Gray Hat Python: Python Programming for Hackers and Reverse Engineers

Author: Justin Seitz
Publisher: No Starch Press, 2009
Pages: 232
ISBN: 978-1593271923
Aimed at: Python programmers with an interest in security
Rating: 4
Pros: Good coverage of debugging
Cons: Emphasis on hacking misplaced
Reviewed by: Mike James

Any book "for Hackers" has a promise of being exciting and dangerous. Reverse engineering however is quite the opposite - it's hours and hours of tedium to deduce something that gets you hardly anywhere. So is the book exciting or dull? The answer is neither. It’s a fairly low key account of low level programming using Python.

Why Python? Well the answer seems to be that there is a library that allows you to make C-like calls to almost any API. So a good proportion of the early part of the book is about mapping Python to C-like facilities mostly using the ctypes module.

At this point you have to wonder why not use C instead of Python. The obvious answer is that Python is interpreted and hence easier and more immediate than C and there are lots of "neat" additional facilities available in Python in an easy to use form. There isn’t anything that makes Python particular suited to hacking or reverse engineering.

The bulk of the book, and it’s a fairly slim book, is all about the implementation and workings of a debugger written in Python. Most of this is about the use of the Windows debugging API, which is more or less the same in any language.  As such it is a good introduction to general ideas, even if Python isn't your strong point. However, there are lots of difficulties in understanding the explanations if you don’t know much about the way the processor and general hardware works. The book does give a sketchy outline of registers, addressing and so on but you might well feel left behind unless you already know some of this stuff. If you do then you will get a lot out of this discussion and gain some insight into how debuggers work and in particular how the immunity debugger works.

From this point the book moves on to topics such as hooking and fuzzing, fuzzing drivers in particular. It is all interesting stuff but none of it is particularly subversive in the hacking sense. It's more about finding bugs with perhaps the implication that there might be something that can be done to exploit the bug - but exactly what is left to the reader to imagine. If the reader is indeed following the explanations then they should be able to find such uses! Equally however the ideas could lead on a deeper understanding of what is going on and to the trapping and elimination of obscure bugs.

I always think that it is a shame that such interesting information has to be dressed up in this way. The book isn't particularly about excellence in Python but reading it is obviously easier if you know the language. This isn't an essential book for the general programmer but it is good fun.

Last Updated ( Thursday, 30 July 2009 )