The Ida Pro Book
by Eagle, ChrisEdition: 2nd
Format: Paperback
Pub. Date: 2011-07-11
Publisher(s): PENGUIN
Other versions by this Author
-
This Item Qualifies for Free Shipping!*
*Excludes marketplace orders.
List Price: $83.99
Buy New
Arriving Soon. Will ship when available.
$79.99
Buy Used
Arriving Soon. Will ship when available.
$59.99
Rent Book
Select for Price
eBook
We're Sorry
Not Available
How Marketplace Works:
- This item is offered by an independent seller and not shipped from our warehouse
- Item details like edition and cover design may differ from our description; see seller's comments before ordering.
- Sellers much confirm and ship within two business days; otherwise, the order will be cancelled and refunded.
- Marketplace purchases cannot be returned to eCampus.com. Contact the seller directly for inquiries; if no response within two days, contact customer service.
- Additional shipping costs apply to Marketplace purchases. Review shipping costs at checkout.
Summary
IDA Pro is a commercial disassembler and debugger used by reverse engineers to dissect compiled computer programs, and is the industry standard tool for analysis of hostile code. The IDA Pro Book provides a comprehensive, top-down overview of IDA Pro and its use for reverse engineering software. Author Chris Eagle, a recognized expert in the field, takes readers from the basics of disassembly theory to the complexities of using IDA Pro in real-world situations. Topics are introduced in the order most frequently encountered, allowing experienced users to easily jump in at the most appropriate point. Eagle covers a variety of real-world reverse engineering challenges and offers strategies to deal with them, such as disassembly manipulation, graphing, and effective use of cross references. This second edition of The IDA Pro Book has been completely updated and revised to cover the new features and cross-platform interface of IDA Pro 6.0. Other additions include expanded coverage of the IDA Pro Debugger, IDAPython, and the IDA Pro SDK.
Author Biography
Chris Eagle is a Senior Lecturer of Computer Science at the Naval Postgraduate School in Monterey, CA. He is the author of many IDA plug-ins and co-author of Gray Hat Hacking, and he has spoken at numerous security conferences, including Black Hat, Defcon, ToorCon, and ShmooCon.
Table of Contents
| Dedication | |
| Acknowledgments | |
| Introduction | |
| Introduction to IDA | |
| Introduction to Disassembly | |
| Disassembly Theory | |
| The What of Disassembly | |
| The Why of Disassembly | |
| The How of Disassembly | |
| Summary | |
| Reversing and Disassembly Tools | |
| Classification Tools | |
| Summary Tools | |
| Deep Inspection Tools | |
| Summary | |
| IDA Pro Background | |
| Hex-Rays' Stance on Piracy | |
| Obtaining IDA Pro | |
| IDA Support Resources | |
| Your IDA Installation | |
| Thoughts on IDA's User Interface | |
| Summary; Basic IDA Usage | |
| Getting Started with IDA | |
| Launching IDA | |
| IDA Database Files | |
| Introduction to the IDA Desktop | |
| Desktop Behavior During Initial Analysis | |
| IDA Desktop Tips and Tricks | |
| Reporting Bugs | |
| Summary | |
| IDA Data Displays | |
| The Principal IDA Displays | |
| Secondary IDA Displays | |
| Tertiary IDA Displays | |
| Summary | |
| Disassembly Navigation | |
| Basic IDA Navigation | |
| Stack Frames | |
| Searching the Database | |
| Summary | |
| Disassembly Manipulation | |
| Names and Naming | |
| Commenting in IDA | |
| Basic Code Transformations | |
| Basic Data Transformations | |
| Summary | |
| Datatypes and Data Structures | |
| Recognizing Data Structure Use | |
| Creating IDA Structures | |
| Using Structure Templates | |
| Importing New Structures | |
| Using Standard Structures | |
| IDA TIL Files | |
| C++ Reversing Primer | |
| Summary | |
| Cross-References and Graphing | |
| Cross-References | |
| IDA Graphing | |
| Summary | |
| The Many Faces of IDA | |
| Console Mode IDA | |
| Using IDA's Batch Mode | |
| Summary; Advanced IDA Usage | |
