No source code? No problem. With IDA Pro, you livein a source code-optional world. IDA can automaticallyanalyze the millions of opcodes that make up an executableand present you with a disassembly. But at thatpoint, your work is just beginning. With The IDA Pro Book,you'll learn how to turn that mountain of mnemonics intosomething you can actually use.
Hailed by the creator of IDA Pro as the "long-awaited"and "information-packed" guide to IDA, The IDAPro Book covers everything from the very first stepsto advanced automation techniques. While otherdisassemblers slow your analysis with inflexibility,IDA invites you to customize its output for improvedreadability and usefulness. You'll save time and effortas you learn to:
Identify known library routines, so you can focus your analysis on other areas of the code
Extend IDA to support new processors and filetypes, making disassembly possible for new or obscure architectures
Explore popular plug-ins that make writing IDA scripts easier, allow collaborative reverse engineering, and much more
Utilize IDA's built-in debugger to tackle obfuscated code that would defeat a stand-alone disassembler
You'll still need serious assembly skills to tackle thetoughest executables, but IDA makes things a lot easier.Whether you're analyzing the software on a blackbox or conducting hard-core vulnerability research, amastery of IDA Pro is crucial to your success. Take yourskills to the next level with The IDA Pro Book.
INTRODUCTION TO IDA
Chapter 1 INTRODUCTION TO DISASSEMBLY
Disassembly Theory
The What of Disassembly
The Why of Disassembly
The How of Disassembly
Summary
Chapter 2 REVERSING AND DISASSEMBLY TOOLS
Classification Tools
Summary Tools
Deep Inspection Tools
Summary
Chapter 3 IDA PRO BACKGROUND
Hex-Rays' Stance on Piracy
Obtaining IDA Pro
IDA Support Resources
Your IDA Installation
Thoughts on IDA's User Interface
Summary
BASIC IDA USAGE
Chapter 4 GETTING STARTED WITH IDA
Launching IDA
IDA Database Files
Introduction to the IDA Desktop
Desktop Behavior During Initial Analysis
IDA Desktop Tips and Tricks
Reporting Bugs
Summary
Chapter 5 IDA DATA DISPLAYS
The Principal IDA Displays
Secondary IDA Displays
Tertiary IDA Displays
Summary
Chapter 6 DISASSEMBLY NAVIGATION
Basic IDA Navigation
Stack Frames
Searching the Database
Summary
Chapter 7 DISASSEMBLY MANIPULATION
Names and Naming
Commenting in IDA
Basic Code Transformations
Basic Data Transformations
Summary
Chapter 8 DATATYPES AND DATA STRUCTURES
Recognizing Data Structure Use
Creating IDA Structures
Using Structure Templates
Importing New Structures
Using Standard Structures
IDA TIL Files
C++ Reversing Primer
Summary
Chapter 9 CROSS-REFERENCES AND GRAPHING
Cross-References
IDA Graphing
Summary
Chapter 10 THE MANY FACES OF IDA
Console Mode IDA
Using IDA's Batch Mode
GUI IDA on Non-Windows Platforms
Summary
ADVANCED IDA USAGE
Chapter 11 CUSTOMIZING IDA
Configuration Files
Additional IDA Configuration Options
Summary
Chapter 12 Library Recognition Using FLIRT Signatures
Fast Library Identification and Recognition Technology
Applying FLIRT Signatures
Creating FLIRT Signature Files
Summary
Chapter 13 Extending IDA's Knowledge
Augmenting Function Information
Augmenting Predefined Comments with loadint
Summary
Chapter 14 PATCHING BINARIES AND OTHER IDA LIMITATIONS
The Infamous Patch Program Menu
IDA Output Files and Patch Generation
Summary
EXTENDING IDA'S CAPABILITIES
Chapter 15 SCRIPTING WITH IDC
Basic Script Execution
The IDC Language
Associating IDC Scripts with Hotkeys
Useful IDC Functions
IDC Scripting Examples
Summary
Chapter 16 THE IDA SOFTWARE DEVELOPMENT KIT
SDK Introduction
The IDA Application Programming Interface
Summary
Chapter 17 THE IDA PLUG-IN ARCHITECTURE
Writing a Plug-in
Building Your Plug-ins
Plug-in Installation
Plug-in Configuration
Extending IDC
Plug-in User Interface Options
