Book: The IDA Pro Book (2nd Edition)
I had this book for quite some time now but unfortunately, I didn’t have time to read it. Finally, after reading I’m posting this review….
Title: The IDA Pro Book: The Unofficial Guide to the World’s Most Popular Disassembler
Author: Chris Eagle
Part I: Introduction to IDA
Chapter 1: Introduction to Disassembly
Before starting with the IDA Pro specific concepts, the author goes through a gentle introduction to the essentials of reversing. This chapter discusses the theoretical concepts as well as some simple examples to get you started with disassembling.
Chapter 2: Reversing and Disassembly Tools
Similar to the previous one, this is another introductory chapter dealing with some commonly used reversing tools including classification tools, file format specific utilities and numerous inspection tools. The good thing about it is that Chris Eagle is not limited to a specific operating system but instead he references many utilities available on different operating systems.
Chapter 3: IDA Pro Background
Finally, the reader is introduced to IDA Pro. In this chapter, you can learn various information from versioning and licensing, to installation on different operating systems, etc.
Part II: Basic IDA Usage
Chapter 4: Getting Started with IDA
This is an excellent chapter to get started with the basic usage of this incredible utility. The concepts discussed in this chapter range for file loading, IDA databases, IDA graphical interface and its components along with some nice tips and tricks, etc.
Chapter 5: IDA Data Displays
Continuing from the previous chapter, the author goes through the different data displays that IDA supports giving detailed information for each one separately.
Chapter 6: Disassembly Navigation
Beginning with the “Double-Click Navigation” using excellent examples and always very well documented, it moves to the various features of IDA Pro when it comes to navigation such as “Jump to Address”, “Navigation History”, etc. This chapter has also some important fundamental information regarding stack frames, calling conventions, variables, etc. This is done in order to introduce the next topic which is stack frame views and next, database searches.
Chapter 7: Disassembly Manipulation
Continuing the journey to the components of IDA Pro, this chapter discusses named locations, comments, custom names, as well as some basic code transformations available in IDA Pro. It also has an excellent section for functions and conversions between code and data and lots of information regarding data transformations.
Chapter 8: Datatypes and Data Structures
I think the title says it all. Here you can find everything from recognizing and editing, to creating different structures, using templates, importing structures, getting started with IDA TIL files, C++ specific concepts including “this” pointer, vtables and virtual functions, etc. The chapter ends with discussions for name mangling, run-time type identification and inheritance relationships.
Chapter 9: Cross-References and Graphing
I guess that these are the two most used features in all disassemblers. So, there is not much to say about this chapter. Everything you need to know about cross-references and IDA graphing is probably in here.
Chapter 10: The Many Faces of IDA
IDA Pro is a multi-platform utility and it has different interfaces for the user. Here you can learn about features in console mode and batch mode with numerous operating system specific information for all Windows, Linux and MAC OS X.
Part III: Advanced IDA Usage
Chapter 11: Customizing IDA
As we all know, IDA Pro is a really powerful tool when it comes to reversing. In this chapter the author goes through some common practices for customizing IDA Pro to suit your needs. This includes configuration files, GUI configuration, customizing toolbars, etc.
Chapter 12: Library Recognition Using FLIRT Signatures
This is another excellent chapter discussing FLIRT (Fast Library Identification and Recognition Technology) which is used to identify code that is actually a library. Many details from applying signatures to creating and using them can be found here.
Chapter 13: Extending IDA’s Knowledge
After a more thorough introduction to TIL and IDS utilities, the author dives into the details of IDS file creation and usage.
Chapter 14: Patching Binaries and Other IDA Limitations
Beginning with the “infamous” patch program menu, the author goes through the different techniques that one could use for binary patching and patch file generation with IDA Pro.
Part IV: Extending IDA’s Capabilities
Chapter 15: IDA Scripting
This is one of the most powerful features of IDA Pro and Chris Eagle provides excellent information from basic level of understanding the IDC language, to writing fully functional scripts. Furthermore, other plug-ins such as IDAPython are also being discussed.
Chapter 16: The IDA Software Development Kit
Obviously, the next step is to get introduced to the IDA’s SDK and this is what this chapter is about. Everything from installation to using the API are available in this chapter.
Chapter 17: The IDA Plug-in Architecture
Based on the knowledge of the previous chapters of this part of the book, the author begins writing a plug-in for IDA Pro. Once again, a great chapter with all the details you may need when writing your plug-ins for IDA Pro.
Chapter 18: Binary Files and IDA Loader Modules
From using unknown file formats to manually loading PE files and writing your own loader module using the IDA Pro’s SDK this chapter has everything.
Chapter 19: IDA Processor Modules
Another extremely useful feature of IDA Pro is its ability for additional processor modules. C. Eagle in this chapter guides the reader on how to write his own processor module to emulate and analyse binaries from different processor architectures.
Chapter 20: Compiler Personalities
Here there are countless details on how IDA Pro handles different compilers. Many details ranging from jump tables, C++ Run-time Type Identification, alternative calling conventions, etc. are discussed in this chapter.
Chapter 21: Obfuscation Code Analysis
This is another long chapter dealing with one of the most crucial subjects for all reverser engineers, obfuscation. Some of the topics addressed here are disassembly desynchronization, dynamically computed target addresses, imported function obfuscation, virtualization detection, instrumentation detection, static de-obfuscation, and many, many more.
Chapter 22: Vulnerability Analysis
Another common use of IDA Pro is for vulnerability analysis. Once again, many different subjects are discussed in detail including both vulnerability discovery and analysis.
Chapter 23: Real-World IDA Plug-ins
This is an introduction to some of the most popular plug-ins in IDA Pro which are Hex-Rays, IDAPython, collabREate, ida-x86emu, Class Informer, MyNav and IdaPdf.
Part VI: The IDA Debugger
Chapter 24: The IDA Debugger
This is more like a book itself. It has lots of information with many details for everything that has to do with IDA Pro Debugger.
Chapter 25: Disassembler/Debugger Integration
The title is very descriptive in this chapter.
Chapter 26: Additional Debugger Features
Some advanced features for debugging with IDA Pro are available in this chapter. Some of the discussed subjects include remote debugging and debugging with BOCHS.
Okay, so first of all the creator of IDA Pro, Ilfak Guilfanov said “I wholeheartedly recommend The IDA Pro Book to all IDA Pro users” and that says a lot. It’s not only that it is well written and has information from truly basic concepts up to really advanced ones. The structure of the chapters is perfect and every single example is well documented that even readers with no prior knowledge of IDA Pro will find it very easy to follow.
Personally, I totally agree with Ilfak Guilfanov. Anyone who uses IDA Pro should definitely read this book.