Book of the Month – IDA PRO 2nd Edition

The best book on IDA PRO gets even better with second edition. This is one of those special books which does not need any review at all. The book stands on its own.
.
Since I have received the request from No Starch Press for special review of this book, here I will make an honest attempt to put it right !

.

.

Here is the core information about the book,

  • Title: IDA PRO Book – 2nd Edition
  • Author:Chris Eagle
  • Publisher: No Starch Press
  • Pages: 672
  • Release Date: July 14, 2011
  • Rating(Amazon):

.

Here is the table of contents

PART I: Introduction to IDA
Chapter 1: Introduction to Disassembly
Chapter 2: Reversing and Disassembly Tools
Chapter 3: IDA Pro Background

PART II: Basic IDA Usage
Chapter 4: Getting Started with IDA
Chapter 5: IDA Data Displays
Chapter 6: Disassembly Navigation
Chapter 7: Disassembly Manipulation
Chapter 8: Datatypes and Data Structures
Chapter 9: Cross-References and Graphing
Chapter 10: The Many Faces of IDA

PART III: Advanced IDA Usage
Chapter 11: Customizing IDA
Chapter 12: Library Recognition Using FLIRT Signatures
Chapter 13: Extending IDA’s Knowledge
Chapter 14: Patching Binaries and Other IDA Limitations

PART IV: Extending IDA’s Capabilities
Chapter 15: IDA Scripting
Chapter 16: The IDA Software Development Kit
Chapter 17: The IDA Plug-in Architecture
Chapter 18: Binary Files and IDA Loader Modules
Chapter 19: IDA Processor Modules

PART V: Real-World Applications
Chapter 20: Compiler Personalities
Chapter 21: Obfuscated Code Analysis
Chapter 22: Vulnerability Analysis
Chapter 23: Real-World IDA Plug-ins

PART VI: The IDA Debugger
Chapter 24: The IDA Debugger
Chapter 25: Disassembler/Debugger Integration
Chapter 26: Additional Debugger Features

Appendix A: Using IDA Freeware 5.0
Appendix B: IDC/SDK Cross-Reference

.

The book is well structured and you can easily jump to right section based on your current knowledge of IDA & reversing skills. For example, if you are new to reversing you can start with chapter 1, if you are regular reverser but beginner to IDA then  you can tune to chapter 3. For those with hands-on experience on IDA can directly jump to chapter 11 for more advanced topics. This not only helps in saving lot of time but also in refreshing your basics  whenever your brain goes rusty.
.

IDA’s true potential lies in its scripting engine and plugin architecture. Chapters 15 through 19 does thorough job of relaying it in a simplified way. Then follows very interesting section on De-obfuscation & Vulnerability Analysis using IDA. These are real gems for any one who is involved in malware or vulnerability research.
.

Often reversers use IDA for static and Olly for dynamic analysis, but with IDA’s debugging capabilities makes it one stop tool for all that is required for reversing. In this direction, section on IDA Debugger throws light on IDA’s debugging capabilities starting with basics to scripting, automation using plugins, bypassing anti-debugging tricks etc.

.

Reverse Engineering is complicated stuff and on top of that teaching it, is yet another nightmare but author does the splendid job in communicating most of it in an easy to digest manner using IDA.For this superb bible on IDA Pro, Chris simply deserves standing ovation from all IDA fans.

.

Those who already have bought the first edition, note that there aren’t any new chapters but there are more additions to existing chapters starting with section PART IV – mainly w.r.t changes in IDA v6.1. Also there is special Appendix section covering IDA Freeware v5.0 (compared to IDA freeware v4.9 in first edition).
.
Appendix B is a great resource for plugin writers which contains complete mapping of functions between IDC & SDK. Most of this information was obtained by reverse engineering the IDA kernel.

.
Highlights of the Book

  • Every section starts with basics then goes on to advanced topics.
  • Each of the tricks/techniques are well illustrated with code example
  • Written by expert author who has mastered Reversing & IDA.
  • Easy to digest and fun to read.

.

 

Hailed by Ilfak Guilfanov – the creator of IDA Pro, this book is highly recommended for any one on IDA.It will greatly help you to unleash the full potential of IDA making your reversing job more smarter than ever !

.

Disclaimer: I have received this book from the publisher for special review. However the review remains genuine and unbiased.

.

Book Link: http://www.nostarch.com/idapro2.htm

Similar posts
  • SecurityXploded Mentorship Programme ... I am writing this blog to share my SecurityXploded Student Mentorship Programme experience with the future students of this programme. My mentorship programme started last year in August when I was in 2nd year of MS at IIIT-Allahabad. I knew about SecurityXploded community since I used to follow their blogs, training programmes and security tools [...]
  • Code Injection and API Hooking Techni... Hooking covers a range of techniques used for many purposes like debugging, monitoring, intercepting messages, extending functionality etc. Hooking is also used by a lot of rootkits to camouflage themselves on the system. Rootkits use various hooking techniques when they have to hide a process, hide a network port, redirect file writes to some different [...]
  • Announcement – SecurityXploded ... From the past two years we are working actively on couple of projects to support the security community. As you all may already know that we have successfully completed our reversing and malware analysis training programme and we are very glad that it was very helpful for everyone. In my opinion the success of any [...]
  • Advanced Malware Analysis Training Se... Here is the quick update on this month’s Local Security meet (SX/Null/G4H/owasp) and our advanced malware training session on (Part 2) Dissecting the HeartBeat  RAT Functionalities   This is part of our FREE ‘Advanced Malware Analysis Training’ series started from Dec 2012.       In this extended session, I explained “Decrypting various Communications Of HeartBeat [...]
  • Advanced Malware Analysis Training Se...   Here is the quick update on this month’s Local Security meet (SX/Null/G4H/owasp) and our advanced malware training session on (Part 1) Reversing & Decrypting Communications of HeartBeat RAT This is part of our FREE ‘Advanced Malware Analysis Training’ series started from Dec 2012.       In this extended session, I explained “Decrypting The [...]

Leave a Reply

Our Company

Follow us on Facebook


Join Mailing List

Get direct access to our expert trainers or mingle with like minded security folks in our mailing list