Books
- Assembly Language for Intel-Based Computers, 5th Edition, by Kip Irvine, Prentice Hall 2006
- Intel® 64 and IA-32 Architectures Software Developer Manuals, http://www.intel.com/content/www/us/en/processors/architectures-software-developer-manuals.html
- Programming Windows, Fifth Edition, by Charles Petzold, Microsoft Press 1998
- The IDA Pro Book: The Unofficial Guide to the World’s Most Popular Disassembler, 2nd Edition, by Chris Eagle, No Starch Press 2011
- Reversing: Secrets of Reverse Engineering, by Eldad Eilam, Wiley 2005
- Hacking: The Art of Exploitation, 2nd Edition, by Jon Erickson, No Starch Press 2008
- Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software, by Michael Sikorski, No Starch Press 2012
- Metasploit: The Penetration Tester’s Guide, by David Kennedy, etc., No Starch Press 2011
- The Rootkit Arsenal: Escape and Evasion in the Dark Corners of the System, 2nd Edition, by Bill Blunden, Jones & Bartlett Learning 2012
- Identifying Malicious Code Through Reverse Engineering, by Abhishek Singh and Baibhav Singh, Springer 2009
Technical References
ARM instruction set:
• 2008 lecture note by Dr. Mark McDermott of UT Austin
Basics of Assembly Programming in Windows:
• http://www.grc.com/smgassembly.htm
• Windows Assembly Programming Tutorial by Jeff Huang of UIUC, 2003
Microsoft Kernel-Mode Driver Framework (KMDF):
• http://msdn.microsoft.com/en-us/library/windows/hardware/gg463279.aspx
• KMDF with interrupt
Major Tools:
Tool catalog
- Collaborative RCE Tool library: This site contains a comprehensive list of tools http://www.woodmann.com/collaborative/tools/index.php/Category:RCE_Tools
Assembly Programming
- Microsoft Visual Studio 2012/2013: For 32-bit (win32) asm programming.
- Asmhighlighter: It is an x86 asm syntax highlighting addIn for vs 2012(vs 2013 not supported yet.)
http://asmhighlighter.codeplex.com/. - MASM32: A development environment for win32 asm programmers.
http://www.masm32.com/
Disassmbly, code analysis, debugging
- IDA Pro: A disassembly tool. https://www.hex-rays.com/products/ida/ :
- OllyDbg 2.01: user-mode debugger for dynamic debugging and static analysis. http://www.ollydbg.de
- PEiD: A PE analysis tool which detects most common packers, cryptors and compilers for PE files. http://www.aldeid.com/wiki/PEiD
Exploit and anti-RE
- Metsploit: A vulnerability test generation suite Metasploit: Penetration Testing Software
- UPX: code packer and unpacker. http://upx.sourceforge.net/
Reminders
Software obtained from the Internet can contain malware that directly or indirectly infects your computer. One must take great precaution in using software tools downloaded from Internet. Additionally, you should assume that your data may be lost due to some incidents during analysis, so backup is a must.
Windows Debugging Tools:
• to be filled
• http://msdn.microsoft.com/en-us/library/windows/hardware/ff551063(v=vs.85).aspx
Non-technical References
• Wiki page of the Digital Millennium Copyright Act
• Wiki page of Digital rights management
Computer software protection act of 1984
Disclaimer: These links are provided for quick and convenient references to some relevant technical and non-technical information for the research and education community.