Practical Binary Analysis

Practical Binary Analysis covers all major binary analysis topics in an accessible way, from binary formats, disassembly, and basic analysis to advanced techniques like binary instrumentation, taint analysis, and symbolic execution. Order a hardcopy or ebook online at Amazon or directly from No Starch Press.

Cover of Practical Binary Analysis. Table of contents.

Virtual Machine and Code Samples

The book comes with a virtual machine that contains all the examples and software. You can download it from this torrent. The username and password for the VM are both “binary.” To use the VM you'll need VirtualBox. You can also download just the example code.

Important: Make sure to update the VM to ensure that any errata are fixed. You can always get the latest updates by opening a terminal on the VM and running the following command:

cd /home/binary && wget -q https://practicalbinaryanalysis.com/patch/auto-update.sh \
        && chmod 755 auto-update.sh && ./auto-update.sh

Note that you should use only the above command to update. Updating the OS or any software packages, for instance with apt, is not recommended because some of the pre-installed binary analysis toolkits have very specific expectations about the system.

Running Code Samples on Windows and Other Platforms

If you know what you're doing and you really want to run the code samples on a platform other than the VM, that should be possible in most cases. Most of the tools used in the book, including Capstone, Pin, and Triton, are made to work on Linux, Windows, and macOS. The major exception is libdft; unfortunately, porting it to Windows is probably hopeless without a major rewrite.

Triton and libdft depend on older Pin versions that don't work on Linux kernel 4.4+. Therefore, getting these tools to work on a modern Linux distro can be a challenge. If you still want to attempt this, you may want to skim my notes on getting Pin 2.13, Pin 2.14, and libdft to work on Ubuntu 16.04. Note that this involves downgrading the kernel, which is not recommended for any kind of production system.

Downloads

  • Virtual machine with all code samples and software (username/password “binary”) Magnet link Torrent file
  • Archive with all code samples Archive (.tar.gz)
  • Patch for libdft Patch file
  • Virtual machine (direct download w/ limited bandwidth, please use only if you can't use the torrent) VM (.ova)

Book a Talk, Training or Workshop

To book me for a talk, training or workshop on binary or malware analysis, contact me at 52%5D2%3F5C%3A6DD6o8%3E2%3A%3D%5D4%40%3Eda.andriesse‹ατ›gmail.com.

PGP key

Here's my [PGP key].

PGP key fingerprint

A82C A27D 4A27 CF84 7C23
BC58 BAD7 CA8E F693 94DD

Author Bio

Dennis Andriesse has a Ph.D. in system and network security and uses binary analysis daily in his research. He is one of the main contributors to PathArmor, a Control-Flow Integrity system which defends against control-flow hijacking attacks such as ROP. Some of his research on binary analysis has been integrated into Binary Ninja. Andriesse was also one of the attack developers involved in the takedown of the GameOver Zeus P2P botnet. Find his academic website here.