nexusstc/The IDA Pro Book. The Unofficial Guide to the World’s Most Popular Disassembler/485167ac5d159164b5cab270a8edc3c7.pdf
The IDA Pro Book, 2nd Edition: The Unofficial Guide to the World's Most Popular Disassembler 🔍
by Chris Eagle
No Starch Press, Incorporated, 2nd ed., San Francisco, California, 2011
English [en] · PDF · 6.4MB · 2011 · 📘 Book (non-fiction) · 🚀/lgli/lgrs/nexusstc/zlib · Save
description
No source code? No problem. With IDA Pro, the interactive disassembler, you live in a source code-optional world. IDA can automatically analyze the millions of opcodes that make up an executable and present you with a disassembly. But at that point, your work is just beginning. With The IDA Pro Book, you'll learn how to turn that mountain of mnemonics into something you can actually use.Hailed by the creator of IDA Pro as "profound, comprehensive, and accurate," the second edition of The IDA Pro Book covers everything from the very first steps to advanced automation techniques. You'll find complete coverage of IDA's new Qt-based user interface, as well as increased coverage of the IDA debugger, the Bochs debugger, and IDA scripting (especially using IDAPython). But because humans are still smarter than computers, you'll even learn how to use IDA's latest interactive and scriptable interfaces to your advantage.Save time and effort as you learn to: Navigate, comment, and modify disassembly Identify known library routines, so you can focus your analysis on other areas of the code Use code graphing to quickly make sense of cross references and function calls Extend IDA to support new processors and filetypes using the SDK Explore popular plug-ins that make writing IDA scripts easier, allow collaborative reverse engineering, and much more Use IDA's built-in debugger to tackle hostile and obfuscated code Whether you're analyzing malware, conducting vulnerability research, or reverse engineering software, a mastery of IDA is crucial to your success. Take your skills to the next level with this 2nd edition of The IDA Pro Book.
Alternative filename
lgli/_432432.485167ac5d159164b5cab270a8edc3c7.pdf
Alternative filename
lgrsnf/_432432.485167ac5d159164b5cab270a8edc3c7.pdf
Alternative filename
zlib/Computers/Programming/Chris Eagle/The IDA Pro book: The unofficial guide to the world's most popular disassembler_1178717.pdf
Alternative author
Eagle, Chris
Alternative edition
Penguin Random House LLC (Publisher Services), San Francisco, 2011
Alternative edition
United States, United States of America
Alternative edition
San Francisco, California, 2008
Alternative edition
San Francisco, cop. 2008
Alternative edition
June 15, 2008
Alternative edition
Second, 2011
Alternative edition
1, PS, 2008
metadata comments
2011 12 30
metadata comments
lg740680
metadata comments
{"edition":"2","isbns":["1593271786","1593272898","2008030632","9781593271787","9781593272890"],"last_page":649,"publisher":"No Starch"}
metadata comments
Includes bibliographical references and index.
Alternative description
Brief Contents......Page 9
Contents in Detail......Page 11
Acknowledgments......Page 21
Introduction......Page 23
PART I: Introduction to IDA......Page 27
1: Introduction to Disassembly......Page 29
Disassembly Theory......Page 30
The What of Disassembly......Page 31
Vulnerability Analysis......Page 32
The How of Disassembly......Page 33
A Basic Disassembly Algorithm......Page 34
Linear Sweep Disassembly......Page 35
Recursive Descent Disassembly......Page 37
Summary......Page 40
2: Reversing and Disassembly Tools......Page 41
file......Page 42
PE Tools......Page 44
PEiD......Page 45
nm......Page 46
ldd......Page 48
objdump......Page 49
otool......Page 50
c++filt......Page 51
strings......Page 53
Disassemblers......Page 54
Summary......Page 55
3: IDA Pro Background......Page 57
Hex-Rays’ Stance on Piracy......Page 58
IDA Licenses......Page 59
Upgrading IDA......Page 60
IDA Support Resources......Page 61
Windows Installation......Page 62
OS X and Linux Installation......Page 63