Summary
Chapter 18 BINARY FILES AND IDA LOADER MODULES
Unknown File Analysis
Manually Loading a Windows PE File
IDA Loader Modules
Writing an IDA Loader
Alternative Loader Strategies
Summary
Chapter 19 IDA PROCESSOR MODULES
Python Byte Code
The Python Interpreter
Writing a Processor Module
Building Processor Modules
Customizing Existing Processors
Processor Module Architecture
Summary
REAL-WORLD APPLICATIONS
Chapter 20 COMPILER VARIATIONS
Jump Tables and Switch Statements
RTTI Implementations
Locating main
Debug vs. Release Binaries
Alternative Calling Conventions
Summary
Chapter 21 OBFUSCATED CODE ANALYSIS
Anti–Static Analysis Techniques
Anti–Dynamic Analysis Techniques
Static De-obfuscation of Binaries Using IDA
Summary
Chapter 22 VULNERABILITY ANALYSIS
Discovering New Vulnerabilities with IDA
After-the-Fact Vulnerability Discovery with IDA
IDA and the Exploit-Development Process
Analyzing Shellcode
Summary
Chapter 23 REAL-WORLD IDA PLUG-INS
Hex-Rays
IDAPython
IDARub
IDA Sync
collabREate
ida-x86emu
mIDA
Summary
THE IDA DEBUGGER
Chapter 24 THE IDA DEBUGGER
Launching the Debugger
Basic Debugger Displays
Process Control
Automating Debugger Tasks
Summary
Chapter 25 DISASSEMBLER/DEBUGGER INTEGRATION
Background
IDA Databases and the IDA Debugger
Debugging Obfuscated Code
Summary
Chapter 26 LINUX, OS X, AND REMOTE DEBUGGING WITH IDA
Chris Eagle is a Senior Lecturer and Associate Chairman of Computer Science at the Naval Postgraduate School in Monterey, CA. He is a co-author of Gray Hat Hacking and has spoken at numerous security conferences, including Blackhat, Defcon, Toorcon, and Shmoocon. Along with his team, the Sk3wl0fR00t, he is a past winner of the Defcon Capture the Flag hacking competition.
IDA Pro is a comprehensive disassembler that may be the most powerful available. Because of the vast number of options and features of IDA, it can be difficult to use. Fortunately, "The IDA Pro" book explains the basic operation of IDA Pro, more advanced topics, extending IDA, and using IDA in code analysis.
The book starts by explaining how disassemblers work and different types of disassembly. This is welcome since disassembly is a complicated topic.
Various tools are discussed to give the reader an idea of how to get started examining a program. Then the fun begins. IDA Pro is covered starting with available versions and how to install IDA Pro.
Once installed, the author describes how IDA Pro tools are put into the directories then gets into using IDA to perform basic disassembly. Each major display of IDA is covered, which is great since there are many. IDA shows large amounts of information while running and this information is organized into various windows that the user can show or hide. The IDA Pro books gives examples of each window. The reader can follow along.
IDA navigation is covered including searching the disassembled code, working with the stack, and navigating through the various displays and features.
IDA Pro can allow the user to change the executable. This topic is covered in chapter 7 then the book moves onto advanced topics. IDA has many advanced features. The book explains how to use IDA to graph program execution and watch complex data structures, arrays, header files, and objects.
The IDA Pro book goes beyond IDA usage in the second half. It covers advanced disassembly techniques then moves into scripting IDA to automate and customizing disassembly functionality. IDA plugins can also be used to help extend IDA and these have a chapter to themselves.
No stone is left unturned. The features in IDA are vast but the The IDA Pro book does a solid job of covering them all in one comprehensive place. This book is a must have for those using IDA. It is almost certainly the most complete guide available and one of the few coverages that are in print.
