[Python灰帽子:黑客与逆向工程师的Python编程之道]英文文字版

内容简介

[Python灰帽子:黑客与逆向工程师的Python编程之道]英文文字版

目录

  • Foreword
    • Acknowledgments
      • Introduction
        • 1: Setting Up Your Development Environment
          • 1.1 Operating System Requirements
            • 1.2 Obtaining and Installing Python 2.5
              • 1.2.1 Installing Python on Windows
                • 1.2.2 Installing Python for Linux
                • 1.2.1 Installing Python on Windows
                  • 1.2.2 Installing Python for Linux
                    • 1.3 Setting Up Eclipse and PyDev
                      • 1.3.1 The Hacker’s Best Friend: ctypes
                        • 1.3.2 Using Dynamic Libraries
                          • 1.3.3 Constructing C Datatypes
                            • 1.3.4 Passing Parameters by Reference
                              • 1.3.5 Defining Structures and Unions
                              • 1.3.1 The Hacker’s Best Friend: ctypes
                                • 1.3.2 Using Dynamic Libraries
                                  • 1.3.3 Constructing C Datatypes
                                    • 1.3.4 Passing Parameters by Reference
                                      • 1.3.5 Defining Structures and Unions
                                      • 2: Debuggers and Debugger Design
                                        • 2.1 General-Purpose CPU Registers
                                          • 2.2 The Stack
                                            • 2.3 Debug Events
                                              • 2.4 Breakpoints
                                                • 2.4.1 Soft Breakpoints
                                                  • 2.4.2 Hardware Breakpoints
                                                    • 2.4.3 Memory Breakpoints
                                                    • 2.4.1 Soft Breakpoints
                                                      • 2.4.2 Hardware Breakpoints
                                                        • 2.4.3 Memory Breakpoints
                                                        • 3: Building a Windows Debugger
                                                          • 3.1 Debuggee, Where Art Thou?
                                                            • 3.2 Obtaining CPU Register State
                                                              • 3.2.1 Thread Enumeration
                                                                • 3.2.2 Putting It All Together
                                                                • 3.2.1 Thread Enumeration
                                                                  • 3.2.2 Putting It All Together
                                                                    • 3.3 Implementing Debug Event Handlers
                                                                      • 3.4 The Almighty Breakpoint
                                                                        • 3.4.1 Soft Breakpoints
                                                                          • 3.4.2 Hardware Breakpoints
                                                                            • 3.4.3 Memory Breakpoints
                                                                            • 3.4.1 Soft Breakpoints
                                                                              • 3.4.2 Hardware Breakpoints
                                                                                • 3.4.3 Memory Breakpoints
                                                                                  • 3.5 Conclusion
                                                                                  • 4: PyDbg -- A Pure Python Windows Debugger
                                                                                    • 4.1 Extending Breakpoint Handlers
                                                                                      • 4.2 Access Violation Handlers
                                                                                        • 4.3 Process Snapshots
                                                                                          • 4.3.1 Obtaining Process Snapshots
                                                                                            • 4.3.2 Putting It All Together
                                                                                            • 4.3.1 Obtaining Process Snapshots
                                                                                              • 4.3.2 Putting It All Together
                                                                                              • 5: Immunity Debugger -- The Best of Both Worlds
                                                                                                • 5.1 Installing Immunity Debugger
                                                                                                  • 5.2 Immunity Debugger 101
                                                                                                    • 5.2.1 PyCommands
                                                                                                      • 5.2.2 PyHooks
                                                                                                      • 5.2.1 PyCommands
                                                                                                        • 5.2.2 PyHooks
                                                                                                          • 5.3 Exploit Development
                                                                                                            • 5.3.1 Finding Exploit-Friendly Instructions
                                                                                                              • 5.3.2 Bad-Character Filtering
                                                                                                                • 5.3.3 Bypassing DEP on Windows
                                                                                                                • 5.3.1 Finding Exploit-Friendly Instructions
                                                                                                                  • 5.3.2 Bad-Character Filtering
                                                                                                                    • 5.3.3 Bypassing DEP on Windows
                                                                                                                      • 5.4 Defeating Anti-Debugging Routines in Malware
                                                                                                                        • 5.4.1 IsDebuggerPresent
                                                                                                                          • 5.4.2 Defeating Process Iteration
                                                                                                                          • 5.4.1 IsDebuggerPresent
                                                                                                                            • 5.4.2 Defeating Process Iteration
                                                                                                                            • 6: Hooking
                                                                                                                              • 6.1 Soft Hooking with PyDbg
                                                                                                                                • 6.2 Hard Hooking with Immunity Debugger
                                                                                                                                • 7: DLL and Code Injection
                                                                                                                                  • 7.1 Remote Thread Creation
                                                                                                                                    • 7.1.1 DLL Injection
                                                                                                                                      • 7.1.2 Code Injection
                                                                                                                                      • 7.1.1 DLL Injection
                                                                                                                                        • 7.1.2 Code Injection
                                                                                                                                          • 7.2 Getting Evil
                                                                                                                                            • 7.2.1 File Hiding
                                                                                                                                              • 7.2.2 Coding the Backdoor
                                                                                                                                                • 7.2.3 Compiling with py2exe
                                                                                                                                                • 7.2.1 File Hiding
                                                                                                                                                  • 7.2.2 Coding the Backdoor
                                                                                                                                                    • 7.2.3 Compiling with py2exe
                                                                                                                                                    • 8: Fuzzing
                                                                                                                                                      • 8.1 Bug Classes
                                                                                                                                                        • 8.1.1 Buffer Overflows
                                                                                                                                                          • 8.1.2 Integer Overflows
                                                                                                                                                            • 8.1.3 Format String Attacks
                                                                                                                                                            • 8.1.1 Buffer Overflows
                                                                                                                                                              • 8.1.2 Integer Overflows
                                                                                                                                                                • 8.1.3 Format String Attacks
                                                                                                                                                                  • 8.2 File Fuzzer
                                                                                                                                                                    • 8.3 Future Considerations
                                                                                                                                                                      • 8.3.1 Code Coverage