The IDA Directory Layout......Page 64
Summary......Page 66
PART II: Basic IDA Usage......Page 67
4: Getting Started with IDA......Page 69
Launching IDA......Page 70
IDA File Loading......Page 71
Using the Binary File Loader......Page 73
IDA Database Files......Page 74
IDA Database Creation......Page 76
Closing IDA Databases......Page 77
Reopening a Database......Page 78
Introduction to the IDA Desktop......Page 79
Desktop Behavior During Initial Analysis......Page 82
IDA Desktop Tips and Tricks......Page 83
Summary......Page 84
5: IDA Data Displays......Page 85
The Disassembly Window......Page 86
Secondary IDA Displays......Page 92
The Hex View Window......Page 93
The Imports Window......Page 94
The Structures Window......Page 95
The Strings Window......Page 96
The Names Window......Page 98
The Signatures Window......Page 100
The Type Libraries Window......Page 101
The Problems Window......Page 102
Summary......Page 103
6: Disassembly Navigation......Page 105
Double-Click Navigation......Page 106
Navigation History......Page 108
Stack Frames......Page 109
Calling Conventions......Page 111
Stack Frame Examples......Page 115
IDA Stack Views......Page 119
Searching the Database......Page 124
Binary Searches......Page 125
Summary......Page 126
7: Disassembly Manipulation......Page 127
Parameters and Local Variables......Page 128
Named Locations......Page 129
Register Names......Page 131
Commenting in IDA......Page 132
Repeatable Comments......Page 133
Basic Code Transformations......Page 134
Code Display Options......Page 135
Formatting Instruction Operands......Page 138
Manipulating Functions......Page 139
Converting Data to Code (and Vice Versa)......Page 145
Basic Data Transformations......Page 146
Specifying Data Sizes......Page 147
Working with Strings......Page 148
Specifying Arrays......Page 150
Summary......Page 152
8: Datatypes and Data Structures......Page 153
Array Member Access......Page 156
Structure Member Access......Page 161
Creating a New Structure (or Union)......Page 168
Editing Structure Members......Page 170
Using Structure Templates......Page 172
Parsing C Structure Declarations......Page 175
Parsing C Header Files......Page 176
Using Standard Structures......Page 177
IDA TIL Files......Page 180
Sharing TIL Files......Page 181
The this Pointer......Page 182
Virtual Functions and Vtables......Page 183
The Object Life Cycle......Page 186
Name Mangling......Page 188
Runtime Type Identification......Page 189
Inheritance Relationships......Page 190
C++ Reverse Engineering References......Page 191
Summary......Page 192
9: Cross-References and Graphing......Page 193
Cross-References......Page 194
Code Cross-References......Page 195
Data Cross-References......Page 197
Cross-Reference Lists......Page 199
Function Calls......Page 201
IDA External (Third-Party) Graphing......Page 202
IDA’s Integrated Graph View......Page 211
Summary......Page 213
10: The Many Faces of IDA......Page 215
Common Features of Console Mode......Page 216
Windows Console Specifics......Page 217
Linux Console Specifics......Page 218
OS X Console Specifics......Page 220
Using IDA’s Batch Mode......Page 222
Summary......Page 224
PART III: Advanced IDA Usage......Page 225
Configuration Files......Page 227
The Main Configuration File: ida.cfg......Page 228
The GUI Configuration File: idagui.cfg......Page 229
The Console Configuration File: idatui.cfg......Page 232
IDA Colors......Page 233
Customizing IDA Toolbars......Page 234
Summary......Page 236
12: Library Recognition Using FLIRT Signatures......Page 237
Applying FLIRT Signatures......Page 238
Creating FLIRT Signature Files......Page 242
Identifying and Acquiring Static Libraries......Page 243
Creating Pattern Files......Page 245
Creating Signature Files......Page 247
Startup Signatures......Page 250
Summary......Page 251
13: Extending IDA’s Knowledge......Page 253
Augmenting Function Information......Page 254
IDS Files......Page 256
Creating IDS Files......Page 257
