The IDA Pro Book, 2nd Edition

Chris Eagle is a Senior Lecturer of Computer Science at the Naval Postgraduate School in Monterey, CA. He is the author of many IDA plug-ins and co-author of Gray Hat Hacking, and he has spoken at numerous security conferences, including Black Hat, Defcon, ToorCon, and ShmooCon.

PRAISE FOR THE FIRST EDITION OF THE IDA PRO BOOK; Dedication; Acknowledgments; Introduction; Introduction to IDA; Chapter 1: Introduction to Disassembly; 1.1 Disassembly Theory; 1.2 The What of Disassembly; 1.3 The Why of Disassembly; 1.4 The How of Disassembly; 1.5 Summary; Chapter 2: Reversing and Disassembly Tools; 2.1 Classification Tools; 2.2 Summary Tools; 2.3 Deep Inspection Tools; 2.4 Summary; Chapter 3: IDA Pro Background; 3.1 Hex-Rays' Stance on Piracy; 3.2 Obtaining IDA Pro; 3.3 IDA Support Resources; 3.4 Your IDA Installation; 3.5 Thoughts on IDA's User Interface; 3.6 Summary; Basic IDA Usage; Chapter 4: Getting Started with IDA; 4.1 Launching IDA; 4.2 IDA Database Files; 4.3 Introduction to the IDA Desktop; 4.4 Desktop Behavior During Initial Analysis; 4.5 IDA Desktop Tips and Tricks; 4.6 Reporting Bugs; 4.7 Summary; Chapter 5: IDA Data Displays; 5.1 The Principal IDA Displays; 5.2 Secondary IDA Displays; 5.3 Tertiary IDA Displays; 5.4 Summary; Chapter 6: Disassembly Navigation; 6.1 Basic IDA Navigation; 6.2 Stack Frames; 6.3 Searching the Database; 6.4 Summary; Chapter 7: Disassembly Manipulation; 7.1 Names and Naming; 7.2 Commenting in IDA; 7.3 Basic Code Transformations; 7.4 Basic Data Transformations; 7.5 Summary; Chapter 8: Datatypes and Data Structures; 8.1 Recognizing Data Structure Use; 8.2 Creating IDA Structures; 8.3 Using Structure Templates; 8.4 Importing New Structures; 8.5 Using Standard Structures; 8.6 IDA TIL Files; 8.7 C++ Reversing Primer; 8.8 Summary; Chapter 9: Cross-References and Graphing; 9.1 Cross-References; 9.2 IDA Graphing; 9.3 Summary; Chapter 10: The Many Faces of IDA; 10.1 Console Mode IDA; 10.2 Using IDA's Batch Mode; 10.3 Summary; Advanced IDA Usage; Chapter 11: Customizing IDA; 11.1 Configuration Files; 11.2 Additional IDA Configuration Options; 11.3 Summary; Chapter 12: Library Recognition Using FLIRT Signatures; 12.1 Fast Library Identification and Recognition Technology; 12.2 Applying FLIRT Signatures; 12.3 Creating FLIRT Signature Files; 12.4 Summary; Chapter 13: Extending IDA's Knowledge; 13.1 Augmenting Function Information; 13.2 Augmenting Predefined Comments with loadint; 13.3 Summary; Chapter 14: Patching Binaries and Other IDA Limitations; 14.1 The Infamous Patch Program Menu; 14.2 IDA Output Files and Patch Generation; 14.3 Summary; Extending IDA's Capabilities; Chapter 15: IDA Scripting; 15.1 Basic Script Execution; 15.2 The IDC Language; 15.3 Associating IDC Scripts with Hotkeys; 15.4 Useful IDC Functions; 15.5 IDC Scripting Examples; 15.6 IDAPython; 15.7 IDAPython Scripting Examples; 15.8 Summary; Chapter 16: The IDA Software Development Kit; 16.1 SDK Introduction; 16.2 The IDA Application Programming Interface; 16.3 Summary; Chapter 17: The IDA Plug-in Architecture; 17.1 Writing a Plug-in; 17.2 Building Your Plug-ins; 17.3 Installing Plug-ins; 17.4 Configuring Plug-ins; 17.5 Extending IDC; 17.6 Plug-in User Interface Options; 17.7 Scripted Plug-ins; 17.8 Summary; Chapter 18: Binary Files and IDA Loader Modules; 18.1 Unknown File Analysis; 18.2 Manually Loading a Windows PE File; 18.3 IDA Loader Modules; 18.4 Writing an IDA Loader Using the SDK; 18.5 Alternative Loader Strategies; 18.6 Writing a Scripted Loader; 18.7 Summary; Chapter 19: IDA Processor Modules; 19.1 Python Byte Code; 19.2 The Python Interpreter; 19.3 Writing a Processor Module Using the SDK; 19.4 Building Processor Modules; 19.5 Customizing Existing Processors; 19.6 Processor Module Architecture; 19.7 Scripting a Processor Module; 19.8 Summary; Real-World Applications; Chapter 20: Compiler Personalities; 20.1 Jump Tables and Switch Statements; 20.2 RTTI Implementations; 20.3 Locating main; 20.4 Debug vs. Release Binaries; 20.5 Alternative Calling Conventions; 20.6 Summary; Chapter 21: Obfuscated Code Analysis; 21.1 Anti--Static Analysis Techniques; 21.2 Anti--Dynamic Analysis Techniques; 21.3 Static De-obfuscation of Binaries Using IDA; 21.4 Virtual Machine-Based Obfuscation; 21.5 Summary; Chapter 22: Vulnerability Analysis; 22.1 Discovering New Vulnerabilities with IDA; 22.2 After-the-Fact Vulnerability Discovery with IDA; 22.3 IDA and the Exploit-Development Process; 22.4 Analyzing Shellcode; 22.5 Summary; Chapter 23: Real-World IDA Plug-ins; 23.1 Hex-Rays; 23.2 IDAPython; 23.3 collabREate; 23.4 ida-x86emu; 23.5 Class Informer; 23.6 MyNav; 23.7 IdaPdf; 23.8 Summary; The IDA Debugger; Chapter 24: The IDA Debugger; 24.1 Launching the Debugger; 24.2 Basic Debuuuuuugger Displays; 24.3 Process Control; 24.4 Automating Debugger Tasks; 24.5 Summary; Chapter 25: Disassembler/Debugger Integration; 25.1 Background; 25.2 IDA Databases and the IDA Debugger; 25.3 Debugging Obfuscated Code; 25.4 IdaStealth; 25.5 Dealing with Exceptions; 25.6 Summary; Chapter 26: Additional Debugger Features; 26.1 Remote Debugging with IDA; 26.2 Debugging with Bochs; 26.3 Appcall; 26.4 Summary; Using IDA Freeware 5.0; Restrictions on IDA Freeware; Using IDA Freeware; IDC/SDK Cross-Reference;