Chapter 34 Further Reading: Reverse Engineering
Essential References
"The Art of Exploitation" by Jon Erickson (2nd edition) The classic text that bridges assembly, exploitation, and reverse engineering from first principles. Chapter 1's debugging section and Chapter 2's exploitation foundation make it required reading for anyone in the security/RE space. Includes hands-on exercises on a provided Linux environment.
"Practical Malware Analysis" by Sikorski and Honig The definitive textbook on malware analysis using RE techniques. Covers static analysis, dynamic analysis, anti-RE techniques, and specific malware categories. The labs provide real (sanitized) malware samples for practice. Used in university security courses worldwide.
"Reversing: Secrets of Reverse Engineering" by Eilam A comprehensive, foundational RE text. Covers Win32 PE format deeply (useful even on Linux for cross-platform work), calling conventions, OOP patterns in assembly, and advanced topics like self-modifying code. The chapters on recognizing compiler output are especially valuable.
Tool Documentation
Ghidra User Guide and API Documentation
https://ghidra-sre.org/ — The official NSA/NSF documentation. The "Getting Started" guide covers the essential workflow. The Ghidra scripting API (Python and Java) is documented in the Help → Contents menu within the tool. Ghidra's source code is on GitHub.
IDA Pro Book by Chris Eagle (2nd edition) The definitive guide to IDA Pro, which also covers concepts applicable to IDA Free. The chapters on cross-references, data types, and the IDA disassembly representation apply regardless of whether you have the full commercial version.
radare2 Book
https://book.rada.re/ — The official free online book for radare2. Covers the command interface, scripting with Python/JavaScript (via r2pipe), and binary analysis. The learning curve is steep but the investment pays off for scripted analysis work.
Online Resources
godbolt.org (Compiler Explorer)
The essential tool for understanding what compilers do with C code. Write C in one pane, see the assembly output in another, across dozens of compilers and optimization levels. Invaluable for learning to recognize compiler patterns and for verifying your reconstructed C against the original.
https://godbolt.org/
pwn.college
ASU's cybersecurity education platform with free, structured assembly and reverse engineering challenges. The "Reverse Engineering" and "Program Security" modules are directly relevant to this chapter. Provides a browser-based Linux environment.
https://pwn.college/
CTFtime.org
The central hub for CTF competition listings. The "rev" (reverse engineering) and "pwn" (exploitation) categories are directly relevant. Past challenge writeups are searchable and are an excellent learning resource — reading how others solved challenges reveals techniques you would not discover independently.
https://ctftime.org/
Academic Papers
"SoK: Eternal War in Memory" (IEEE S&P 2013) by Szekeres et al. A systematic survey of memory corruption vulnerabilities and mitigations. Provides the conceptual framework for understanding the vulnerability-mitigation arms race. Available free online. Required reading for anyone working in memory safety.
"Control-Flow Integrity" (CCS 2005) by Abadi et al. The foundational paper for CFI, the mitigation discussed in Chapter 36. Understanding the original problem statement and proposed solution contextualizes every subsequent CFI development (Clang CFI, Intel CET, etc.).
Communities and Learning
Reverse Engineering Stack Exchange
https://reverseengineering.stackexchange.com/
High-quality Q&A on RE tools, techniques, and specific analysis questions. Well-curated and specific. If you encounter a tool behavior you do not understand, this is the place to ask.
OALabs YouTube Channel and Blog Practical malware analysis tutorials using Ghidra, x64dbg, and other tools. Videos demonstrate real-world RE workflows on real (sanitized) samples. The channel bridges textbook knowledge and professional practice better than most resources.
Malware Traffic Analysis (malware-traffic-analysis.net) Practice files for network-focused malware analysis. While primarily focused on network traffic, the corresponding binary samples provide RE practice material with known ground truth.