Augmenting Predefined Comments with loadint......Page 259
Summary......Page 261
14: Patching Binaries and Other IDA Limitations......Page 263
Changing Individual Database Bytes......Page 264
Using the Assemble Dialog......Page 265
IDA Output Files and Patch Generation......Page 267
IDA-Generated ASM Files......Page 268
IDA-Generated EXE Files......Page 269
IDA-Generated DIF Files......Page 270
Summary......Page 271
PART IV: Extending IDA's Capabilities......Page 273
15: IDA Scripting......Page 275
Basic Script Execution......Page 276
IDC Variables......Page 278
IDC Expressions......Page 279
IDC Functions......Page 280
IDC Objects......Page 282
IDC Programs......Page 283
Error Handling in IDC......Page 284
Persistent Data Storage in IDC......Page 285
Useful IDC Functions......Page 287
Functions for Reading and Modifying Data......Page 288
User Interaction Functions......Page 289
File Input/Output Functions......Page 290
Functions Dealing with Functions......Page 292
Code Cross-Reference Functions......Page 293
Database Manipulation Functions......Page 294
Database Search Functions......Page 295
Enumerating Functions......Page 296
Enumerating Instructions......Page 297
Enumerating Cross-References......Page 298
Finding and Labeling Function Arguments......Page 301
Emulating Assembly Language Behavior......Page 304
IDAPython......Page 306
Using IDAPython......Page 307
Enumerating Instructions......Page 308
Enumerating Exported Functions......Page 309
Summary......Page 310
16: The IDA Software Development Kit......Page 311
SDK Introduction......Page 312
SDK Layout......Page 313
The IDA Application Programming Interface......Page 315
Header Files Overview......Page 316
Netnodes......Page 320
Useful SDK Datatypes......Page 328
Commonly Used SDK Functions......Page 330
Iteration Techniques Using the IDA API......Page 336
Summary......Page 340
17: The IDA Plug-in Architecture......Page 341
Writing a Plug-in......Page 342
The Plug-in Life Cycle......Page 344
Plug-in Initialization......Page 346
Event Notification......Page 347
Plug-in Execution......Page 348
Building Your Plug-ins......Page 350
Installing Plug-ins......Page 355
Configuring Plug-ins......Page 356
Extending IDC......Page 357
Plug-in User Interface Options......Page 359
Using the SDK’s Chooser Dialogs......Page 360
Creating Customized Forms with the SDK......Page 363
Windows-Only User Interface-Generation Techniques......Page 367
User Interface Generation with Qt......Page 368
Scripted Plug-ins......Page 370
Summary......Page 372
18: Binary Files and IDA Loader Modules......Page 373
Unknown File Analysis......Page 374
Manually Loading a Windows PE File......Page 375
Writing an IDA Loader Using the SDK......Page 384
The Simpleton Loader......Page 387
A pcap Loader for IDA......Page 392
Alternative Loader Strategies......Page 398
Writing a Scripted Loader......Page 399
Summary......Page 401
19: IDA Processor Modules......Page 403
Python Byte Code......Page 404
The Python Interpreter......Page 405
The processor_t Struct......Page 406
Basic Initialization of the LPH Structure......Page 407
The Analyzer......Page 411
The Emulator......Page 416
The Outputter......Page 420
Processor Notifications......Page 425
Other processor_t Members......Page 427
Building Processor Modules......Page 429
Customizing Existing Processors......Page 433
Processor Module Architecture......Page 435
Scripting a Processor Module......Page 437
Summary......Page 438
PART V: Real-World Applications......Page 439
20: Compiler Personalities......Page 441
Jump Tables and Switch Statements......Page 442
RTTI Implementations......Page 446
Locating main......Page 447
Debug vs. Release Binaries......Page 454
Alternative Calling Conventions......Page 456
Summary......Page 458
21: Obfuscated Code Analysis......Page 459
Disassembly Desynchronization......Page 460
Dynamically Computed Target Addresses......Page 463
Imported Function Obfuscation......Page 470
Targeted Attacks on Analysis Tools......Page 474
Detecting Virtualization......Page 475
