Hacker’s Secret 100 Secret Techniques Revealed

One of the nice book that suitable for Hacker, but too bad it is in Japanese version. Wish someone will translate to English version in future.

You can find the author from here Satoru TakabayashiFumitoshi UkaiYusuke SatoShinichiro HamajiKazuyuki Shudo

Chapter 1. Introduction

1. Introduction to Binary Hacks
2. Terminology of Binary Hacks
3. Using “file” to tell file types
4. Using “od” to dump binary files

Chapter 2. Object Files Hacks

5. Introduction to ELF
6. Static libraries and dynamic libraries
7. Using “ldd” to check dependencies of shared libraries
8. Using “readelf” to see information of ELF files
9. Using “objdump” to dump object files
10. Using “objdump” to disassemble object files
11. Using “objcopy” to embed data in executables
12. Using “nm” to see lists of symbols in object files
13. Using “strings” to extract strings from binary files
14. Using “c++filt” to demangle C++ symbols
15. Using “addr2line” to get file names and line numbers by addresses
16. Using “strip” to delete symbols from object files
17. Using “ar” to modify static libraries
18. How to link C and C++ programs
19. How to avoid symbol collision issues
20. Why PIC code is used for shared libraries on GNU/Linux systems
21. Using “statifier” to create pseudo static executables from dynamic executables

Chapter 3. GNU Programming Hacks

22. Introduction to GCC extensions
23. Using inline assembler with GCC
24. Using GCC’s builtin functions for optimization
25. Writing “Hello World” without using glibc
26. Using TLS (Thread Local Storage)
27. Switching glibc’s internal libraries by system capabilities
28. Changing behavior of programs by linked libraries
29. Reducing exported symbols of libraries
30. Using versioned symbols to manage compatibility
31. Calling functions before main()
32. How GCC generates trampoline code at runtime
33. Allowing and disallowing executable flags of code on stacks
34. Running code on heaps
35. Creating PIE (Position Independent Executable)
36. Writing synchronized methods in C++
37. Creating singletons in C++
38. Understanding g++’s exceptions (throw)
39. Understanding g++’s exceptions (SjLj)
40. Understanding g++’s exceptions (DWARF2)
41. Understanding runtime cost of g++’s exceptions

Chapter 4. Secure Programming Hacks

42. Introduction to GCC secure programming
43. Using “-ftrapv” to detect integer overflows
44. Using “Mudflap” to detect buffer overflows
45. Using “-D_FORTIFY_SOURCE” to detect buffer overflows
46. Using “-fstack-protector” to protect stacks
47. Why you should use unsigned constants to do bitmask
48. Why big shift operations are dangerous
49. Why you should care difference between 0 and NULL on 64-bit systems
50. Thread-safe functions defined by POSIX
51. Writing signal handlers in a safe manner
52. Using “sigwait” to process async signals synchronously
53. Using “sigsafe” to write signal processing safely
54. Using “Valgrind” to detect memory leaks
55. Using “Valgrind” to detect invalid memory access
56. Using “Helgrind” to debug multi-threaded programs
57. Using “fakeroot” to run programs with fake root privilege

Chapter 5. Runtime Hacks

58. How programs reach main()
59. How system calls are called
60. Using “LD_PRELOAD” to switch shared libraries
61. Using “LD_PRELOAD” to wrap existing functions
62. Using “dlopen” to do dynamic linking
63. Showing backtraces with C programs
64. Checking running process’s absolute path
65. Checking loaded shared libraries of running programs
66. Checking memory maps of running programs
67. Using “libbfd” to list symbols
68. Demangling C++ symbols at runtime
69. Using “ffcall” to call functions with dynamic signatures
70. Using “libdwarf” to get debug information
71. Using “dumper” to pretty-print struct variables
72. How to load object files yourself
73. Using “libunwind” to control call chains
74. Using “GNU lightning” to generate code in a portable manner
75. Getting addresses of stacks
76. Using “sigaltstack” to handle stack overflows
77. Hooking entering and exiting of functions
78. Modifying contexts of programs in signal handlers
79. Getting values of program counters
80. Rewriting your programs at runtime
81. Using “SIGSEGV” to validate accessibility of addresses
82. Using “strace” to trace system calls
83. Using “ltrace” to trace function calls in shared libraries
84. Using “Jockey” to record and replay programs
85. Using “prelink” to improve programs starting up time
86. Using ‘livepatch” to patch running programs

Chapter 6. Profilers and Debuggers Hacks

87. Using “gprof” to profile programs
88. Using “sysprof” to profile systems very easily
89. Using “oprofile” to profile systems
90. Using “GDB” to control running programs
91. Using debugging support of hardware
92. Setting break points in your C programs

Chapter 7. Misc Hacks

93. How Boehm GC works
94. Why you should be careful about memory ordering of processors
95. Light-weight concurrent processing with PCL (Portable Coroutine Library)
96. Counting clock counts of CPUs
97. How floating numbers are expressed in bits
98. What’s special about x86’s floating numbers instructions
99. Raising signals for operations resulting infinite or NAN.
100. Further reading

Author: Justin Soo