| Customizing IDA | |
| Configuration Files | |
| Additional IDA Configuration Options | |
| Summary | |
| Library Recognition Using FLIRT Signatures | |
| Fast Library Identification and Recognition Technology | |
| Applying FLIRT Signatures | |
| Creating FLIRT Signature Files | |
| Summary | |
| Extending IDA's Knowledge | |
| Augmenting Function Information | |
| Augmenting Predefined Comments with loadint | |
| Summary | |
| Patching Binaries and Other IDA Limitations | |
| The Infamous Patch Program Menu | |
| IDA Output Files and Patch Generation | |
| Summary; Extending IDA's Capabilities | |
| IDA Scripting | |
| Basic Script Execution | |
| The IDC Language | |
| Associating IDC Scripts with Hotkeys | |
| Useful IDC Functions | |
| IDC Scripting Examples | |
| IDAPython | |
| IDAPython Scripting Examples | |
| Summary | |
| The IDA Software Development Kit | |
| SDK Introduction | |
| The IDA Application Programming Interface | |
| Summary | |
| The IDA Plug-in Architecture | |
| Writing a Plug-in | |
| Building Your Plug-ins | |
| Installing Plug-ins | |
| Configuring Plug-ins | |
| Extending IDC | |
| Plug-in User Interface Options | |
| Scripted Plug-ins | |
| Summary | |
| Binary Files and IDA Loader Modules | |
| Unknown File Analysis | |
| Manually Loading a Windows PE File | |
| IDA Loader Modules | |
| Writing an IDA Loader Using the SDK | |
| Alternative Loader Strategies | |
| Writing a Scripted Loader | |
| Summary | |
| IDA Processor Modules | |
| Python Byte Code | |
| The Python Interpreter | |
| Writing a Processor Module Using the SDK | |
| Building Processor Modules | |
| Customizing Existing Processors | |
| Processor Module Architecture | |
| Scripting a Processor Module | |
| Summary; Real-World Applications | |
| Compiler Personalities | |
| Jump Tables and Switch Statements | |
| RTTI Implementations | |
| Locating main | |
| Debug vs. Release Binaries | |
| Alternative Calling Conventions | |
| Summary | |
| Obfuscated Code Analysis | |
| Anti–Static Analysis Techniques | |
| Anti–Dynamic Analysis Techniques | |
| Static De-obfuscation of Binaries Using IDA | |
| Virtual Machine-Based Obfuscation | |
| Summary | |
| Vulnerability Analysis | |
| Discovering New Vulnerabilities with IDA | |
| After-the-Fact Vulnerability Discovery with IDA | |
| IDA and the Exploit-Development Process | |
| Analyzing Shellcode | |
| Summary | |
| Real-World IDA Plug-ins | |
| Hex-Rays | |
| IDAPython | |
| collabREate | |
| ida-x86emu | |
| Class Informer | |
| MyNav | |
| IdaPdf | |
| Summary; The IDA Debugger | |
| The IDA Debugger | |
| Launching the Debugger | |
| Basic Debuuuuuugger Displays | |
| Process Control | |
| Automating Debugger Tasks | |
| Summary | |
| Disassembler/Debugger Integration | |
| Background | |
| IDA Databases and the IDA Debugger | |
| Debugging Obfuscated Code | |
| IdaStealth | |
| Dealing with Exceptions | |
| Summary | |
| Additional Debugger Features | |
| Remote Debugging with IDA | |
| Debugging with Bochs | |
| Appcall | |
| Summary; Using IDA Freeware 5.0 | |
| Restrictions on IDA Freeware | |
| Using IDA Freeware; IDC/SDK Cross-Reference; | |
| Table of Contents provided by Publisher. All Rights Reserved. |
An electronic version of this book is available through VitalSource.
This book is viewable on PC, Mac, iPhone, iPad, iPod Touch, and most smartphones.
By purchasing, you will be able to view this book online, as well as download it, for the chosen number of days.
Digital License
You are licensing a digital product for a set duration. Durations are set forth in the product description, with "Lifetime" typically meaning five (5) years of online access and permanent download to a supported device. All licenses are non-transferable.
More details can be found here.
A downloadable version of this book is available through the eCampus Reader or compatible Adobe readers.
Applications are available on iOS, Android, PC, Mac, and Windows Mobile platforms.
Please view the compatibility matrix prior to purchase.