Detecting Instrumentation......Page 477
Detecting Debuggers......Page 478
Preventing Debugging......Page 479
Static De-obfuscation of Binaries Using IDA......Page 480
Script-Oriented De-obfuscation......Page 481
Emulation-Oriented De-obfuscation......Page 486
Virtual Machine-Based Obfuscation......Page 498
Summary......Page 500
22: Vulnerability Analysis......Page 501
Discovering New Vulnerabilities with IDA......Page 502
After-the-Fact Vulnerability Discovery with IDA......Page 509
Stack Frame Breakdown......Page 514
Locating Instruction Sequences......Page 518
Finding Useful Virtual Addresses......Page 520
Analyzing Shellcode......Page 521
Summary......Page 524
23: Real-World IDA Plug-ins......Page 525
Hex-Rays......Page 526
collabREate......Page 529
Class Informer......Page 532
MyNav......Page 534
IdaPdf......Page 535
Summary......Page 536
PART VI: The IDA Debugger......Page 537
24: The IDA Debugger......Page 539
Launching the Debugger......Page 540
Basic Debugger Displays......Page 544
Process Control......Page 547
Breakpoints......Page 548
Tracing......Page 552
Stack Traces......Page 554
Watches......Page 555
Scripting Debugger Actions......Page 556
Automating Debugger Actions with IDA Plug-ins......Page 562
Summary......Page 564
25: Disassembler/Debugger Integration......Page 565
Background......Page 566
IDA Databases and the IDA Debugger......Page 567
Debugging Obfuscated Code......Page 569
Launching the Process......Page 571
Simple Decryption and Decompression Loops......Page 572
Import Table Reconstruction......Page 576
Hiding the Debugger......Page 581
IdaStealth......Page 586
Dealing with Exceptions......Page 587
Summary......Page 594
Remote Debugging with IDA......Page 595
Using a Hex-Rays Debugging Server......Page 596
Attaching to a Remote Process......Page 599
Debugging with Bochs......Page 600
Bochs IDB Mode......Page 601
Bochs PE Mode......Page 602
Bochs Disk Image Mode......Page 603
Appcall......Page 604
Summary......Page 605
A: Using IDA Freeware 5.0......Page 607
Restrictions on IDA Freeware......Page 608
Using IDA Freeware......Page 609
B: IDC/SDK Cross-Reference......Page 611
Index......Page 635
Contents in Detail......Page 11
Acknowledgments......Page 21
Introduction......Page 23
PART I: Introduction to IDA......Page 27
1: Introduction to Disassembly......Page 29
Disassembly Theory......Page 30
The What of Disassembly......Page 31
Vulnerability Analysis......Page 32
The How of Disassembly......Page 33
A Basic Disassembly Algorithm......Page 34
Linear Sweep Disassembly......Page 35
Recursive Descent Disassembly......Page 37
Summary......Page 40
2: Reversing and Disassembly Tools......Page 41
file......Page 42
PE Tools......Page 44
PEiD......Page 45
nm......Page 46
ldd......Page 48
objdump......Page 49
otool......Page 50
c++filt......Page 51
strings......Page 53
Disassemblers......Page 54
Summary......Page 55
3: IDA Pro Background......Page 57
Hex-Rays’ Stance on Piracy......Page 58
IDA Licenses......Page 59
Upgrading IDA......Page 60
IDA Support Resources......Page 61
Windows Installation......Page 62
OS X and Linux Installation......Page 63
The IDA Directory Layout......Page 64
Summary......Page 66
PART II: Basic IDA Usage......Page 67
4: Getting Started with IDA......Page 69
Launching IDA......Page 70
IDA File Loading......Page 71
Using the Binary File Loader......Page 73
IDA Database Files......Page 74
IDA Database Creation......Page 76
Closing IDA Databases......Page 77
Reopening a Database......Page 78
Introduction to the IDA Desktop......Page 79
Desktop Behavior During Initial Analysis......Page 82
IDA Desktop Tips and Tricks......Page 83
Summary......Page 84
5: IDA Data Displays......Page 85
The Disassembly Window......Page 86
Secondary IDA Displays......Page 92
The Hex View Window......Page 93
The Imports Window......Page 94
The Structures Window......Page 95
The Strings Window......Page 96
The Names Window......Page 98
The Signatures Window......Page 100
The Type Libraries Window......Page 101
