Eps 1062: Practical Binary Analysis on Linux
— The too lazy to register an account podcast
Build Your Own Linux Tools for Binary Instrumentation, Analysis, and Disassembly
"Dennis Andriesse has put together a book that combines the necessary knowledge and tools enabling the reader to grasp not only the fundamentals of binary analysis, but also to put the newfound knowledge to the test in practical and illustrative examples of binary analysis."
The goal of all binary analysis is to determine (and possibly modify) the true properties of binary programs to understand what they really do, rather than what we think they should do.
Host
Alex Lynch
Podcast Content
The book covers a variety of scenarios in which binary analysis techniques can be used, and covers all scenarios. The book comes with a virtual machine that contains examples of the software, as well as a free sample chapter that you can download. Order your hardcopy or eBook online at No Starch Press or Amazon or download the free sample chapter.
Binary analysis is one of the most important tasks in computer science and technology. Many binary analysis tasks are basically undecidable, which means that it is impossible to build a problem analysis machine that always delivers the right result. To give you an idea of some of the challenges that are expected, here are some things that make binary analysis difficult.
To perform the most sophisticated binary analysis instrumentation, an exercise that helps you solidify your skills goes beyond understanding basic assembly.
Practical binary analysis is an accessible way to present the most advanced binary analysis tools for Linux and other operating systems. It gives you what you need to work effectively with binary programs and transform your knowledge from a basic understanding to expert level knowledge.
As malware increasingly disfigures itself and uses anti-analysis techniques to thwart analysis, we need more sophisticated methods that allow us to lift the dark curtain that is supposed to keep us away. Binary analysis can help us do this, but it is not the only tool available.
The goal of binary analysis is to determine and modify the true properties of a binary program to understand what it is really doing, not what we think it should do.
Binary instruments rely on analysis techniques such as disassembly, but can also be used to support binary analysis. This book covers some of the techniques mentioned above, such as the fact that you can use binary analysis to document programs for which you have no source. Learn about binary instrumentation and techniques that allow us to modify a binary program without needing a source.
Even when no source is available, binary analysis can be useful for finding subtle errors that manifest more clearly on the binary level than on the source level. In the fourth chapter of the book, Andriesse demonstrates the creation of a binary loader using binary file descriptor libraries.
Although it is clear that the author understands the material very well, the book loses some points by calling it practical binary analysis. The book covers many aspects of binary analysis and allows the reader to determine the best use case for each technique as well as the most common. Binary analysis techniques covered in this book are useful for a wide range of applications, not only for Linux, but also for other operating systems.
I found it quite easy to represent the full range of binary analysis techniques it presents, with only a few examples of each.
A few months ago, I started studying a wonderful book I had bought some time ago. I honestly believe that this book is one of the most important binary analysis books in the Linux world. First of all, I recommend it to all who want to approach the world of Linux binary analysis. This is the book you've always wanted to know about almost every aspect of binary analysis, and it's a great introduction to a wide range of techniques and techniques under Linux.
The Anatomy of Binary provides a general introduction to the anatomy of binary programs. The exercises in each chapter consist of solving a CTF - like a challenge that consists of several levels.
The crash course in x86 Assembly includes a short introduction to the X86 assembly language. The ELF format introduces the binary format used in Windows and the ElF binary formats used in Linux. A short introduction provides a detailed overview of the elf format and the ELF binary format used for Linux, along with some examples of binary programs.
The implementation of PT - NOTE overwriting with libelf is an introduction to libfelf and an example of the elfinject tool used in Chapter 7.
List of Binary Analysis Tools contains a list of binary analysis tools that can be used for both binary file analysis and implementation.
Many people associate binary analysis with reverse engineering or disassembly, but this approach has several advantages: you don't need a CPU to run the binary, you can potentially analyze the entire binary in one go, and you don't need a CPU. Disassembly is the analysis of the entire binary file, not just its parts. Reverse engineering is a widely used application of binary analysis and is often the only way to document the behavior of proprietary software or malware.