Skip to content
Switch branches/tags
Go to file
Cannot retrieve contributors at this time

Reverse Engineering Reading List

If any of the links are down and you can't retrieve them on, contact me and I can give you a copy of the document.

Software & Libraries

  • IDA Pro: The KING IDA is a Windows, Linux or Mac OS X hosted multi-processor disassembler and debugger that offers so many features it is hard to describe them all.
  • Ghidra: Ghidra is a software reverse engineering (SRE) framework created and maintained by the National Security Agency Research Directorate. This framework includes a suite of full-featured, high-end software analysis tools that enable users to analyze compiled code on a variety of platforms including Windows, Mac OS, and Linux. Capabilities include disassembly, assembly, decompilation, graphing, and scripting, along with hundreds of other features. Ghidra supports a wide variety of process instruction sets and executable formats and can be run in both user-interactive and automated modes. Users may also develop their own Ghidra plug-in components and/or scripts using Java or Python.
  • Binary Ninja: A reverse engineering platform. It focuses on a clean and easy to use interface with a powerful multithreaded analysis built on a custom IL to quickly adapt to a variety of architectures, platforms, and compilers.
  • Capstone: Capstone is a lightweight multi-platform, multi-architecture disassembly framework. Our target is to make Capstone the ultimate disassembly engine for binary analysis and reversing in the security community.
  • Hopper: Hopper is a reverse engineering tool for OS X and Linux, that lets you disassemble, and decompile your 32/64bits Intel Mac, Linux, Windows and iOS executables! Based on capstone, scriptable.
  • PeachPy: Portable efficient assembly code-generator in higher-level python.
  • Radare2: Portable reversing framework for disassembly, debugging, forensics, etc. Based on capstone, scriptable.
  • x64dbg: Open source x64/x32 Windows debugger. Heir to Olly.
  • re_lab: A portable reverse engineering environment using docker.


Assembly / Disassembly



  • Modern X86 Assembly Language Programming: 32-bit, 64-bit, SSE, and AVX: Fundamentals of x86 assembly language programming. It focuses on the aspects of the x86 instruction set that are most relevant to application software development.
  • Practical Malware Analysis: Practical Malware Analysis will teach you the tools and techniques used by professional analysts. With this book as your guide, you'll be able to safely analyze, debug, and disassemble any malicious software that comes your way.
  • Practical Reverse Engineering: The book covers x86, x64, and ARM (the first book to cover all three); Windows kernel-mode code rootkits and drivers; virtual machine protection techniques; and much more. Best of all, it offers a systematic approach to the material, with plenty of hands-on exercises and real-world examples.
  • Reversing: Secrets of Reverse Engineering: Beginning with a basic primer on reverse engineering-including computer internals, operating systems, and assembly language-and then discussing the various applications of reverse engineering, this book provides readers with practical, in-depth techniques for software reverse engineering.
  • Reverse Engineering for Beginners: Available in english and russian, this ebook is a good introduction for beginners. Numerous topics are touched : Oracle RDBMS, Itanium, copy-protection dongles, LD_PRELOAD, stack overflow, ELF, win32 PE file format, x86-64, critical sections, syscalls, TLS, position-independent code (PIC), profile-guided optimization, C++ STL, OpenMP, win32 SEH.
  • The IDA Pro Book: The Unofficial Guide to the World's Most Popular Disassembler: Hailed by the creator of IDA Pro as "profound, comprehensive, and accurate," the second edition of The IDA Pro Book covers everything from the very first steps to advanced automation techniques.

Data Structures


Instruction Sets

Mac and iOS

Malware Analysis

Please refer to the additional document


Reverse Engineering of Protocols from Network Traces [PDF]

Obfuscation and Deobfuscation

Research Tools



Driver Signature Enforcement


Patch Guard


  • is primarily a wiki, allowing developers to find, edit and add PInvoke* signatures, user-defined types, and any other information related to calling Win32 and other unmanaged APIs from managed code (written in languages such as C# or VB.NET).