The Problems Window......Page 102
Summary......Page 103
6: Disassembly Navigation......Page 105
Double-Click Navigation......Page 106
Navigation History......Page 108
Stack Frames......Page 109
Calling Conventions......Page 111
Stack Frame Examples......Page 115
IDA Stack Views......Page 119
Searching the Database......Page 124
Binary Searches......Page 125
Summary......Page 126
7: Disassembly Manipulation......Page 127
Parameters and Local Variables......Page 128
Named Locations......Page 129
Register Names......Page 131
Commenting in IDA......Page 132
Repeatable Comments......Page 133
Basic Code Transformations......Page 134
Code Display Options......Page 135
Formatting Instruction Operands......Page 138
Manipulating Functions......Page 139
Converting Data to Code (and Vice Versa)......Page 145
Basic Data Transformations......Page 146
Specifying Data Sizes......Page 147
Working with Strings......Page 148
Specifying Arrays......Page 150
Summary......Page 152
8: Datatypes and Data Structures......Page 153
Array Member Access......Page 156
Structure Member Access......Page 161
Creating a New Structure (or Union)......Page 168
Editing Structure Members......Page 170
Using Structure Templates......Page 172
Parsing C Structure Declarations......Page 175
Parsing C Header Files......Page 176
Using Standard Structures......Page 177
IDA TIL Files......Page 180
Sharing TIL Files......Page 181
The this Pointer......Page 182
Virtual Functions and Vtables......Page 183
The Object Life Cycle......Page 186
Name Mangling......Page 188
Runtime Type Identification......Page 189
Inheritance Relationships......Page 190
C++ Reverse Engineering References......Page 191
Summary......Page 192
9: Cross-References and Graphing......Page 193
Cross-References......Page 194
Code Cross-References......Page 195
Data Cross-References......Page 197
Cross-Reference Lists......Page 199
Function Calls......Page 201
IDA External (Third-Party) Graphing......Page 202
IDA’s Integrated Graph View......Page 211
Summary......Page 213
10: The Many Faces of IDA......Page 215
Common Features of Console Mode......Page 216
Windows Console Specifics......Page 217
Linux Console Specifics......Page 218
OS X Console Specifics......Page 220
Using IDA’s Batch Mode......Page 222
Summary......Page 224
PART III: Advanced IDA Usage......Page 225
Configuration Files......Page 227
The Main Configuration File: ida.cfg......Page 228
The GUI Configuration File: idagui.cfg......Page 229
The Console Configuration File: idatui.cfg......Page 232
IDA Colors......Page 233
Customizing IDA Toolbars......Page 234
Summary......Page 236
12: Library Recognition Using FLIRT Signatures......Page 237
Applying FLIRT Signatures......Page 238
Creating FLIRT Signature Files......Page 242
Identifying and Acquiring Static Libraries......Page 243
Creating Pattern Files......Page 245
Creating Signature Files......Page 247
Startup Signatures......Page 250
Summary......Page 251
13: Extending IDA’s Knowledge......Page 253
Augmenting Function Information......Page 254
IDS Files......Page 256
Creating IDS Files......Page 257
Augmenting Predefined Comments with loadint......Page 259
Summary......Page 261
14: Patching Binaries and Other IDA Limitations......Page 263
Changing Individual Database Bytes......Page 264
Using the Assemble Dialog......Page 265
IDA Output Files and Patch Generation......Page 267
IDA-Generated ASM Files......Page 268
IDA-Generated EXE Files......Page 269
IDA-Generated DIF Files......Page 270
Summary......Page 271
PART IV: Extending IDA's Capabilities......Page 273
15: IDA Scripting......Page 275
Basic Script Execution......Page 276
IDC Variables......Page 278
IDC Expressions......Page 279
IDC Functions......Page 280
IDC Objects......Page 282
IDC Programs......Page 283
Error Handling in IDC......Page 284
Persistent Data Storage in IDC......Page 285
Useful IDC Functions......Page 287
Functions for Reading and Modifying Data......Page 288
User Interaction Functions......Page 289
