book

Heavy Wizardry 101

Name: Heavy Wizardry 101
Author: David Martínez Oliveira
ISBN: 9781718504424

by David Martínez Oliveira

June 2026

Beginner to intermediate

464 pages

11h 55m

English

No Starch Press

Read now

Unlock full access

Cover Page
Title Page
Copyright Page
Dedication Page
About the Author
About the Technical Reviewer
BRIEF CONTENTS
CONTENTS IN DETAIL
ACKNOWLEDGMENTS
INTRODUCTION
About This BookWho This Book Is ForThe ApproachWhat You’ll NeedWhat’s in the Book

PART I: INTO THE MACHINE: AWAKENING CODE SPELLS
1. SPELL OF THE BINARY ORACLE: WHEN HARDWARE WHISPERS IN OPCODES
A Computer as a StackFrom the Bottom UpFrom the Top DownThe Simplest Computer in the WorldThe MemoryThe CPUA Complete Computer ModelHow Programs WorkWriting Your First ProgramRunning Your First ProgramYour First C ProgramAssembling Your First Program for Different ProcessorsARMMIPSRISC-VSummary
2. SPELL OF ESSENCE: DISTILLING C TO ITS PRIMORDIAL ASM
Your First Real ASM ProgramProducing Your First BinaryCompiling and Linking the ProgramInteracting with the OS Through System CallsFrom C Down to ASMDissecting the C CodeUsing _start vs. mainGenerating Static vs. Dynamic BinariesGetting Rid of libcAvoiding an Executable StackAren’t Those Binaries Too Big?A Closer Look at the LinkerCustomizing Default Values with Linker FlagsCompiling and Linking C Programs SeparatelyBuilding ASM Programs Using libcHandling Standard Libraries and Start FilesSystem Call Conventions Across Architecturesx86_64ARM32AArch64MIPS32MIPS64RISC-VSummary
3. SPELL OF REBIRTH: TRANSMUTING GREETINGS INTO SHELLCODE
Representing InformationBits, Bytes, Words, and BeyondProcessor Native Word SizesDecimal, Binary, Hexadecimal, and MoreNegative NumbersText StringsA Closer Look at MemoryA Simplified Hardware Memory ModelNative Word Size and Memory AlignmentLittle vs. Big Endian“Hello, World!” in ASMLabels and Assembler CommandsPointers“Hello, World!” in CUsing the GNU DebuggerDeclaring Pointers in CWriting Your First Shellcodex86_64ARM32A Short Digression on Addressing ModesAArch64MIPS32MIPS64RISC-VSummary
4. SPELL OF THE OVERFLOWING FRAME: MASTERING STACK SECRETS
An Overview of StacksHow Stacks Are ImplementedHow Stacks Are UsedThe Basics of FunctionsFunction Support in AssemblyParameters and Return ValuesThe Stack FrameFunction Prologues and EpiloguesDo We Need the Stack Frame?What Else Happens When You Leave a Function?Local VariablesDeclaration vs. InitializationFunction ParametersBuffer OverflowsCreating a Vulnerable ProgramInstrumenting the BinaryTriggering an OverflowWriting Your First ExploitARM32 FunctionsSimple Local VariablesLocal Buffers and CanariesAArch64 FunctionsSimple Local VariablesLocal Buffers and CanariesMIPS FunctionsSimple Local VariablesLocal Buffers and CanariesRISC-V FunctionsSimple Local VariablesLocal Buffers and CanariesSummary
5. SPELL OF THE UNDEAD: WRITING A REPL TO ANIMATE A BOTNET
A REPL in CArraysLoopsConditionalsA REPL for x86_64Your First LibraryThe REPLJump InstructionsProcessor FlagsBuffer InitializationString InstructionsA REPL for ARMJump InstructionsFlags and ConditionsBuffer InitializationA REPL for AArch64Jump InstructionsBuffer InitializationA REPL for MIPSJump InstructionsBuffer InitializationA REPL for RISC-VJump InstructionsBuffer InitializationCreating a Minimal BotnetThe C2 REPLThe Zombie REPLDeploymentSummary
PART II: ONTO THE NETWORK: UNVEILING MYSTIC GATEWAYS
6. VEIL OF SHADOWS: UNLOCKING HIDDEN BACKDOORS
How Backdoors WorkA Brief Networking PrimerTypes of Network ConnectionsSocketsThe Network and Transport LayersWriting a Minimal Backdoor in CCreating a SocketManipulating File DescriptorsLaunching a ShellCovering Your TracksDetecting the BackdoorWriting Your First x86_64 ASM BackdoorPreparing the Backdoor for the Target SystemMaking the Backdoor SmallerAdapting the Backdoor for Other ProcessorsARMMIPSRISC-VSummary
7. VEIL OF ASH: THE DROPPER THAT LEAVES NO FLAME BEHIND