                                                                                                                                                                        • 8.3.2 Automated Static Analysis
                                                                                                                                                                        • 8.3.1 Code Coverage
                                                                                                                                                                          • 8.3.2 Automated Static Analysis
                                                                                                                                                                          • 9: Sulley
                                                                                                                                                                            • 9.1 Sulley Installation
                                                                                                                                                                              • 9.2 Sulley Primitives
                                                                                                                                                                                • 9.2.1 Strings
                                                                                                                                                                                  • 9.2.2 Delimiters
                                                                                                                                                                                    • 9.2.3 Static and Random Primitives
                                                                                                                                                                                      • 9.2.4 Binary Data
                                                                                                                                                                                        • 9.2.5 Integers
                                                                                                                                                                                          • 9.2.6 Blocks and Groups
                                                                                                                                                                                          • 9.2.1 Strings
                                                                                                                                                                                            • 9.2.2 Delimiters
                                                                                                                                                                                              • 9.2.3 Static and Random Primitives
                                                                                                                                                                                                • 9.2.4 Binary Data
                                                                                                                                                                                                  • 9.2.5 Integers
                                                                                                                                                                                                    • 9.2.6 Blocks and Groups
                                                                                                                                                                                                      • 9.3 Slaying WarFTPD with Sulley
                                                                                                                                                                                                        • 9.3.1 FTP 101
                                                                                                                                                                                                          • 9.3.2 Creating the FTP Protocol Skeleton
                                                                                                                                                                                                            • 9.3.3 Sulley Sessions
                                                                                                                                                                                                              • 9.3.4 Network and Process Monitoring
                                                                                                                                                                                                                • 9.3.5 Fuzzing and the Sulley Web Interface
                                                                                                                                                                                                                • 9.3.1 FTP 101
                                                                                                                                                                                                                  • 9.3.2 Creating the FTP Protocol Skeleton
                                                                                                                                                                                                                    • 9.3.3 Sulley Sessions
                                                                                                                                                                                                                      • 9.3.4 Network and Process Monitoring
                                                                                                                                                                                                                        • 9.3.5 Fuzzing and the Sulley Web Interface
                                                                                                                                                                                                                        • 10: Fuzzing Windows Drivers
                                                                                                                                                                                                                          • 10.1 Driver Communication
                                                                                                                                                                                                                            • 10.2 Driver Fuzzing with Immunity Debugger
                                                                                                                                                                                                                              • 10.3 Driverlib-The Static Analysis Tool for Drivers
                                                                                                                                                                                                                                • 10.3.1 Discovering Device Names
                                                                                                                                                                                                                                  • 10.3.2 Finding the IOCTL Dispatch Routine
                                                                                                                                                                                                                                    • 10.3.3 Determining Supported IOCTL Codes
                                                                                                                                                                                                                                    • 10.3.1 Discovering Device Names
                                                                                                                                                                                                                                      • 10.3.2 Finding the IOCTL Dispatch Routine
                                                                                                                                                                                                                                        • 10.3.3 Determining Supported IOCTL Codes
                                                                                                                                                                                                                                          • 10.4 Building a Driver Fuzzer
                                                                                                                                                                                                                                          • 11: IDAPython -- Scripting IDA Pro
                                                                                                                                                                                                                                            • 11.1 IDAPython Installation
                                                                                                                                                                                                                                              • 11.2 IDAPython Functions
                                                                                                                                                                                                                                                • 11.2.1 Utility Functions
                                                                                                                                                                                                                                                  • 11.2.2 Segments
                                                                                                                                                                                                                                                    • 11.2.3 Functions
                                                                                                                                                                                                                                                      • 11.2.4 Cross-References
                                                                                                                                                                                                                                                        • 11.2.5 Debugger Hooks
                                                                                                                                                                                                                                                        • 11.2.1 Utility Functions
                                                                                                                                                                                                                                                          • 11.2.2 Segments
