Secrets of Reverse Engineering
by Eldad Eilam
Wiley Publishing 2005.
ISBN 0-7645-7481-7. 589 pages. $40.00. Three appendices. Index with bibliographic references included.
Reviewed by Robert Bruen May 14, 2005
It is not clear that secrets are involved in reverse engineering, with the exception that the secret is expertise. The process of getting a program to run is straightforward: design, code, compile, link and run. The binary executable is a translation of an idea into source code, the source code is compiled into object code, which is then linked with code from system libraries. The process is non-trivial, but like time's arrow, it should be a reversible one. The trick, of course, is mastering each level of translation, which is not so simple.
Anyone in the tech field ought to have written some program in some language, even if was just "Hello World." Since the point is to run a program, most people stop there. Over the years, however, many reasons to go to the code have popped up. Debuggers have become sophisticated to point where symbolic references, stepping through the code, branching and all sorts of bells and whistles are the norm. They are so good that the binary can be reversed with almost no effort, if you understand the process. Just as obviously, the folks who would like to prevent their code from being reversed have also been making progress. They strip out useful information or obfuscate variable names and use other techniques to make it difficult to reverse their code. But in the end, what was translated within software, can be reversed. The only question is how hard will it be.
In physics, time's arrow should be reversible, at least within the math. In world we live in, it is not possible to reverse things we break, like eggs and drinking glasses. Those would like to prevent reverse engineering are stuck in the math world for now and until a technique is developed to make it impossible to unwind what has been done and still have the code run.
Until now, reverse engineering has had scattered sources on the web
and in chapters in a good books such as Security Warrior, by Cyrus
Peikari and Anton Chuvakin. Eldad Eilam's book fills the gap
admirably. This is a top notch book covering everything you need to
know about reverse engineering code in any environment. Mastering
techniques, products and concepts is the goal, and it is all
here. There is also a web site with source code to accompany the book
Reversing is the best book available to learn, understand and practice reverse engineering while it is still legal.