Creating a Dropper Using Existing ToolsWriting a Dropper in CWorking with a Build SystemAutomating the Dropper TasksAvoiding Forensic AnalysisWriting to a RAM DiskWriting to Memory with memfd_createRunning from Memory with fexecveAdapting the Dropper to Assemblyx86_64MIPSARMRISC-VA Real-World DropperSummary
PART III: THROUGH THE NETWORK: CASTING CRAWLERS
8. CASTING THE TWIN SERPENT: SUMMONING A TWO-HEADED WORM
How Mobile Agent Systems (and Worms) WorkImplementing a Remote Shellcode ExecutorConfiguring the ServerAccepting ConnectionsRunning a ShellcodeTesting the Shellcode Execution ServiceSimulating a Target NetworkSetting Up Test MachinesCreating a Virtual NetworkStarting the Test EnvironmentCoding a File Transfer ServerPreparing the File for TransferServing the FileDesigning an Agent or WormCreating the Worm PayloadGetting a List of Target MachinesConnecting to the Target MachinesWriting a Two-Stage WormDeploying the WormExtending the Test EnvironmentLaunching the Test NetworkStarting the File ServerCreating the Initiator MachineRunning the WormTroubleshootingHow Worms Can Go WrongPacket StormsRace ConditionsSummary
9. CASTING THE LONE STRAND: SINGLE-STAGE WORMCRAFT
From Two Stages to OneThe x86_64 WormThe PayloadThe Vulnerable MachinesThe Main LoopThe ARM WormThe PayloadThe Vulnerable MachinesThe Main LoopThe MIPS WormThe PayloadThe Vulnerable MachinesThe Main LoopThe RISC-V WormThe PayloadThe Vulnerable MachinesThe Main LoopSummary
10. CASTING THE LOST HOSTS: CONJURING NETWORK SCANNERS
Why We Need a Network ScannerWriting a Port Scanner in CGetting the Current IP Address and NetmaskCalculating the Scope of the ScanPerforming the ScanSpeeding Up the ScannerBlocking vs. Non-Blocking I/OA Non-Blocking Scanning LoopAdapting the Port Scanner for x86_64Getting the Current IP Address and NetmaskCalculating the Scope of the ScanPerforming the ScanAdapting the Port Scanner for Other PlatformsARMMIPSRISC-VSummary
APPENDIXES: THE FORGE
A. THE SORCERER’S FORGE: PREPARING YOUR WORKSHOP
Setting Up Your Development EnvironmentUpdating Your EnvironmentRunning Binaries
B. SECRETS OF THE FORGE: ARCANE TRICKS FOR LOW-LEVEL TOOLS
GNU Assembler TricksIntel SyntaxThe lea Instruction on x86_64Delay SlotsGNU Debugger TricksConfiguring the Debugger for Individual ProjectsCustomizing the DisassemblerChanging the Default SyntaxDumping DataTracking ForksDebugging Programs with qemuCompilation TricksRISC-V ExtensionsUseful gcc FlagsFunction Prototypes and Warningsobjdump TricksDumping Code in Intel SyntaxShowing Real Codeobjcopy TricksManipulating ELF SectionsManipulating SymbolsAppending FilesRunning Binaries with binfmt_miscProducing Minimal ELF BinariesHandcrafting ELFs with nasmHandcrafting ELFs with the GNU AssemblerSymbol Resolution and RelocationQuick Reference Tables
C. THE SORCERER’S ANVIL: FULL SPELLCRAFT LISTINGS
The Complete x86_64 Worm Source CodeThe Complete ARM Worm Source CodeThe Complete MIPS Worm Source CodeThe Complete RISC-V Worm Source Code
INDEX

Content preview from Heavy Wizardry 101

7VEIL OF ASH: THE DROPPER THAT LEAVES NO FLAME BEHIND

A wizard raises his hands over a swirling crystal ball, which sits atop a book with binary code on the spine.

In the last chapter, we wrote our first network application, a backdoor. In this chapter, we’ll extend that application to create a dropper, a small program whose goal is to deploy some other program on a target system. In the process, we’ll discuss techniques for avoiding forensic analysis by dropping programs into memory rather than onto the hard disk.

Droppers are traditionally associated with the installation and deployment of malware, but they don’t have to be malicious. Thinking broadly, the typical dropper is just a file transfer program, a program that copies data over a network. ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Publisher Resources

ISBN: 0642572230272Errata Page

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills

Heavy Wizardry 101

by David Martínez Oliveira

7VEIL OF ASH: THE DROPPER THAT LEAVES NO FLAME BEHIND

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.