An Introduction to Software Reverse Engineering

I've worked hard about 1.5 years writing a complete book about Software Reverse Engineering. by now about 75% of the book is done(about 650 pages). the following list is a brief Table of Contents. Any Comments, Suggestions,Corrections about the topics and book structure is
welcome. I'll be very pleased if you send me your ideas about it.
(Bold topics had done by now)

An Introduction to Software Reverse Engineering

Chapter 1 (Introduction)
___.What is reverse engineering
______.Reversing samples in other fields
___.Conditions (Who, What And Why)
___.Some Usages (Legal and Illegal)

Chapter 2 (Analysis)
___.Introduction
___.Compilation Process
___.Execuatable files properties(Different Compilers)
___.Static Analysis
______.Detemining the compiler
______.Import Table Analysis
______.Resources
______.PE structure Analysis
___.Dynamic Analysis
______.Analysing Process properties
______.Modules
______.Threads
______.Process Memory
______.Handles
______.Tracking File activities
______.Tracking Registry activities
______.Tracking Hardware ports activities
______.Tracking Network activities
_________.Introduction
_________.Network Connections
_________.Sniffing
_________.Packet Sniffers
______.Tracking API functions.
_________.API Spying techniques
_________.Reporting
_________.Parameters modification
_________.System wide API hooking

Chapter 3 (Decompiling)
___.Disassemblers
___.Code Analysers
___.Reading Disassembled Codes
______.Introduction
______.High level compiling structures
_________.Loops
_________.Cases
_________.Functions
_________.Objects
_________.Variables
______.Decompilation
_________.Introduction
_________.Usages
_________.Decompilers
____________.VB
____________.Delphi/CBuilder
____________.JAVA
____________.C/C++
____________.Foxpro

Chapter 4 (Debugging)
___.Introduction
___.Debugging concepts
___.How to start
___.User Mode Debuggers
______.Complete OllyDBG tUtorial
___.Kernel Mode Debuggers
______.Complete SoftICE tUtorial

Chapter 5 (Modifications)
___.Resource Modifications
______.VC++
______.VB
______.Delphi/CBuilder
___.PE Strucrures Modifications
___.Code Modification techniques
______.Static
_________.Changing Opcodes
_________.Using caves
_________.Adding sections
______.Runtime
_________.DLL/Code injection
_________.Process Memory patching
_________.API redirection

Chapter 6 (Extracting & Using Executable Codes)
___.Using code injection techniques
___.Function analysiz
______.Dependency Analysis
______.Jumps and Calls
___.Making the output
______.Attaching extracted codes
______.Static Linking
___.Adding sections

Chapter 7 (How to protect)
___.Introduction
___.How to make reverse engineering harder
___.Packing

Chapter 8 (Manual Unpacking)
___.Introduction
___.Memory Dumping
___.User mode
___.Ring 0
___.Finding EIP
___.Recovering Import/Export Tables
___.Samples

Chapter 9 (Uncovering Undocumented functions)
Chapter 10 (.NET Reverse Engineering)
Chapter 11 (Some real world samples)
Appendix 1 (Programming with Win32 ASM)
Appendix 2 (Windows NT Kernel Mode Programming)

This actually seems to be an exceptionally well thought out and complete book. I tried very hard to find ommisions or bad structuring etc. but came up pretty empy handed.

Hopefully the book will have more than just an impressive contents list and actually have some well written material to go along with it. I dearly hope so. Judging by the contents alone one can clearly see you have put a lot of effort and time into this so I'm very hopeful indeed.

Sorry not to have provided any constructive criticism or anything but just wanted to wish you good luck in completing it and show my interest and support.

I guess all I have left to say is when can we buy it?

It seems a little bit strange to me that only one paragraph is devoted to Disassemblers.IMHO IDA Pro deserves much more attention, because its a very powerfull tool and it is very bad documented. I think, chapters about its scripting language, making signatures, writing processor modules etc would be very interisting and useful. Also, why not to make a chapter about dongles and maybe license managers like Flex?

[Shub-Nigurrath]

well,
it sounds also very strange to me a complete lack of information about how to find/do/implement countermeasures..there are several solution not involving out-of-the-shelf readymande protections, like asprotect and friends: most of the times it enough to pay attention to how you write your code to avoid common also no simple cracks attacks.
At least a checklist for quality assurance for developers about code security is imho a must in a book on reversing..but it's up to you of course.

This is looking like a book I would buy!

The reversing background information looks very good. The one suggestion I would make is in Chapter 7 (How to protect). It is likely that most people interested in this book would be looking to unprotect software. You give them the mental tools to decompile, modify and rebuild but there does not seem to be alot of discussion around the target. The hardest thing I found when I started was understanding how serial number generation, key generation and other copy protection methods are implemented in the first place. Until I figured out what the targets were, I spent I alot of time spinning my wheels. An extended discussion of common protection systems would help alot.

Just My 2 Cents

WCFF

Very Nice I would buy your books!

It seems that this book is only about reverse engineering theory? I think that introducing some useful and powerful utilities is necessary.
And as A.V says, it's best to give crack methods about dongles and license managers (FlexLM, SentialLM, etc.).