File Input/Output Functions......Page 290
Functions Dealing with Functions......Page 292
Code Cross-Reference Functions......Page 293
Database Manipulation Functions......Page 294
Database Search Functions......Page 295
Enumerating Functions......Page 296
Enumerating Instructions......Page 297
Enumerating Cross-References......Page 298
Finding and Labeling Function Arguments......Page 301
Emulating Assembly Language Behavior......Page 304
IDAPython......Page 306
Using IDAPython......Page 307
Enumerating Instructions......Page 308
Enumerating Exported Functions......Page 309
Summary......Page 310
16: The IDA Software Development Kit......Page 311
SDK Introduction......Page 312
SDK Layout......Page 313
The IDA Application Programming Interface......Page 315
Header Files Overview......Page 316
Netnodes......Page 320
Useful SDK Datatypes......Page 328
Commonly Used SDK Functions......Page 330
Iteration Techniques Using the IDA API......Page 336
Summary......Page 340
17: The IDA Plug-in Architecture......Page 341
Writing a Plug-in......Page 342
The Plug-in Life Cycle......Page 344
Plug-in Initialization......Page 346
Event Notification......Page 347
Plug-in Execution......Page 348
Building Your Plug-ins......Page 350
Installing Plug-ins......Page 355
Configuring Plug-ins......Page 356
Extending IDC......Page 357
Plug-in User Interface Options......Page 359
Using the SDK’s Chooser Dialogs......Page 360
Creating Customized Forms with the SDK......Page 363
Windows-Only User Interface-Generation Techniques......Page 367
User Interface Generation with Qt......Page 368
Scripted Plug-ins......Page 370
Summary......Page 372
18: Binary Files and IDA Loader Modules......Page 373
Unknown File Analysis......Page 374
Manually Loading a Windows PE File......Page 375
Writing an IDA Loader Using the SDK......Page 384
The Simpleton Loader......Page 387
A pcap Loader for IDA......Page 392
Alternative Loader Strategies......Page 398
Writing a Scripted Loader......Page 399
Summary......Page 401
19: IDA Processor Modules......Page 403
Python Byte Code......Page 404
The Python Interpreter......Page 405
The processor_t Struct......Page 406
Basic Initialization of the LPH Structure......Page 407
The Analyzer......Page 411
The Emulator......Page 416
The Outputter......Page 420
Processor Notifications......Page 425
Other processor_t Members......Page 427
Building Processor Modules......Page 429
Customizing Existing Processors......Page 433
Processor Module Architecture......Page 435
Scripting a Processor Module......Page 437
Summary......Page 438
PART V: Real-World Applications......Page 439
20: Compiler Personalities......Page 441
Jump Tables and Switch Statements......Page 442
RTTI Implementations......Page 446
Locating main......Page 447
Debug vs. Release Binaries......Page 454
Alternative Calling Conventions......Page 456
Summary......Page 458
21: Obfuscated Code Analysis......Page 459
Disassembly Desynchronization......Page 460
Dynamically Computed Target Addresses......Page 463
Imported Function Obfuscation......Page 470
Targeted Attacks on Analysis Tools......Page 474
Detecting Virtualization......Page 475
Detecting Instrumentation......Page 477
Detecting Debuggers......Page 478
Preventing Debugging......Page 479
Static De-obfuscation of Binaries Using IDA......Page 480
Script-Oriented De-obfuscation......Page 481
Emulation-Oriented De-obfuscation......Page 486
Virtual Machine-Based Obfuscation......Page 498
Summary......Page 500
22: Vulnerability Analysis......Page 501
Discovering New Vulnerabilities with IDA......Page 502
After-the-Fact Vulnerability Discovery with IDA......Page 509
Stack Frame Breakdown......Page 514
Locating Instruction Sequences......Page 518
Finding Useful Virtual Addresses......Page 520
Analyzing Shellcode......Page 521
Summary......Page 524
23: Real-World IDA Plug-ins......Page 525
Hex-Rays......Page 526
collabREate......Page 529
Class Informer......Page 532
MyNav......Page 534
IdaPdf......Page 535
Summary......Page 536
PART VI: The IDA Debugger......Page 537
