Wrox Home  
Search
Practical Reverse Engineering: x86, x64, ARM, Windows Kernel, Reversing Tools, and Obfuscation (1118787315) cover image

Practical Reverse Engineering: x86, x64, ARM, Windows Kernel, Reversing Tools, and Obfuscation

Bruce Dang, Alexandre Gazet, Elias Bachaalany, Sebastien Josse (Contributions by)
ISBN: 978-1-118-78731-1
Paperback
384 pages
February 2014
If you are an instructor, you may request an evaluation copy for this title.
Paperback Version: US $50.00 Add to Cart

About This Title  |  Download Code  |  Errata

Do you think you've discovered an error in this book? Please check the list of errata below to see if we've already addressed the error. If not, please submit the error via our Errata Form. We will attempt to verify your error; if you're right, we will post a correction below.

ChapterPageDetailsDatePrint Run
1 3 Text correction: Error under Register Set and Data Types
The Note in the middle of the page states "Although there are seven debug registers..."
It should read "eight debug registers"
3/4/14
1 4 Text correction: Errors in code
The block of ARM code:
01: 1B 68     LDR   R3, [R3]
; read the value at address R3
02: 5A 1C     ADDS   R2, R3, #1
; add 1 to it


should read:

01: 1A 68     LDR   R2, [R3]
; read the value at address R3 and save it in R2
02: 52 1C     ADDS   R2, R2, #1
; add 1 to it
3/4/14
1 5 Text correction: Error under "Syntax"
the second bullet point, "AT&T adds a prefix to the instruction..." should read "AT&T adds a suffix to the instruction..."
3/4/14
17 5 Text correction: Error in Assembly code under "Data Movement"
The third-to-last line of code,
; set EAX to the value at address (EAX+34)
should read:
; set EAX to the value at address (ESI+0x34)
3/4/14
1 6 Text correction: Errors in code under "Pseudo C" in "Data Movement"
In the first listing on the page, lines 4 and 5:

04: *(esi+34) = eax;
05: eax = *(esi+34);


should read:

04: *(esi+0x34) = eax;
05: eax = *(esi+0x34);
3/4/14
1 7 Text correction: Errors in explanation of Figure 1-2
The first sentence following the figure, "...Importance is set to 0x1 (underlined bits)..." should read:
"...Importance is set to 0x1 (italicized bits)..."

In the block of code following, the "C6" at the beginning of lines 5 and 6 should not be italicized.

The last sentence of the paragraph following the code block, "In the example, the override prefix bytes are C6 and 66 (italicized)." should read:
"In the example, the override prefix byte is 66 (italicized)."
3/5/14
1 8 Text correction
The fourth sentence in the last paragraph, "If DF is 0, the addresses are decremented..." should read:
"If DF is 1, the addresses are decremented..."
3/5/14
1 9 Text correction: Error in assembly code
Line 6 of the code block under "Assembly":
; copies 4 bytes from EDI to ESI ; increment each by 4
should read:
; copies 4 bytes from ESI to EDI ; increment each by 4
3/5/14
1 36 Correction: Error in Figure 1-6
The 8-bit register on the right-hand side of the figure, given as "PL", should be "BPL"
3/5/14
3 146 Correction: Errors in Figure 3-8
The labels on the left of the figure, "Static Port" and "Dynamic Port" should read "Static part" and Dynamic part".
3/5/14
3 150 Text correction: Error in code listing under "IRP Handling"
The code listing has an extraneous "*" character. The listing should read:

NTSTATUS
XXX_Dispatch (
    PDEVICE_OBJECT DeviceObject,
    PIRP Irp
);
3/5/14
3 159 Text correction: Error in code
The first code listingafter the bullet list contains an extraneous "*" character. The code should read:

VOID
Unload(
    PDRIVER_OBJECT  DriverObject
    );
3/5/14
3 159 Errata in Text
The text reads:
It supports IRP_MJ_READ, IRP_MJ_WRITE, and IRP_MJ_DEVICE_CONTROL operations, and sub_10300 is the handler (renamed to IRP_ReadCloseDeviceIo).
Should be:
It supports IRP_MJ_CREATE, IRP_MJ_CLOSE, and IRP_MJ_DEVICE_CONTROL operations, and sub_10300 is the handler (renamed to IRP_ReadCloseDeviceIo).
02-May-17
2 50 Errata in text
"R3 is the index multiplied by 2"
should be
"R3 is the index multiplied by 4"
4-Aug-17
Printer-Ready Version   Share This
With you wherever you go: pdf + ePub + kindle -- DRM-free