                                                                                                                                                                                                                                                            • 11.2.3 Functions
                                                                                                                                                                                                                                                              • 11.2.4 Cross-References
                                                                                                                                                                                                                                                                • 11.2.5 Debugger Hooks
                                                                                                                                                                                                                                                                  • 11.3 Example Scripts
                                                                                                                                                                                                                                                                    • 11.3.1 Finding Dangerous Function Cross-References
                                                                                                                                                                                                                                                                      • 11.3.2 Function Code Coverage
                                                                                                                                                                                                                                                                        • 11.3.3 Calculating Stack Size
                                                                                                                                                                                                                                                                        • 11.3.1 Finding Dangerous Function Cross-References
                                                                                                                                                                                                                                                                          • 11.3.2 Function Code Coverage
                                                                                                                                                                                                                                                                            • 11.3.3 Calculating Stack Size
                                                                                                                                                                                                                                                                            • 12: PyEmu -- The Scriptable Emulator
                                                                                                                                                                                                                                                                              • 12.1 Installing PyEmu
                                                                                                                                                                                                                                                                                • 12.2 PyEmu Overview
                                                                                                                                                                                                                                                                                  • 12.2.1 PyCPU
                                                                                                                                                                                                                                                                                    • 12.2.2 PyMemory
                                                                                                                                                                                                                                                                                      • 12.2.3 PyEmu
                                                                                                                                                                                                                                                                                        • 12.2.4 Execution
                                                                                                                                                                                                                                                                                          • 12.2.5 Memory and Register Modifiers
                                                                                                                                                                                                                                                                                            • 12.2.6 Handlers
                                                                                                                                                                                                                                                                                            • 12.2.1 PyCPU
                                                                                                                                                                                                                                                                                              • 12.2.2 PyMemory
                                                                                                                                                                                                                                                                                                • 12.2.3 PyEmu
                                                                                                                                                                                                                                                                                                  • 12.2.4 Execution
                                                                                                                                                                                                                                                                                                    • 12.2.5 Memory and Register Modifiers
                                                                                                                                                                                                                                                                                                      • 12.2.6 Handlers
                                                                                                                                                                                                                                                                                                        • 12.3 IDAPyEmu
                                                                                                                                                                                                                                                                                                          • 12.3.1 Function Emulation
                                                                                                                                                                                                                                                                                                            • 12.3.2 PEPyEmu
                                                                                                                                                                                                                                                                                                              • 12.3.3 Executable Packers
                                                                                                                                                                                                                                                                                                                • 12.3.4 UPX Packer
                                                                                                                                                                                                                                                                                                                  • 12.3.5 Unpacking UPX with PEPyEmu
                                                                                                                                                                                                                                                                                                                  • 12.3.1 Function Emulation
                                                                                                                                                                                                                                                                                                                    • 12.3.2 PEPyEmu
                                                                                                                                                                                                                                                                                                                      • 12.3.3 Executable Packers
                                                                                                                                                                                                                                                                                                                        • 12.3.4 UPX Packer
                                                                                                                                                                                                                                                                                                                          • 12.3.5 Unpacking UPX with PEPyEmu
                                                                                                                                                                                                                                                                                                                          • Index
                                                                                                                                                                                                                                                                                                                            • Updates