24: The IDA Debugger......Page 539
Launching the Debugger......Page 540
Basic Debugger Displays......Page 544
Process Control......Page 547
Breakpoints......Page 548
Tracing......Page 552
Stack Traces......Page 554
Watches......Page 555
Scripting Debugger Actions......Page 556
Automating Debugger Actions with IDA Plug-ins......Page 562
Summary......Page 564
25: Disassembler/Debugger Integration......Page 565
Background......Page 566
IDA Databases and the IDA Debugger......Page 567
Debugging Obfuscated Code......Page 569
Launching the Process......Page 571
Simple Decryption and Decompression Loops......Page 572
Import Table Reconstruction......Page 576
Hiding the Debugger......Page 581
IdaStealth......Page 586
Dealing with Exceptions......Page 587
Summary......Page 594
Remote Debugging with IDA......Page 595
Using a Hex-Rays Debugging Server......Page 596
Attaching to a Remote Process......Page 599
Debugging with Bochs......Page 600
Bochs IDB Mode......Page 601
Bochs PE Mode......Page 602
Bochs Disk Image Mode......Page 603
Appcall......Page 604
Summary......Page 605
A: Using IDA Freeware 5.0......Page 607
Restrictions on IDA Freeware......Page 608
Using IDA Freeware......Page 609
B: IDC/SDK Cross-Reference......Page 611
Index......Page 635
Alternative description
<p>IDA Pro is a commercial disassembler and debugger used by reverse engineers to dissect compiled computer programs, and is the industry standard tool for analysis of hostile code. <i>The IDA Pro Book</i> provides a comprehensive, top-down overview of IDA Pro and its use for reverse engineering software. Author Chris Eagle, a recognized expert in the field, takes readers from the basics of disassembly theory to the complexities of using IDA Pro in real-world situations. Topics are introduced in the order most frequently encountered, allowing experienced users to easily jump in at the most appropriate point. Eagle covers a variety of real-world reverse engineering challenges and offers strategies to deal with them, such as disassembly manipulation, graphing, and effective use of cross references. This second edition of <i>The IDA Pro Book</i> has been completely updated and revised to cover the new features and cross-platform interface of IDA Pro 6.0. Other additions include expanded coverage of the IDA Pro Debugger, IDAPython, and the IDA Pro SDK.</p>
<p>Chris Eagle is a Senior Lecturer and Associate Chairman of Computer Science at the Naval Postgraduate School in Monterey, CA. He is a co-author of <i>Gray Hat Hacking</i> and has spoken at numerous security conferences, including Blackhat, Defcon, Toorcon, and Shmoocon.</p>
<p>Chris Eagle is a Senior Lecturer and Associate Chairman of Computer Science at the Naval Postgraduate School in Monterey, CA. He is a co-author of <i>Gray Hat Hacking</i> and has spoken at numerous security conferences, including Blackhat, Defcon, Toorcon, and Shmoocon.</p>
Alternative description
No source code? No problem. With IDA Pro, you live in a source code-optional world. IDA can automatically analyze the millions of opcodes that make up an executable and present you with a disassembly. But at that point, your work is just beginning. With The IDA Pro Book , you'll learn how to turn that mountain of mnemonics into something you can actually use. Hailed by the creator of IDA Pro as the "long-awaited" and "information-packed" guide to IDA, The IDA Pro Book covers everything from the very first steps to advanced automation techniques. While other disassemblers slow your analysis with inflexibility, IDA invites you to customize its output for improved readability and usefulness. You'll save time and effort as you learn You'll still need serious assembly skills to tackle the toughest executables, but IDA makes things a lot easier. Whether you're analyzing the software on a black box or conducting hard-core vulnerability research, a mastery of IDA Pro is crucial to your success. Take your skills to the next level with The IDA Pro Book .
