Gray Hat Python Python Programming for Hackers and Reverse Engineers
by Seitz, JustinFormat: Paperback
Pub. Date: 2009-04-15
Publisher(s): No Starch Press
Other versions by this Author
-
This Item Qualifies for Free Shipping!*
*Excludes marketplace orders.
List Price: $41.95
Buy New
Arriving Soon. Will ship when available.
$39.95
Rent Book
Select for Price
Used Book
We're Sorry
Sold Out
eBook
We're Sorry
Not Available
How Marketplace Works:
- This item is offered by an independent seller and not shipped from our warehouse
- Item details like edition and cover design may differ from our description; see seller's comments before ordering.
- Sellers much confirm and ship within two business days; otherwise, the order will be cancelled and refunded.
- Marketplace purchases cannot be returned to eCampus.com. Contact the seller directly for inquiries; if no response within two days, contact customer service.
- Additional shipping costs apply to Marketplace purchases. Review shipping costs at checkout.
Summary
Python is the high-level language of choice for hacking, vulnerability discovery, and security research. Gray Hat Python, the first Python book written for advanced security analysts, explains the intricacies of using Python to assist in a range of security analysis tasks. Readers learn how to design and program their own debuggers, create powerful fuzzers, utilize open source libraries to automate tedious tasks, and interface with commercial and non-commercial security tools. Gray Hat Python covers everything from the nuts and bolts of how to use the language for basic code and DLL injection to using Python to analyze binaries and disassemble software. It also discusses a variety of open source Python tools (such as PyDbg, PaiMei, PyEmu, Sulley, and Immunity Debugger) and how to extend them. Fundamentally a security book, Gray Hat Python reveals just how superior the Python language is when it comes to hacking, reverse engineering, malware analysis and software testing.
Author Biography
Justin Seitz is a Senior Security Researcher for Immunity, Inc., where he spends his time bug hunting, reverse engineering, writing exploits, and coding Python.
Table of Contents
| Foreword | p. xiii |
| Acknowledgments | p. xvii |
| Introduction | p. xix |
| Setting up Your Development Environment | p. 1 |
| Operating System Requirements | p. 2 |
| Obtaining and Installing Python 2.5 | p. 2 |
| Installing Python on Windows | p. 2 |
| Installing Python for Linux | p. 3 |
| Setting Up Eclipse and PyDev | p. 4 |
| The Hacker's Best Friend: ctypes | p. 5 |
| Using Dynamic Libraries | p. 6 |
| Constructing C Datatypes | p. 8 |
| Passing Parameters by Reference | p. 9 |
| Defining Structures and Unions | p. 9 |
| Debuggers and Debugger Design | p. 13 |
| General-Purpose CPU Registers | p. 14 |
| The Stack | p. 16 |
| Debug Events | p. 18 |
| Breakpoints | p. 18 |
| Soft Breakpoints | p. 19 |
| Hardware Breakpoints | p. 21 |
| Memory Breakpoints | p. 23 |
| Building A Windows Debugger | p. 25 |
| Debuggee, Where Art Thou? | p. 25 |
| Obtaining CPU Register State | p. 33 |
| Thread Enumeration | p. 33 |
| Putting It All Together | p. 35 |
| Implementing Debug Event Handlers | p. 39 |
| The Almighty Breakpoint | p. 43 |
| Soft Breakpoints | p. 43 |
| Hardware Breakpoints | p. 47 |
| Memory Breakpoints | p. 52 |
| Conclusion | p. 55 |
| Pydbg-A Pure Python Windows Debugger | p. 57 |
| Extending Breakpoint Handlers | p. 58 |
| Access Violation Handlers | p. 60 |
| Process Snapshots | p. 63 |
| Obtaining Process Snapshots | p. 63 |
| Putting It All Together | p. 65 |
