Tuesday, June 23, 2009

Review: Gray Hat Python

216 pages, a title of 'Gray Hat Python' and a table of contents with subjects such as 'design and program your own debugger', 'learn how to fuzz windows drivers', 'create powerful fuzzers from scratch', DLL injection, hooking, malware analysis. My first impression was that it must be really niche, hardcore and not for me.

You'd think that the book would appeal to only a subgroup of security professionals or software engineers given the subject matter. The small book also suggests that there would not be much space left to explain the matter to people who are not experts.

First impressions are often wrong.

In my opinion this book is a must for all people who deal with security on a technical level. The book is also interesting for programmers who want to learn more about debuggers and other low level aspects. People who want to learn some new tricks in Python will probably like the book as well. But all these people don't have to be experts to enjoy this book. There are a few ways you can read this book as it was clearly written with a few different levels of perspective in mind.

For example, you can learn about the inner workings of a debugger without actually understanding the Python code. All topics are first clearly explained on a conceptual level. After that Python code is used for implementation. You will get introduced to the Python code gradually, in the beginning each program is short and basic and the most important lines are highlighted and explained. After that more functionality gets added and further explanations follow.

Though the book deals with quite a wide variety of subjects, they all have a low-level debugging aspect. This makes that it is interesting for both security oriented people and developers. It's all about basic, low level techniques. And most of them can be used both for making and breaking stuff.

Given the subject matter and size of the book, clearly some things had to be left out. One of the things this book left out was implementation of the debugger on operating systems other then Windows. I think it was a good choice since Windows is still the platform on which most debugging and reversing takes place. Also, Windows offers a few API functions that make it easier to do debugging. This abstraction was used well to keep things understandable and short while still offering a good picture of what makes a debugger tick. Especially the chapter on debuggers contains loads of references for people who want to explore further. But I missed a few references for debugger implementation on other operating systems.

The only drawback was that there seemed to be some errors in some code listings. Unfortunately, there is no errata section on this book's website yet (24-jun-2009). This can make getting the example code to run a challenge for non Pythonians.

All in all, this is a very cool and unique book for all people who want to take a deeper look.


  1. Posts like this make me pine for my former career covering information security. Glad the publishing end is still producing decent work.

  2. This comment has been removed by the author.