REVIEW: "Reversing", Eldad Eilam

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

BKRVRSNG.RVW   20050603

"Reversing", Eldad Eilam, 2005, 0-7645-7481-7,
%A   Eldad Eilam
%C   5353 Dundas Street West, 4th Floor, Etobicoke, ON   M9B 6H8
%D   2005
%G   0-7645-7481-7
%I   John Wiley & Sons, Inc.
%O   U$40.00/C$51.99/UK#24.99 416-236-4433 fax: 416-236-4448
%O  ( product link shortened)
  ( product link shortened)
%O   Audience a- Tech 2 Writing 2 (see revfaq.htm for explanation)
%P   589 p.
%T   "Reversing: Secrets of Reverse Engineering"

The introduction defines reverse engineering in the broadest possible
way, but notes that the primary intention of the book is to cover the
analysis of executable object or binary code.  Interestingly, it also
concentrates on .NET programs, where most other works on the subject
avoid getting into the Windows environment, with its enormous program

Part one contains foundational material on low-level code and
programming.  Chapter one defines reversing in more detail, introduces
the tools and concepts used, and has an interestingly extended
discussion of the legal ramifications of the practice.  A rather
generic description of the activities of programming (in both high
level languages and assembler) is given in chapter two.  A review of
basic internal concepts in the Windows operating system is in chapter
three.  Chapter four describes the various tools needed for reversing.

Part two demonstrates how to use reverse engineering in different
situations.  Chapter five covers reversing as a tool for finding out
how to make a given piece of software work cooperatively with another,
or how to use it most effectively, and manipulates the Windows
"generic table" API for this purpose.  Another mission for reverse
engineering is to find out how file formats are written, as is
explained in chapter six.  Bugs, particularly those that can be used
as security vulnerabilities, are covered in chapter seven as another
task.  This is extended in chapter eight to examine malware, which
might be seen as a kind of program that is all bug.

Part three deals specifically with piracy and copy protection.
Chapter nine reviews copy protection concepts and history.  Various
means of preventing reverse engineering are presented in chapter ten.
Some simplistic examples of breaking copy protection are given in
chapter eleven (with programs written specifically for the exercise).

Part four addresses more advanced topics: The Microsoft .NET framework
in chapter twelve, and decompilers in chapter thirteen.

The book does provide a reasonable overview, although it certainly
does not teach reverse engineering as such.  Teaching machine language
programming would occupy a work all of its own, but the material that
Eilam presents is demanding enough to ensure that if you have the
background to understand the text, you probably don't need the
explanations of concepts it provides.  It is nice to see some up-to-
date topics being addressed, but many of the subjects, such as object
orientation, really have little to do with reverse engineering.  The
text is a welcome addition to the very limited amount in the field of
software analysis, but certainly is no breakthrough.

copyright Robert M. Slade, 2005   BKRVRSNG.RVW   20050603

============= for back issues:
[Base URL] site /
      or mirror /
CISSP refs:     [Base URL]mnbksccd.htm
Security Dict.: [Base URL]secgloss.htm
Book reviews:   [Base URL]mnbk.htm
Review mailing list: send mail to

Site Timeline