| Immunity Debugger-The Best Of Both Worlds | p. 69 |
| Installing Immunity Debugger | p. 70 |
| Immunity Debugger 101 | p. 70 |
| PyCommands | p. 71 |
| PyHooks | p. 71 |
| Exploit Development | p. 73 |
| Finding Exploit-Friendly Instructions | p. 73 |
| Bad-Character Filtering | p. 75 |
| Bypassing DEP on Windows | p. 77 |
| Defeating Anti-Debugging Routines in Malware | p. 81 |
| IsDebuggerPresent | p. 81 |
| Defeating Process Iteration | p. 82 |
| Hooking | p. 85 |
| Soft Hooking with PyDbg | p. 86 |
| Hard Hooking with Immunity Debugger | p. 90 |
| DLL and Code Injection | p. 97 |
| Remote Thread Creation | p. 98 |
| DLL Injection | p. 99 |
| Code Injection | p. 101 |
| Getting Evil | p. 104 |
| File Hiding | p. 104 |
| Coding the Backdoor | p. 105 |
| Compiling with py2exe | p. 108 |
| Fuzzing | p. 111 |
| Bug Classes | p. 112 |
| Buffer Overflows | p. 112 |
| Integer Overflows | p. 113 |
| Format String Attacks | p. 114 |
| File Fuzzer | p. 115 |
| Future Considerations | p. 122 |
| Code Coverage | p. 122 |
| Automated Static Analysis | p. 122 |
| Sulley | p. 123 |
| Sulley Installation | p. 124 |
| Sulley Primitives | p. 125 |
| Strings | p. 125 |
| Delimiters | p. 125 |
| Static and Random Primitives | p. 126 |
| Binary Data | p. 126 |
| Integers | p. 126 |
| Blocks and Groups | p. 127 |
| Slaying WarFTPD with Sulley | p. 129 |
| FTP 101 | p. 129 |
| Creating the FTP Protocol Skeleton | p. 130 |
| Sulley Sessions | p. 131 |
| Network and Process Monitoring | p. 132 |
| Fuzzing and the Sulley Web Interface | p. 133 |
| Fuzzing Windows Drivers | p. 137 |
| Driver Communication | p. 138 |
| Driver Fuzzing with Immunity Debugger | p. 139 |
| Driverlib-The Static Analysis Tool for Drivers | p. 142 |
| Discovering Device Names | p. 143 |
| Finding the IOCTL Dispatch Routine | p. 144 |
| Determining Supported IOCTL Codes | p. 145 |
| Building a Driver Fuzzer | p. 147 |
| Idapython-Scripting Ida Pro | p. 153 |
| IDAPython Installation | p. 154 |
| IDAPython Functions | p. 155 |
| Utility Functions | p. 155 |
| Segments | p. 155 |
| Functions | p. 156 |
| Cross-References | p. 156 |
| Debugger Hooks | p. 157 |
| Example Scripts | p. 158 |
| Finding Dangerous Function Cross-References | p. 158 |
| Function Code Coverage | p. 160 |
| Calculating Stack Size | p. 161 |
| Pyemu-The Scriptable Emulator | p. 163 |
| Installing PyEmu | p. 164 |
| PyEmu Overview | p. 164 |
| PyCPU | p. 164 |
| PyMemory | p. 165 |
| PyEmu | p. 165 |
| Execution | p. 165 |
| Memory and Register Modifiers | p. 165 |
| Handlers | p. 166 |
| IDAPyEmu | p. 171 |
| Function Emulation | p. 172 |
| PEPyEmu | p. 175 |
| Executable Packers | p. 176 |
| UPX Packer | p. 176 |
| Unpacking UPX with PEPyEmu | p. 177 |
| Index | p. 183 |
| Table of Contents provided by Ingram. All Rights Reserved. |
An electronic version of this book is available through VitalSource.
This book is viewable on PC, Mac, iPhone, iPad, iPod Touch, and most smartphones.
By purchasing, you will be able to view this book online, as well as download it, for the chosen number of days.
Digital License
You are licensing a digital product for a set duration. Durations are set forth in the product description, with "Lifetime" typically meaning five (5) years of online access and permanent download to a supported device. All licenses are non-transferable.
More details can be found here.
A downloadable version of this book is available through the eCampus Reader or compatible Adobe readers.
Applications are available on iOS, Android, PC, Mac, and Windows Mobile platforms.
Please view the compatibility matrix prior to purchase.