Hi,

Can you plz tell me a name of a good book which explains how to disassemble PE files.

Thanks a lot,
Chamal.

I don't really know of a good book that explains it, but there are a LOT of tutorials around the web (and one in every thousand is decent ;))

KW

Here is a book.. I haven't read it, but I have ordered it.. :)
[URL=http://www.amazon.com/exec/obidos/tg/detail/-/1931769222/qid=1083163553/sr=8-1/ref=pd_ka_1/002-5380788-8273637?v=glance&s=books&n=507846]Hacker Disassembling Uncovered

From one of the Amazon reviews:

I don't know why but he recommends some pretty outdated tools, like a DOS hex editor Hiew which I don't care for.

*wink* *wink* kw 8)

haha :D

I have that book and read most of it. Most of the pages are about how a
real C-program will look like in assembly, so you can recognice how a
specific assembly-code is coded in C-program.

All kind of stuff like if,else,while,function calls, pointers, arrays, ponter to
function, etc. I use it most for reference lookup.

It start with a C/C++ code then following a assemblycode result. It
explains really detailed why and how of the assembly-code structure.

But the book is a little outdated. It uses older program like HIEW, Softice
and IDA-pro as reference and some unix/linux based debugger, I cant
remember it mentioning windows xp, only win NT. But that is not really
importent, because the book is about C-code and assembly-code.

I would recommend the book only if you know how to program in C/C++
as the pages are based on those codes.

As it says, breaking protection is about:
The three basic stages of cracking protection mechanisms are LOCATING
THE PROTECTION CODE in hundreds of kilobytes (or megabytes) of
application code, ANALYZING THE ALGORITHM of its work and BREAKING.
These stages are equally important.

That book is best for reference lookup so you can analyse better. Breaking
is done by following web-tutorials, finding protection is also done by
following web-tutorials.

Just my thoughts about that book :)

the art of dissassembly

I have that book and read most of it. Most of the pages are about how a *
real C-program will look like in assembly, so you can recognice how a *
specific assembly-code is coded in C-program. *

All kind of stuff like if,else,while,function calls, pointers, arrays, ponter to *
function, etc. I use it most for reference lookup. *

It start with a C/C++ code then following a assemblycode result. It *
explains really detailed why and how of the assembly-code structure. *

But the book is a little outdated. It uses older program like HIEW, Softice *
and IDA-pro as reference and some unix/linux based debugger, I cant *
remember it mentioning windows xp, only win NT. But that is not really *
importent, because the book is about C-code and assembly-code.

I would recommend the book only if you know how to program in C/C++ *
as the pages are based on those codes.

As it says, breaking protection is about:
The three basic stages of cracking protection mechanisms are LOCATING *
THE PROTECTION CODE in hundreds of kilobytes (or megabytes) of *
application code, ANALYZING THE ALGORITHM of its work and BREAKING. *
These stages are equally important.

That book is best for reference lookup so you can analyse better. Breaking
is done by following web-tutorials, finding protection is also done by *
following web-tutorials.

Just my thoughts about that book :)

HIEW old??? Doesn't mather it is still one of the best hex editors for cracking purposes.

Both HIEW and SoftIce are still unrivaled for some purposes. Some things can be substitute by using Olly and some hex editor, but not all.
Tools like that can't be easily dismissed as 'old' imho, but in the end, its all up to the preference of the end user ;)

-kw

hiew sucks. use rta

and regarding books, don't waste your time on The Shellcoder's Handbook... it's full of mistakes