Alternative description
"No source code? No problem. With IDA Pro, you live in a source code-optional world. IDA can automatically analyze the millions of opcodes that make up an executable and present you with a disassembly. But at that point, your work is just beginning. With The IDA Pro Book, you'll learn how to turn that mountain of mnemonics into something you can actually use. The IDA Pro Book covers everything from the very first steps to advanced automation techniques. While other disassemblers slow your analysis with inflexibility, IDA invites you to customize its output for improved readability and usefulness. You'll still need serious assembly skills to tackle the toughest executables, but IDA makes things a lot easier. Whether you're analyzing the software on a black box or conducting hard-core vulnerability research, a mastery of IDA Pro is crucial to your success. Take your skills to the next level with The IDA Pro Book."--Jacket
Alternative description
No source code? No problem. With IDA Pro, the interactive disassembler, you live in a source code-optional world. IDA can automatically analyze the millions of opcodes that make up an executable and present you with a disassembly. But at that point, your work is just beginning. With The IDA Pro Book, you'll learn how to turn that mountain of mnemonics into something you can actually use. Hailed by the creator of IDA Pro as "profound, comprehensive, and accurate," the second edition of The IDA Pro Book covers everything from the very first steps to advanced automation techniques. You'll find complete coverage of IDA's new Qt-based user interface, as well as increased coverage of the IDA debugger, the Bochs debugger, and IDA scripting (especially using IDAPython). But because humans are still smarter than computers, you'll even learn how to use IDA's latest interactive and scriptable interfaces to your advantage
Alternative description
2. Reversing and Disassembly Tools; Classification Tools; file; PE Tools; PEiD; Summary Tools; nm; ldd; objdump; otool; dumpbin; c++filt; Deep Inspection Tools; strings; Disassemblers; Summary; 3. IDA Pro Background; Hex-Rays' Stance on Piracy; Obtaining IDA Pro; IDA Versions; IDA Licenses; Purchasing IDA; Upgrading IDA; IDA Support Resources; Your IDA Installation; Windows Installation; OS X and Linux Installation; IDA and SELinux; 32-bit vs. 64-bit IDA; The IDA Directory Layout; Thoughts on IDA's User Interface; Summary; II. Basic IDA Usage; 4. Getting Started with IDA; Launching IDA
Alternative description
IDA Pro is a commercial disassembler and debugger that allows reverse engineers to learn how specific programs work. This book provides a top-down overview of IDA Pro and its potential uses in the software reverse engineering field
date open sourced
2012-02-04
🚀 Fast downloads
Become a member to support the long-term preservation of books, papers, and more. To show our gratitude for your support, you get fast downloads. ❤️
- Fast Partner Server #1 (recommended)
- Fast Partner Server #2 (recommended)
- Fast Partner Server #3 (recommended)
- Fast Partner Server #4 (recommended)
- Fast Partner Server #5 (recommended)
- Fast Partner Server #6 (recommended)
- Fast Partner Server #7
- Fast Partner Server #8
- Fast Partner Server #9
- Fast Partner Server #10
- Fast Partner Server #11
🐢 Slow downloads
From trusted partners. More information in the FAQ. (might require browser verification — unlimited downloads!)
- Slow Partner Server #1 (slightly faster but with waitlist)
- Slow Partner Server #2 (slightly faster but with waitlist)
- Slow Partner Server #3 (slightly faster but with waitlist)
- Slow Partner Server #4 (slightly faster but with waitlist)
- Slow Partner Server #5 (no waitlist, but can be very slow)
- Slow Partner Server #6 (no waitlist, but can be very slow)
- Slow Partner Server #7 (no waitlist, but can be very slow)
- Slow Partner Server #8 (no waitlist, but can be very slow)
- After downloading: Open in our viewer
All download options have the same file, and should be safe to use. That said, always be cautious when downloading files from the internet, especially from sites external to Anna’s Archive. For example, be sure to keep your devices updated.
External downloads
-
For large files, we recommend using a download manager to prevent interruptions.
Recommended download managers: Motrix -
You will need an ebook or PDF reader to open the file, depending on the file format.
Recommended ebook readers: Anna’s Archive online viewer, ReadEra, and Calibre -
Use online tools to convert between formats.
Recommended conversion tools: CloudConvert and PrintFriendly -
You can send both PDF and EPUB files to your Kindle or Kobo eReader.
Recommended tools: Amazon‘s “Send to Kindle” and djazz‘s “Send to Kobo/Kindle” -
Support authors and libraries
✍️ If you like this and can afford it, consider buying the original, or supporting the authors directly.
📚 If this is available at your local library, consider borrowing it for free there.
Total downloads:
A “file MD5” is a hash that gets computed from the file contents, and is reasonably unique based on that content. All shadow libraries that we have indexed on here primarily use MD5s to identify files.
A file might appear in multiple shadow libraries. For information about the various datasets that we have compiled, see the Datasets page.
For information about this particular file, check out its JSON file. Live/debug JSON version. Live/debug page.