Reading instructions to learn x86 assembly in 2013

To be able to recognize C code structures in assembly you need to know assembly. The hardest part of learning assembly in 2013 is actually to find good reading material. I know because I spent two years teaching myself assembly and I read a lot of utterly useless books, for example the 1.700 page long book from Randal Hyde called “The Art of assembly”. Below I present a handpicked list of reading material, starting from beginner to advance.

1.     Lena151 assembly guide. This is actually one thing that is good with Lena’s tutorials as it shows you the most basic parts and is only 20 pages long!

2.     The 200 first pages of the old book “Assembly Language Step-by-Step: Programming with DOS and Linux” by Jeff Duntemann. This is a must read. If you don’t read this, you’ll extend the learning curve by years. The way Duntemann ties assembly programming to the inner workings of computer systems and CPUs is just amazing.

3.     The following chapters in Eldad Eilams book “Reversing – Secrets of Reverse Engineering”. Read these chapters in the order I present them

1.       Appendix A – Deciphering Code Structures

2.       Appendix B – Understanding Compiled Arithmetic

3.       Chapter 2 – Low Level Software

4.       Chapter 3 – Windows Fundamentals

That makes about 250 pages in Eldad’s book and you should quite honestly never waste your time by reading the rest of his book as he dives into hands on approaches but uses terrible reverse engineering examples.

4.     All chapters in “Part 2 – Advanced Static Analysis” from the book “Practical Malware Analysis” by No Starch Press.

1.       Chapter 4 – A Crash Course in x86 Disassemby

2.       Chapter 5 – IDA Pro

3.       Chapter 6 – Recognize C Code Constructs in Assembly

4.       Chapter 7 – Analyze Malicious Windows programs

The four mentioned chapters take up less than 100 pages of the book. Practical Malware Analysis is however a great book written by some of the best in the industry and should be read cover to cover later on but for a beginner these chapters are enough.

That is the reading suggested for newbies in both reverse engineering and assembly. If you want to be a more advanced reverser there is some more reading that really needs to be done.

5.     Wrox Professional Assembly Language - A great book. Covers most features you already read about a little deeper. Great to read for repeating and fortifying your knowledge base.

6.     Intel Software developers manual is around 4000 pages of which the majority is must read. I have read the following parts

1.     Volume 1, “Basic architecture” explains the basics of Intel CPU’s. It lets you know more about features such as MMX instruction set extensions. This part is a little more than 500 pages and contains 15 chapters. Again, it is an introduction and basics volume, the more advanced version is Volume 3, “System Programming Guide”.

2.     Volume 3, “System Programming Guide” is an absolute must, especially for reversers. It is critical for a reverser to know the protection system (ring 0 to 4), Interrupt and exception handling, Debugging instructions, Virtual Machine control instructions and so on. This volume is around 1600 and it is very good to read it cover to cover at least once.

No doubt you will find very skilled reverse engineers or programmers who will tell you they never read any of these documents and especially not Intel Software Developers Manual. Most reversers only use it when they need to look up opcodes or which flags are set by which instruction.

But many of these people have picked up the same knowledge from other sources during a lifetime of programming, or they simply lack this knowledge.

These days the rapid development of IT forces newbies to take shortcuts. The world needs more and better reverse engineers now, not in twenty years. If you follow these reading suggestions, you decrease your learning time into 1-1,5 years.

Happy hacking!
/Ani