, establishes the overall process and methodology of analyzing malware.

, teaches ways to get information from an executable without running it.

, walks you through setting up virtual machines to use as a safe environment for running malware.

, teaches easy-to-use but effective techniques for analyzing a malicious program by running it.

, “A Crash Course in x86 Assembly,” is an introduction to the x86 assembly language, which provides a foundation for using IDA Pro and performing in-depth analysis of malware.

, shows you how to use IDA Pro, one of the most important malware analysis tools. We’ll use IDA Pro throughout the remainder of the book.

, provides examples of C code in assembly and teaches you how to understand the high-level functionality of assembly code.

, covers a wide range of Windows-specific concepts that are necessary for understanding malicious Windows programs.

, explains the basics of debugging and how to use a debugger for malware analysts.

, shows you how to use OllyDbg, the most popular debugger for malware analysts.

, covers how to use the WinDbg debugger to analyze kernel-mode malware and rootkits.

, describes common malware functionality and shows you how to recognize that functionality when analyzing malware.

, discusses how to analyze a particularly stealthy class of malicious programs that hide their execution within another process.

, demonstrates how malware may encode data in order to make it harder to identify its activities in network traffic or on the victim host.

, teaches you how to use malware analysis to create network signatures that outperform signatures made from captured traffic alone.

, explains how some malware authors design their malware so that it is hard to disassemble, and how to recognize and defeat these techniques.

, describes the tricks that malware authors use to make their code difficult to debug and how to overcome those roadblocks.

, demonstrates techniques used by malware to make it difficult to analyze in a virtual machine and how to bypass those techniques.

, teaches you how malware uses packing to hide its true purpose, and then provides a step-by-step approach for unpacking packed programs.

, explains what shellcode is and presents tips and tricks specific to analyzing malicious shellcode.

, instructs you on how C++ code looks different once it is compiled and how to perform analysis on malware created using C++.

, discusses why malware authors may use 64-bit malware and what you need to know about the differences between x86 and x64.

, briefly describes Windows functions commonly used in malware.

, lists useful tools for malware analysts.

, provides the solutions for the labs included in the chapters throughout the book.