Secrets of Reverse Engineering
by Eldad Eilam

Wiley Publishing 2005.
ISBN 0-7645-7481-7. 589 pages. $40.00. Three appendices. Index with bibliographic references included.

Reviewed by  Robert Bruen   May 14, 2005 

It is not clear that secrets are involved in reverse engineering, with the exception that the secret is expertise. The process of getting a program to run is straightforward: design, code, compile, link and run. The binary executable is a translation of an idea into source code, the source code is compiled into object code, which is then linked with code from system libraries. The process is non-trivial, but like time's arrow, it should be a reversible one. The trick, of course, is mastering each level of translation, which is not so simple.

Anyone in the tech field ought to have written some program in some language, even if was just "Hello World." Since the point is to run a program, most people stop there. Over the years, however, many reasons to go to the code have popped up. Debuggers have become sophisticated to point where symbolic references, stepping through the code, branching and all sorts of bells and whistles are the norm. They are so good that the binary can be reversed with almost no effort, if you understand the process. Just as obviously, the folks who would like to prevent their code from being reversed have also been making progress. They strip out useful information or obfuscate variable names and use other techniques to make it difficult to reverse their code. But in the end, what was translated within software, can be reversed. The only question is how hard will it be.

In physics, time's arrow should be reversible, at least within the math. In world we live in, it is not possible to reverse things we break, like eggs and drinking glasses. Those would like to prevent reverse engineering are stuck in the math world for now and until a technique is developed to make it impossible to unwind what has been done and still have the code run.

Until now, reverse engineering has had scattered sources on the web and in chapters in a good books such as Security Warrior, by Cyrus Peikari and Anton Chuvakin. Eldad Eilam's book fills the gap admirably. This is a top notch book covering everything you need to know about reverse engineering code in any environment. Mastering techniques, products and concepts is the goal, and it is all here. There is also a web site with source code to accompany the book . Be forewarned, you will need to learn assembly language to get through it. If you skipped the hard parts of writing code, you will be challenged. This is not a book for wimps. There are disassembly listings, there are step by step, detailed instructions on reversing programs and there are charts explaining the conceptual approach. Eilam covers .Net reversal as well as copy protection. While none of this should be controversial, all of it seems to be.

Reversing is the best book available to learn, understand and practice reverse engineering while it is still legal.