectures Software Developer Manuals: These manuals describe the architecture and programming environment of the Intel® 64 and IA-32 architectures.
- X86 Opcode and Instruction Reference: This reference is intended to be precise opcode and instruction set reference (including x86-64). Its principal aim is exact definition of instruction parameters and attributes.
- JSON x86-64 Intel instruction set: The entire x86-64 Intel instruction set in a machine readable JSON format up to AVX-512.
- X86-64 Reference: Derived from the September 2014 version of the Intel® 64 and IA-32 Architectures Software Developer’s Manual, volumes 2A and 2B. Uses PDF mining to generate the reference from official Intel docs.
Mac and iOS
- iOS App Reverse Engineering: iOS App Reverse Engineering is the world's 1st book of very detailed iOS App reverse engineering skills
- iOS Kernel Security [PDF]
- Jailbreaking Techniques [PDF]
- Reversing iOS Apps: A Practical Approach [PDF]
Obfuscation and Deobfuscation
- Context-Sensitive Analysis of Obfuscated x86 Executables [PDF]
- Advanced JS Deobfuscation Via AST and Partial Evaluation
- The Art of Unpacking [PDF]
Driver Signature Enforcement
- Defeating Windows Driver Signature Enforcement #1: default drivers
- Defeating Windows Driver Signature Enforcement #2: CSRSS and thread desktops
- Defeating Windows Driver Signature Enforcement #3: The Ultimate Encounter
- DSEFix - Defeating x64 Driver Signature Enforcement: Using exploitable signed drivers - VirtualBox driver
- Bypassing PatchGuard on Windows x64
- Disable PatchGuard Vista & Windows 7
- Disable PatchGuard Windows 8 & Windows 10
- Universal Patchguard and Driver Signature Enforcement Disable
- PInvoke.net: PInvoke.net is primarily a wiki, allowing developers to find, edit and add PInvoke* signatures, user-defined types, and any other information related to calling Win32 and other unmanaged APIs from managed code (written in languages such as C# or VB.NET).