An Introduction to Software Reverse Engineering

I've worked hard about 1.5 years writing a complete book about Software Reverse Engineering. by now about 75% of the book is done(about 650 pages). the following list is a brief Table of Contents. Any Comments, Suggestions,Corrections about the topics and book structure is
welcome. I'll be very pleased if you send me your ideas about it.
(Bold topics had done by now)

An Introduction to Software Reverse Engineering

Chapter 1 (Introduction)
___.What is reverse engineering
______.Reversing samples in other fields
___.Conditions (Who, What And Why)
___.Some Usages (Legal and Illegal)

Chapter 2 (Analysis)
___.Introduction
___.Compilation Process
___.Execuatable files properties(Different Compilers)
___.Static Analysis
______.Detemining the compiler
______.Import Table Analysis
______.Resources
______.PE structure Analysis
___.Dynamic Analysis
______.Analysing Process properties
______.Modules
______.Threads
______.Process Memory
______.Handles
______.Tracking File activities
______.Tracking Registry activities
______.Tracking Hardware ports activities
______.Tracking Network activities
_________.Introduction
_________.Network Connections
_________.Sniffing
_________.Packet Sniffers
______.Tracking API functions.
_________.API Spying techniques
_________.Reporting
_________.Parameters modification
_________.System wide API hooking

Chapter 3 (Decompiling)
___.Disassemblers
___.Code Analysers
___.Reading Disassembled Codes
______.Introduction
______.High level compiling structures
_________.Loops
_________.Cases
_________.Functions
_________.Objects
_________.Variables
______.Decompilation
_________.Introduction
_________.Usages
_________.Decompilers
____________.VB
____________.Delphi/CBuilder
____________.JAVA
____________.C/C++
____________.Foxpro

Chapter 4 (Debugging)
___.Introduction
___.Debugging concepts
___.How to start
___.User Mode Debuggers
______.Complete OllyDBG tUtorial
___.Kernel Mode Debuggers
______.Complete SoftICE tUtorial

Chapter 5 (Modifications)
___.Resource Modifications
______.VC++
______.VB
______.Delphi/CBuilder
___.PE Strucrures Modifications
___.Code Modification techniques
______.Static
_________.Changing Opcodes
_________.Using caves
_________.Adding sections
______.Runtime
_________.DLL/Code injection
_________.Process Memory patching
_________.API redirection

Chapter 6 (Extracting & Using Executable Codes)
___.Using code injection techniques
___.Function analysiz
______.Dependency Analysis
______.Jumps and Calls
___.Making the output
______.Attaching extracted codes
______.Static Linking
___.Adding sections

Chapter 7 (How to protect)
___.Introduction
___.How to make reverse engineering harder
___.Packing

Chapter 8 (Manual Unpacking)
___.Introduction
___.Memory Dumping
___.User mode
___.Ring 0
___.Finding EIP
___.Recovering Import/Export Tables
___.Samples

Chapter 9 (Uncovering Undocumented functions)
Chapter 10 (.NET Reverse Engineering)
Chapter 11 (Some real world samples)
Appendix 1 (Programming with Win32 ASM)
Appendix 2 (Windows NT Kernel Mode Programming)

This actually seems to be an exceptionally well thought out and complete book. I tried very hard to find ommisions or bad structuring etc. but came up pretty empy handed.

Hopefully the book will have more than just an impressive contents list and actually have some well written material to go along with it. I dearly hope so. Judging by the contents alone one can clearly see you have put a lot of effort and time into this so I'm very hopeful indeed.

Sorry not to have provided any constructive criticism or anything but just wanted to wish you good luck in completing it and show my interest and support.

I guess all I have left to say is when can we buy it?

It seems a little bit strange to me that only one paragraph is devoted to Disassemblers.IMHO IDA Pro deserves much more attention, because its a very powerfull tool and it is very bad documented. I think, chapters about its scripting language, making signatures, writing processor modules etc would be very interisting and useful. Also, why not to make a chapter about dongles and maybe license managers like Flex?

[Shub-Nigurrath]

well,
it sounds also very strange to me a complete lack of information about how to find/do/implement countermeasures..there are several solution not involving out-of-the-shelf readymande protections, like asprotect and friends: most of the times it enough to pay attention to how you write your code to avoid common also no simple cracks attacks.
At least a checklist for quality assurance for developers about code security is imho a must in a book on reversing..but it's up to you of course.

This is looking like a book I would buy!

The reversing background information looks very good. The one suggestion I would make is in Chapter 7 (How to protect). It is likely that most people interested in this book would be looking to unprotect software. You give them the mental tools to decompile, modify and rebuild but there does not seem to be alot of discussion around the target. The hardest thing I found when I started was understanding how serial number generation, key generation and other copy protection methods are implemented in the first place. Until I figured out what the targets were, I spent I alot of time spinning my wheels. An extended discussion of common protection systems would help alot.

Just My 2 Cents

WCFF

Very Nice I would buy your books!

It seems that this book is only about reverse engineering theory? I think that introducing some useful and powerful utilities is necessary.
And as A.V says, it's best to give crack methods about dongles and license managers (FlexLM, SentialLM, etc.).

As I've noted this is a brief TOC. Of course many tools and ... are described in each topic.
Also remember that I can't write anything I want due to some Legal laws about the publishers and some copyright laws.

I WISH I COULD WRITE WHAT I WANT TO WRITE...

But by the way I'll do my best...

[theGate]

Do you want to publish it throught an editor and sell it like any other books ??
I ask you that coz it seem that some ppl are interested in special field of activities like dongle, flex and .... that for my opinion could be wonderfull to have but I dont think it will be welcome in a book sell everywhere for anyone.
Do you think that the company will like it ?

If its a free ebook for the community I think all reversal field could be discuss in particular dongle, hasp, flex, slm .....
btw stupid but ... do you know anything concerning VMware. I think that we could spy OS throuht it if we can have some info.

thanks

[dyn!o]

Lava: I've great respect for the work you are doing (concerning book). I don't know what are you focused on while writing such a book, but the last thing you should count on is money. If you are not doing it for money then continue your insteresting development without fear, but if you want to earn some money on such a book then I'm afraid you won't .

First of all: if you will relase it, sooner or later it get to this place (ExeTools). After it reach such a place (and many others like RCE message board) you can forget about money because some kid will spread it not only in such "exotic" places but you will see it immediately also on emule. And to the gangsta who will say: "Nonsense! I will buy it! No matter if it gets to ExeTools or emule, I will buy it!". Yeah, sure, but first you have to wake up and show your legal software like SoftIce and VisualC.

Of course I don't mean all people are bad and want to rob you, but think twice if you are doing it for money because some day you may get disappointed (of course I hope you won't) and lost all your faith. Such a book requires a lot of work and it gets quickly outdated so you will need to update it, which means work, work and work. Reverse engineers are specific people, they don't pay for things they don't need to - of course it's not a rule.

Good luck from me.