Cyber Shelf

// Comparison

Practical Reverse Engineering vs The Shellcoder's Handbook: Which Should You Read?

Two cybersecurity books on Reverse Engineering, compared honestly: who each is for, what each does best, and which to read first.

Advanced
4/52014
Practical Reverse Engineering

x86, x64, ARM, Windows Kernel, Reversing Tools, and Obfuscation

Bruce Dang, Alexandre Gazet, Elias Bachaalany

A working reverser's textbook from three Microsoft / Quarkslab veterans, covering the architectures and toolchain you'll actually meet on real targets, including the Windows kernel and modern obfuscation patterns.

Advanced
4/52007
The Shellcoder's Handbook

Discovering and Exploiting Security Holes

Chris Anley, John Heasman, Felix Lindner, Gerardo Richarte

A foundational text on memory-corruption exploitation across Linux, Windows, Solaris and embedded targets. Pre-modern-mitigations in spirit but still the canonical introduction to the techniques the modern toolchain is built to defeat.

Read this if

Reverse engineers transitioning from "I can read disassembly" to "I can audit a Windows kernel driver." The architecture-first companion to Practical Malware Analysis.
Readers committed to learning binary exploitation seriously, after they've already finished Hacking: The Art of Exploitation and want a multi-platform reference that goes deeper.

Skip this if

Beginners with no assembly background, or readers focused exclusively on Linux/userland. The book is heavy on Windows internals and assumes you'll do the exercises in WinDbg.
Anyone expecting modern (post-2010) mitigations or current heap allocators. The book pre-dates ASLR enforcement, modern heap hardening, CFI, and the entire arc of mitigations the modern toolchain assumes. It teaches the techniques modern systems are built to defeat.

Key takeaways

  • x86, x64, ARM, kernel-mode debugging, and anti-RE techniques in a single coherent volume; nothing else competes for breadth.
  • The kernel debugging chapters are the practical introduction the official Windows Internals book never quite delivers for security audiences.
  • Anti-RE coverage (obfuscation, packing, anti-debug, virtualization-based protection) is the bridge to modern malware analysis that PMA consciously skips.
  • The Windows exploitation chapters are still the best print introduction to the SEH/PE-format-specific mechanics that don't exist in Erickson.
  • The heap chapters teach the conceptual vocabulary (unlinking, frontlinking, magic values, freelists) you need to read modern CTF write-ups, even though the specific allocators have moved on.
  • The "track patches, don't track exploits" chapter is the most underrated piece of vulnerability-research advice in print.

How they compare

Practical Reverse Engineering and The Shellcoder's Handbook are both rated 4/5 in our catalog. Pick by topic preference and reading style rather than by rating.

Both books target advanced-level readers, so the choice is about topic, not difficulty.

Practical Reverse Engineering and The Shellcoder's Handbook both cover Reverse Engineering, so reading them in sequence reinforces the same material from different angles.

Keep reading

Practical Reverse Engineering

Alternatives to Practical Reverse EngineeringWhat to read after Practical Reverse Engineering

The Shellcoder's Handbook

Alternatives to The Shellcoder's HandbookWhat to read after The Shellcoder's Handbook

Related topics

Reverse Engineering