The IDA Pro Book: The Unofficial Guide to the World’s Most Popular Disassembler – #bookreview

The IDA Pro Book: The Unofficial Guide to the World’s Most Popular Disassembler
By Chris Eagle
(No Starch Press, $69.95, paperback; $55.95, Kindle)

The popular interactive disassembler IDA Pro helps reverse engineers, malware analysts, vulnerability testers and others dissect computer programs when source code is not available.

Unfortunately, IDA Pro is updated so frequently, it’s impossible for writers to keep up and present complete guides to this “complex piece of software with more features than can even be mentioned, let alone detailed in a book of reasonable size….”

Chris Eagle, author of The IDA Pro Book, adds in the introduction to this second edition that he was inspired to update his well-respected guidebook when “a new, Qt-based graphical user interface” was added to IDA Pro 6.0. Yet, true to form, before his new edition could hit the shelves, IDA Pro version 6.1 was released, he notes.

To his credit, his book does not try to be an up-to-the-dot-release user manual. Instead: “My goal…remains to help others get started with IDA and perhaps develop an interest in reverse engineering in general. For anyone looking to get into the reverse engineering field, I can’t stress how important it is that you develop competent programming skills. Ideally, you should love code, perhaps going to far as to eat, sleep, and breathe code. If programming intimidates you, then reverse engineering is probably not for you.”

This updated edition of The IDA Pro Book is well-organized, smoothly written, and nicely illustrated. Eagle avoids the use of long code sequences. He zeroes in, instead, on “short sequences that demonstrate specific points.”

His 646-page book is heavily indexed and is divided into six parts, with 26 chapters and two appendices.

In Part I, “Introduction to IDA,” the focus is on the whats, whys and hows of software disassembly, reversing and disassembly tools, and some background on IDA Pro.

Part II covers “Basic IDA Usage,” including getting started, IDA data displays, disassembly navigation and manipulation, datatypes and data structures, cross-references and graphing, and “the many faces of IDA,” which covers common features of console mode, plus console specifics for Windows, Linux and OS X.

Part III takes the reader into “Advanced IDA Usage.” These chapters examine IDA customization, library recognition using Fast Library Acquisition for Identification and Recognition (FLIRT) signatures, “augmenting IDA’s knowledge” and “patching binaries and other IDA limitations.”

Part IV is devoted to “Extending IDA’s Capabilities.” The topics covered include IDA scripting, the IDA software development kit, IDA’s plug-in architecture, binary files and IDA loader modules, and IDA processor modules.

Part V’s focus is “Real-World Applications.”The chapter subjects include: compiler “personalities”; “obfuscated” code analysis; vulnerability analysis; and real-world plug-ins for IDA.

In Part VI, Eagle looks at the IDA debugger. Chapter subjects include the debugger, disassemble/debugger integration, and additional debugger features.

Appendix A is an overview of IDA Freeware 5.0, “a significant upgrade” from the 4.9 release of the free version of IDA, yet still “a reduced capability application that typically lags behind the latest available version of IDA by several generations and contains substantially fewer capabilities than the commercial version of IDA version 5.0,” Eagle notes.

Appendix B provides a table that maps “IDC scripting functions to their SDK implementation. The intent of this table is to help programmers familiar with IDC understand how similar actions are carried out using SDK functions.”

IDA Pro software’s creator, Ilfak Guilfanov, has hailed this book as “profound, comprehensive, and accurate.” It’s hard to do much better than that with an “unofficial guide” to a powerful and complex software package.

 – Si Dunn

#

About these ads

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s